3 Oct 19:36
SF.net SVN: mantisbt:[5628] trunk/mantisbt
From: <nuclear_eclipse@...>
Subject: SF.net SVN: mantisbt:[5628] trunk/mantisbt
Newsgroups: gmane.comp.bug-tracking.mantis.cvs
Date: 2008-10-03 17:37:07 GMT
Subject: SF.net SVN: mantisbt:[5628] trunk/mantisbt
Newsgroups: gmane.comp.bug-tracking.mantis.cvs
Date: 2008-10-03 17:37:07 GMT
Revision: 5628
http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5628&view=rev
Author: nuclear_eclipse
Date: 2008-10-03 17:37:06 +0000 (Fri, 03 Oct 2008)
Log Message:
-----------
Move all form_security_validate() calls before any processing happens.
Modified Paths:
--------------
trunk/mantisbt/bug_report.php
trunk/mantisbt/bug_update.php
trunk/mantisbt/manage_config_email_set.php
trunk/mantisbt/manage_config_revert.php
trunk/mantisbt/manage_custom_field_create.php
trunk/mantisbt/manage_custom_field_delete.php
trunk/mantisbt/manage_custom_field_proj_add.php
trunk/mantisbt/manage_custom_field_update.php
trunk/mantisbt/manage_proj_cat_add.php
trunk/mantisbt/manage_proj_cat_copy.php
trunk/mantisbt/manage_proj_cat_delete.php
trunk/mantisbt/manage_proj_cat_update.php
trunk/mantisbt/manage_proj_create.php
trunk/mantisbt/manage_proj_custom_field_add_existing.php
trunk/mantisbt/manage_proj_custom_field_copy.php
trunk/mantisbt/manage_proj_custom_field_remove.php
trunk/mantisbt/manage_proj_custom_field_update.php
trunk/mantisbt/manage_proj_delete.php
trunk/mantisbt/manage_proj_subproj_add.php
trunk/mantisbt/manage_proj_subproj_delete.php
trunk/mantisbt/manage_proj_update.php
trunk/mantisbt/manage_proj_update_children.php
trunk/mantisbt/manage_proj_user_add.php
trunk/mantisbt/manage_proj_user_copy.php
trunk/mantisbt/manage_proj_user_remove.php
trunk/mantisbt/manage_proj_ver_add.php
trunk/mantisbt/manage_proj_ver_copy.php
trunk/mantisbt/manage_proj_ver_delete.php
trunk/mantisbt/manage_proj_ver_update.php
trunk/mantisbt/manage_user_create.php
trunk/mantisbt/manage_user_delete.php
trunk/mantisbt/manage_user_proj_add.php
trunk/mantisbt/manage_user_reset.php
trunk/mantisbt/manage_user_update.php
trunk/mantisbt/news_edit_page.php
trunk/mantisbt/tag_delete.php
trunk/mantisbt/tag_detach.php
Modified: trunk/mantisbt/bug_report.php
===================================================================
--- trunk/mantisbt/bug_report.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/bug_report.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -35,7 +35,7 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
- # helper_ensure_post();
+ form_security_validate( 'bug_report' );
access_ensure_project_level( config_get('report_bug_threshold' ) );
@@ -131,8 +131,6 @@
# Allow plugins to pre-process bug data
$t_bug_data = event_signal( 'EVENT_REPORT_BUG_DATA', $t_bug_data );
- form_security_validate( 'bug_report' );
-
# Create the bug
$t_bug_id = bug_create( $t_bug_data );
Modified: trunk/mantisbt/bug_update.php
===================================================================
--- trunk/mantisbt/bug_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/bug_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -34,6 +34,8 @@
require_once( $t_core_path.'bugnote_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
+ form_security_validate( 'bug_update' );
+
$f_bug_id = gpc_get_int( 'bug_id' );
$f_update_mode = gpc_get_bool( 'update_mode', FALSE ); # set if called from generic update page
$f_new_status = gpc_get_int( 'status', bug_get_field( $f_bug_id, 'status' ) );
@@ -148,8 +150,6 @@
}
}
- form_security_validate( 'bug_update' );
-
$t_notify = true;
$t_bug_note_set = false;
if ( ( $t_old_bug_status != $t_bug_data->status ) && ( FALSE == $f_update_mode ) ) {
Modified: trunk/mantisbt/manage_config_email_set.php
===================================================================
--- trunk/mantisbt/manage_config_email_set.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_config_email_set.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -29,10 +29,10 @@
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'email_api.php' );
+ form_security_validate('manage_config_email_set');
+
auth_reauthenticate();
- form_security_validate('manage_config_email_set');
-
$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access(
'default_notify_flags' ) );
access_ensure_project_level( $t_can_change_level );
Modified: trunk/mantisbt/manage_config_revert.php
===================================================================
--- trunk/mantisbt/manage_config_revert.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_config_revert.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -28,6 +28,8 @@
