Bug #1077
Post key not checked for attachment management
| Status: | Closed | Start date: | 07/11/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Huji Lee | % Done: | 100% | |
| Category: | Attachments | |||
| Target version: | 1.4.14 | |||
| Reproducibility: | Always | Database Type: | ||
| Reported In MyBB Version: | 1.4.13 | Database Version: | ||
| PHP Version: | SQA assignments: | |||
| Browser: |
Description
Post keys in editpost/newreply/newthread are checked after the attachment management code is run (upload/remove attachment). For editpost, could allow unauthorised adding/removing of attachments.
History
#1 Updated by Huji Lee almost 3 years ago
- Status changed from New to Assigned
- Assignee set to Huji Lee
- Target version set to 1.4.14
Due to its importance in terms of security, I'm fixing it in 1.4 branch as well.
#2 Updated by Huji Lee almost 3 years ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Applied in changeset r5087.
#3 Updated by Stefan T. almost 3 years ago
- Status changed from Resolved to Closed
- Reproducibility changed from Often to Always