SiT! Bugs - SiT!
View Issue Details
0000507SiT!reportspublic2009-02-19 17:042009-02-27 16:25
ivan 
paulh 
highmajorhave not tried
closedfixed 
 
3.453.45 
0000507: report incidents by engineer does not check input
e.g. $incsql .= "u.id={$_POST['inc'][$i]}";


must be authenticated and have report permission to run though.
security
Issue History
2009-02-19 17:04ivanNew Issue
2009-02-19 17:05ivanTag Attached: security
2009-02-21 14:08paulhStatusnew => assigned
2009-02-21 14:08paulhAssigned To => paulh
2009-02-21 14:22paulhNote Added: 0000647
2009-02-21 14:22paulhStatusassigned => resolved
2009-02-21 14:22paulhResolutionopen => fixed
2009-02-21 14:22paulhFixed in Version => Current SVN
2009-02-27 13:54ivanFixed in VersionCurrent SVN => 3.45
2009-02-27 16:25ivanStatusresolved => closed

Notes
(0000647)
paulh   
2009-02-21 14:22   
r5178 resolves