$t_core_path = config_get( 'core_path' );
+ form_security_validate('manage_config_revert');
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project', 0 );
@@ -51,15 +53,13 @@
string_html_specialchars( implode( ', ', $t_revert_vars ) ) . ' ' . lang_get( 'in_project' ) . ' ' .
project_get_name( $f_project_id ),
lang_get( 'delete_config_button' ) );
- form_security_validate('manage_config_revert');
-
foreach ( $t_revert_vars as $t_revert ) {
config_delete( $t_revert, null , $f_project_id );
}
-
- form_security_purge('manage_config_revert');
}
+ form_security_purge('manage_config_revert');
+
$t_redirect_url = $f_return;
html_page_top1();
Modified: trunk/mantisbt/manage_custom_field_create.php
===================================================================
--- trunk/mantisbt/manage_custom_field_create.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_custom_field_create.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,10 +30,9 @@
require_once( $t_core_path.'custom_field_api.php' );
- auth_reauthenticate();
-
form_security_validate('manage_custom_field_create');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
$f_name = gpc_get_string( 'name' );
Modified: trunk/mantisbt/manage_custom_field_delete.php
===================================================================
--- trunk/mantisbt/manage_custom_field_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_custom_field_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,8 +30,9 @@
require_once( $t_core_path.'custom_field_api.php' );
- auth_reauthenticate();
+ form_security_validate('manage_custom_field_delete');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
$f_field_id = gpc_get_int( 'field_id' );
@@ -49,8 +50,6 @@
lang_get( 'field_delete_button' ) );
}
- form_security_validate('manage_custom_field_delete');
-
custom_field_destroy( $f_field_id );
form_security_purge('manage_custom_field_delete');
Modified: trunk/mantisbt/manage_custom_field_proj_add.php
===================================================================
--- trunk/mantisbt/manage_custom_field_proj_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_custom_field_proj_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,10 +26,10 @@
*/
require_once( 'core.php' );
+ form_security_validate('manage_custom_field_proj_add');
+
auth_reauthenticate();
- form_security_validate('manage_custom_field_proj_add');
-
$f_field_id = gpc_get_int( 'field_id' );
$f_project_id = gpc_get_int_array( 'project_id', array() );
$f_sequence = gpc_get_int( 'sequence' );
Modified: trunk/mantisbt/manage_custom_field_update.php
===================================================================
--- trunk/mantisbt/manage_custom_field_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_custom_field_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,10 +30,9 @@
require_once( $t_core_path.'custom_field_api.php' );
- auth_reauthenticate();
-
form_security_validate('manage_custom_field_update');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
$f_field_id = gpc_get_int( 'field_id' );
Modified: trunk/mantisbt/manage_proj_cat_add.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_cat_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'category_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_cat_add' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_name = gpc_get_string( 'name' );
Modified: trunk/mantisbt/manage_proj_cat_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_copy.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_cat_copy.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'category_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_cat_copy' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_other_project_id = gpc_get_int( 'other_project_id' );
$f_copy_from = gpc_get_bool( 'copy_from' );
Modified: trunk/mantisbt/manage_proj_cat_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_cat_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'category_api.php' );
+ form_security_validate( 'manage_proj_cat_delete' );
+
auth_reauthenticate();
$f_category_id = gpc_get_string( 'id' );
@@ -50,7 +52,6 @@
helper_ensure_confirmed( sprintf( lang_get( 'category_delete_sure_msg' ), $t_name, $t_bug_count ),
lang_get( 'delete_category_button' ) );
- form_security_validate( 'manage_proj_cat_delete' );
category_remove( $f_category_id );
form_security_purge( 'manage_proj_cat_delete' );
Modified: trunk/mantisbt/manage_proj_cat_update.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_cat_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'category_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_cat_update' );
