[mantisbt-commits] [mantisbt/mantisbt] 4362aa: Update match_type parameter to be XSS-safe by itse..

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

  Branch: refs/heads/master
  Home:   https://github.com/mantisbt/mantisbt
  Commit: 4362aa1481ad354dc3c05538aad0f21fa530dd21
      https://github.com/mantisbt/mantisbt/commit/4362aa1481ad354dc3c05538aad0f21fa530dd21
  Author: Damien Regad <dam...@me...>
  Date:   2013-01-20 (Sun, 20 Jan 2013)

  Changed paths:
    M core/filter_api.php
    M search.php
    M view_all_set.php

  Log Message:
  -----------
  Update match_type parameter to be XSS-safe by itself

Use of gpc_get_int() instead of gpc_get_string() prevents malicious
users from passing arbitrary strings as parameter.

Fixes #15388

  Commit: 5f641fc7bc2b6c618b0d056f7a210126e82e8e62
      https://github.com/mantisbt/mantisbt/commit/5f641fc7bc2b6c618b0d056f7a210126e82e8e62
  Author: Damien Regad <dam...@me...>
  Date:   2013-01-20 (Sun, 20 Jan 2013)

  Changed paths:
    M core/filter_api.php

  Log Message:
  -----------
  Display of match_type filter property for unknown types

Prior to this, if for any reason the filter's match type property was
not one of the predefined types (i.e. 'any' or 'all'), the code would
default to 'all', but display a blank string on the filter page. This is
confusing to users, so the display now matches the filter's actual
behavior.

Fixes #15389

Compare: https://github.com/mantisbt/mantisbt/compare/42627a650abc...5f641fc7bc2b

[mantisbt-commits] [mantisbt/mantisbt] 4362aa: Update match_type parameter to be XSS-safe by itse..

[mantisbt-commits] [mantisbt/mantisbt] 4362aa: Update match_type parameter to be XSS-safe by itse...