Hi, I'm new on this forum, but I'm using Mantis since the 0.17
I've been interesting myself on security problems, and found
an old august post. I've some beginner questions, which may be
obvious or out to date :-)
First, what does this "security" was about ? For the different
users' status ? (for example allowing to view the page, using
a function, etc)
Second : Jeroen Latour wrote :
"Secondly, we migrate to $_GET/$_POST/$_COOKIE for all f_
$_REQUEST if a variable can be either from GET or POST), get
the configuration settings using a function (i.e. config_get)
and the server variables from $_SERVER"
I've seen such an implementation begin in the 0.17.2 (or .3 ?)
I think. Could you give an example of concrete "before /
after" code in Mantis ?
Acc=E9dez au courrier =E9lectronique de La Poste : http://www.laposte.net ; 3615 LAPOSTENET (0,13 =80/mn) ; t=E9l : 08 92 68 13 50 (0,34=80/mn)"