+ auth_reauthenticate();
+
$f_category_id = gpc_get_int( 'category_id' );
$f_project_id = gpc_get_int( 'project_id', ALL_PROJECTS );
$f_name = trim( gpc_get_string( 'name' ) );
Modified: trunk/mantisbt/manage_proj_create.php
===================================================================
--- trunk/mantisbt/manage_proj_create.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_create.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,9 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_create' );
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'create_project_threshold' ) );
$f_name = gpc_get_string( 'name' );
Modified: trunk/mantisbt/manage_proj_custom_field_add_existing.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_add_existing.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_custom_field_add_existing.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'custom_field_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_custom_field_add_existing' );
+ auth_reauthenticate();
+
$f_field_id = gpc_get_int( 'field_id' );
$f_project_id = gpc_get_int( 'project_id' );
Modified: trunk/mantisbt/manage_proj_custom_field_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_copy.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_custom_field_copy.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,9 +26,10 @@
*/
require_once('core.php');
- auth_reauthenticate();
form_security_validate( 'manage_proj_custom_field_copy' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_other_project_id = gpc_get_int( 'other_project_id' );
$f_copy_from = gpc_get_bool( 'copy_from' );
Modified: trunk/mantisbt/manage_proj_custom_field_remove.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_remove.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_custom_field_remove.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'custom_field_api.php' );
+ form_security_validate( 'manage_proj_custom_field_remove' );
+
auth_reauthenticate();
$f_field_id = gpc_get_int( 'field_id' );
@@ -55,7 +57,6 @@
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
}
- form_security_validate( 'manage_proj_custom_field_remove' );
custom_field_unlink( $f_field_id, $f_project_id );
form_security_purge( 'manage_proj_custom_field_remove' );
Modified: trunk/mantisbt/manage_proj_custom_field_update.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_custom_field_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'custom_field_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_custom_field_update' );
+ auth_reauthenticate();
+
$f_field_id = gpc_get_int( 'field_id' );
$f_project_id = gpc_get_int( 'project_id' );
$f_sequence = gpc_get_int( 'sequence' );
Modified: trunk/mantisbt/manage_proj_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,6 +26,8 @@
*/
require_once( 'core.php' );
+ form_security_validate( 'manage_proj_delete' );
+
auth_reauthenticate();
$f_project_id = gpc_get_int( 'project_id' );
@@ -38,8 +40,8 @@
'<br/>' . lang_get( 'project_name' ) . ': ' . $t_project_name,
lang_get( 'project_delete_button' ) );
- form_security_validate( 'manage_proj_delete' );
project_delete( $f_project_id );
+
form_security_purge( 'manage_proj_delete' );
# Don't leave the current project set to a deleted project -
Modified: trunk/mantisbt/manage_proj_subproj_add.php
===================================================================
--- trunk/mantisbt/manage_proj_subproj_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_subproj_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -28,9 +28,10 @@
$t_core_path = config_get( 'core_path' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_subproj_add' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_subproject_id = gpc_get_int( 'subproject_id' );
Modified: trunk/mantisbt/manage_proj_subproj_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_subproj_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_subproj_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -28,9 +28,10 @@
$t_core_path = config_get( 'core_path' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_subproj_delete' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_subproject_id = gpc_get_int( 'subproject_id' );
Modified: trunk/mantisbt/manage_proj_update.php
===================================================================
--- trunk/mantisbt/manage_proj_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,9 +26,10 @@
*/
require_once( 'core.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_update' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_name = gpc_get_string( 'name' );
