From: GitHub <no...@gi...> - 2013-01-20 12:05:54
|
Branch: refs/heads/master Home: https://github.com/mantisbt/mantisbt Commit: 4362aa1481ad354dc3c05538aad0f21fa530dd21 https://github.com/mantisbt/mantisbt/commit/4362aa1481ad354dc3c05538aad0f21fa530dd21 Author: Damien Regad <dam...@me...> Date: 2013-01-20 (Sun, 20 Jan 2013) Changed paths: M core/filter_api.php M search.php M view_all_set.php Log Message: ----------- Update match_type parameter to be XSS-safe by itself Use of gpc_get_int() instead of gpc_get_string() prevents malicious users from passing arbitrary strings as parameter. Fixes #15388 Commit: 5f641fc7bc2b6c618b0d056f7a210126e82e8e62 https://github.com/mantisbt/mantisbt/commit/5f641fc7bc2b6c618b0d056f7a210126e82e8e62 Author: Damien Regad <dam...@me...> Date: 2013-01-20 (Sun, 20 Jan 2013) Changed paths: M core/filter_api.php Log Message: ----------- Display of match_type filter property for unknown types Prior to this, if for any reason the filter's match type property was not one of the predefined types (i.e. 'any' or 'all'), the code would default to 'all', but display a blank string on the filter page. This is confusing to users, so the display now matches the filter's actual behavior. Fixes #15389 Compare: https://github.com/mantisbt/mantisbt/compare/42627a650abc...5f641fc7bc2b |