Re: [Mantisbt-dev] Mantis 0.17.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

At 20:58 17-8-2002 -0400, you wrote:
> > I've been working on 0.17.4, and I more or less have a package ready for
> > release.
> >
> > - I can't find the fix for 'Through manipulation of cookies it is possible
> > to set a user's current project to a private project, and access the 'View
> > Bugs' page.', who fixed that and/or can tell me where I can find the patch?
> > - Were there any other bugs that should be fixed here? I'd like to keep it
> > limited though.
>
>I reported at least one instance of this.  I came up with an ugly hack
>to check the cookie near the beginning of the view_all_bug_page.php file:

Last night, Ken and I rediscovered the bug. Apparantly, it was never fixed, 
not even in CVS.

Ken wrote a project access-check function, which can be used to check the 
project value. I'll add it in a few minutes.

Thanks for your help, and sorry for not telling you this sooner.

Jeroen