$f_description = gpc_get_string( 'description' );
Modified: trunk/mantisbt/manage_proj_update_children.php
===================================================================
--- trunk/mantisbt/manage_proj_update_children.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_update_children.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'project_hierarchy_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_update_children' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );
Modified: trunk/mantisbt/manage_proj_user_add.php
===================================================================
--- trunk/mantisbt/manage_proj_user_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_user_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,9 +26,10 @@
*/
require_once( 'core.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_user_add' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_user_id = gpc_get_int_array( 'user_id', array() );
$f_access_level = gpc_get_int( 'access_level' );
Modified: trunk/mantisbt/manage_proj_user_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_user_copy.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_user_copy.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,9 +26,10 @@
*/
require_once( 'core.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_user_copy' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_other_project_id = gpc_get_int( 'other_project_id' );
$f_copy_from = gpc_get_bool( 'copy_from' );
Modified: trunk/mantisbt/manage_proj_user_remove.php
===================================================================
--- trunk/mantisbt/manage_proj_user_remove.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_user_remove.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,8 +26,8 @@
*/
require_once( 'core.php' );
+ form_security_validate( 'manage_proj_user_remove' );
auth_reauthenticate();
- form_security_validate( 'manage_proj_user_remove' );
$f_project_id = gpc_get_int( 'project_id' );
$f_user_id = gpc_get_int( 'user_id', 0 );
Modified: trunk/mantisbt/manage_proj_ver_add.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_ver_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'version_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_ver_add' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_version = gpc_get_string( 'version' );
$f_add_and_edit = gpc_get_bool( 'add_and_edit_version' );
Modified: trunk/mantisbt/manage_proj_ver_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_copy.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_ver_copy.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'version_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_ver_copy' );
+ auth_reauthenticate();
+
$f_project_id = gpc_get_int( 'project_id' );
$f_other_project_id = gpc_get_int( 'other_project_id' );
$f_copy_from = gpc_get_bool( 'copy_from' );
Modified: trunk/mantisbt/manage_proj_ver_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_ver_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'version_api.php' );
+ form_security_validate( 'manage_proj_ver_delete' );
+
auth_reauthenticate();
$f_version_id = gpc_get_int( 'version_id' );
@@ -44,8 +46,8 @@
'<br/>' . lang_get( 'version' ) . ': ' . $t_version_info->version,
lang_get( 'delete_version_button' ) );
- form_security_validate( 'manage_proj_ver_delete' );
version_remove( $f_version_id );
+
form_security_purge( 'manage_proj_ver_delete' );
html_page_top1();
Modified: trunk/mantisbt/manage_proj_ver_update.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_proj_ver_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,9 +30,10 @@
require_once( $t_core_path.'version_api.php' );
- auth_reauthenticate();
form_security_validate( 'manage_proj_ver_update' );
+ auth_reauthenticate();
+
$f_version_id = gpc_get_int( 'version_id' );
$t_version = version_get( $f_version_id );
Modified: trunk/mantisbt/manage_user_create.php
===================================================================
--- trunk/mantisbt/manage_user_create.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_user_create.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,6 +30,8 @@
require_once( $t_core_path.'email_api.php' );
+ form_security_validate( 'manage_user_create' );
+
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
@@ -79,8 +81,6 @@
}
}
- form_security_validate( 'manage_user_create' );
-
$t_cookie = user_create( $f_username, $f_password, $f_email, $f_access_level, $f_protected,
$f_enabled, $t_realname );
form_security_purge( 'manage_user_create' );
Modified: trunk/mantisbt/manage_user_delete.php
