justdave%syndicomm.com 2d28f97361 SECURITY FIX see bug 108385: Due to trusting of passed form fields that shouldn't have been trusted, it was possible to add a comment to a bug pretending to be someone else if you edited the HTML by hand before submitting. The bug form did not include the field in question, but due to legacy processing code, the field was still trusted if it was present. ...

Patch by Dave Miller <justdave@syndicomm.com>
r= jake x2


git-svn-id: svn://10.0.0.236/trunk@107350 18797224-902f-48f8-a5cc-f745e15eee43

2001-11-05 20:47:17 +00:00

51 KiB

Executable File

Raw Blame History

View Raw