php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16312 (SECURITY) Non-CVS users can set statys to anything (including Critical)
Submitted: 2002-03-27 11:30 UTC Modified: 2002-05-12 14:01 UTC
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nopman at hackermail dot com
New email:
PHP Version: OS:

 

 [2002-03-27 11:30 UTC] nopman at hackermail dot com
I read the sources of this error reporting page and found
out that you correctly provide list of available
State-options, but you do not validate the input.

So one can make their own form and add there to be options
for Critical,Analyzed etc.

I'm pretty sure that it works, but i'll test it with this report.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-27 11:33 UTC] nopman at hackermail dot com
Trying to set this as Critical.

"NopMan"
 [2002-03-27 11:34 UTC] nopman at hackermail dot com
Damn!! It worked!!!!
 [2002-03-27 12:39 UTC] sander@php.net
Hm... another bug in this system... you can also fake @php.net addresses.
This is critical indeed :)
 [2002-05-12 13:18 UTC] derick@php.net
TOUCH
 [2002-05-12 14:01 UTC] jimw@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/. 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Oct 04 09:01:27 2024 UTC