PHP :: Bug #16312 :: (SECURITY) Non-CVS users can set statys to anything (including Critical)

Bug #16312	(SECURITY) Non-CVS users can set statys to anything (including Critical)
Submitted:	2002-03-27 11:30 UTC	Modified:	2002-05-12 14:01 UTC
From:	nopman at hackermail dot com	Assigned:
Status:	Closed	Package:	Website problem
PHP Version:	4.1.2	OS:	Unix
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-03-27 11:30 UTC] nopman at hackermail dot com

I read the sources of this error reporting page and found
out that you correctly provide list of available
State-options, but you do not validate the input.

So one can make their own form and add there to be options
for Critical,Analyzed etc.

I'm pretty sure that it works, but i'll test it with this report.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-27 11:33 UTC] nopman at hackermail dot com

Trying to set this as Critical.

"NopMan"

[2002-03-27 11:34 UTC] nopman at hackermail dot com

Damn!! It worked!!!!

[2002-03-27 12:39 UTC] sander@php.net

Hm... another bug in this system... you can also fake @php.net addresses.
This is critical indeed :)

[2002-05-12 13:18 UTC] derick@php.net

TOUCH

[2002-05-12 14:01 UTC] jimw@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/. 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 13:01:28 2024 UTC