View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0027351||mantisbt||bugtracker||public||2020-09-26 06:44||2020-12-30 07:30|
|Summary||0027351: Prevent updating Issue with invalid values for ETA and Projection|
Apologize for the summary I am not sure for that one but If I am correct I also read the same issues (where someting about SQL syntax and prints
I am just playing with the config (and I am looking for the config to turn on the repository but no luck)
If I am not mistaken I read some issues where it prints
|Steps To Reproduce|
In case you need a PoC please mention it (can't upload attachment due to internet issue..)
|Tags||No tags attached.|
Hello ! I didn't notice the
If the case is I shouldn't open
My payload here is
The display of
I am not able to reproduce your @32767@ scenario; when a value bigger than max for smallint type, I get a MySQL error 1264: Out of range value for column 'eta' .
As it stands I wouldn't consider this as a bug..
I don't edit the
This one I don't consider as a security issue, as the only impact is storing some data that cannot be rendered by Mantis.
Nevertheless, I will implement a fix to prevent updating the Issue record with ETA data that is not defined in the enum string; an error message will be thrown in this case.
There was some argument from @vboctor during code review:
Considering the above, and the fact that this is not really a security issue, although it could introduce data inconsistency (but that is quite visible in the UI as the invalid entries are shown as
MantisBT: master e5a44f81
2020-12-28 19:22:18Details Diff
|BugData::_set() handle eta as int
The eta field was not included in the switch, so was dealt with by the
default case and treated as string while it is in fact an enum and
should be handled as int.
|mod - core/bug_api.php||Diff File|