===================================================================
--- trunk/mantisbt/manage_user_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_user_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,8 +26,9 @@
*/
require_once( 'core.php' );
- auth_reauthenticate();
+ form_security_validate('manage_user_delete');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$f_user_id = gpc_get_int( 'user_id' );
@@ -38,8 +39,6 @@
'<br/>' . lang_get( 'username' ) . ': ' . $t_user['username'],
lang_get( 'delete_account_button' ) );
- form_security_validate('manage_user_delete');
-
user_delete( $f_user_id );
form_security_purge('manage_user_delete');
Modified: trunk/mantisbt/manage_user_proj_add.php
===================================================================
--- trunk/mantisbt/manage_user_proj_add.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_user_proj_add.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,10 +26,10 @@
*/
require_once( 'core.php' );
+ form_security_validate('manage_user_proj_add');
+
auth_reauthenticate();
- form_security_validate('manage_user_proj_add');
-
$f_user_id = gpc_get_int( 'user_id' );
$f_access_level = gpc_get_int( 'access_level' );
$f_project_id = gpc_get_int_array( 'project_id', array() );
Modified: trunk/mantisbt/manage_user_reset.php
===================================================================
--- trunk/mantisbt/manage_user_reset.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_user_reset.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -26,10 +26,9 @@
*/
require_once( 'core.php' );
- auth_reauthenticate();
-
form_security_validate('manage_user_reset');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$f_user_id = gpc_get_int( 'user_id' );
Modified: trunk/mantisbt/manage_user_update.php
===================================================================
--- trunk/mantisbt/manage_user_update.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/manage_user_update.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -30,10 +30,9 @@
require_once( $t_core_path.'email_api.php' );
- auth_reauthenticate();
-
form_security_validate('manage_user_update');
+ auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$f_protected = gpc_get_bool( 'protected' );
Modified: trunk/mantisbt/news_edit_page.php
===================================================================
--- trunk/mantisbt/news_edit_page.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/news_edit_page.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -37,6 +37,8 @@
# If deleting item redirect to delete script
if ( 'delete' == $f_action ) {
+ form_security_validate( 'news_delete' );
+
$row = news_get_row( $f_news_id );
# This check is to allow deleting of news items that were left orphan due to bug #3723
@@ -46,9 +48,10 @@
helper_ensure_confirmed( lang_get( 'delete_news_sure_msg' ), lang_get(
'delete_news_item_button' ) );
- form_security_validate( 'news_delete' );
news_delete( $f_news_id );
+
form_security_purge( 'news_delete' );
+
print_header_redirect( 'news_menu_page.php', true );
}
Modified: trunk/mantisbt/tag_delete.php
===================================================================
--- trunk/mantisbt/tag_delete.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/tag_delete.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -29,6 +29,8 @@
require_once( $t_core_path . 'tag_api.php' );
+ form_security_validate( 'tag_delete' );
+
access_ensure_global_level( config_get( 'tag_edit_threshold' ) );
$f_tag_id = gpc_get_int( 'tag_id' );
@@ -36,8 +38,8 @@
helper_ensure_confirmed( lang_get( 'tag_delete_message' ), lang_get( 'tag_delete_button' ) );
- form_security_validate( 'tag_delete' );
tag_delete( $f_tag_id );
+
form_security_purge( 'tag_delete' );
print_successful_redirect( config_get( 'default_home_page' ) );
Modified: trunk/mantisbt/tag_detach.php
===================================================================
--- trunk/mantisbt/tag_detach.php 2008-10-03 15:23:41 UTC (rev 5627)
+++ trunk/mantisbt/tag_detach.php 2008-10-03 17:37:06 UTC (rev 5628)
@@ -29,11 +29,13 @@
require_once( $t_core_path . 'tag_api.php' );
+ form_security_validate( 'tag_detach' );
+
$f_tag_id = gpc_get_int( 'tag_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
- form_security_validate( 'tag_detach' );
tag_bug_detach( $f_tag_id, $f_bug_id );
+
form_security_purge( 'tag_detach' );
print_successful_redirect_to_bug( $f_bug_id );
This was sent by the SourceForge.net collaborative development platform, the world's largest Open
Source development site.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
RSS Feed