View Issue Details

IDProjectCategoryView StatusLast Update
0027299mantisbtcode cleanuppublic2020-09-25 14:53
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.24.3Fixed in Version2.24.3 
Summary0027299: Remove code duplication in File API
Description

file_can_view_bug_attachments() and file_can_download_bug_attachments() have nearly identical code, the only difference being the names of the configs.

A new function should be added to avoid code duplication.

TagsNo tags attached.

Relationships

related to 0027039 closeddregad CVE-2020-25781: Access to private bug note attachments 

Activities

dregad

dregad

2020-09-19 10:27

developer   ~0064453

Last edited: 2020-09-19 10:27

Targeting 2.24.3 as this is a prerequisite to fix 0027039.

Related Changesets

MantisBT: master-2.24 90b83956

2020-09-12 12:04

dregad


Details Diff
New file_can_view_or_download() function

file_can_view_bug_attachments() and file_can_download_bug_attachments()
have nearly identical code, the only difference being the names of the
configs.

Adding a new internal File API function to avoid code duplication.

Fixes 0027299
Affected Issues
0027299
mod - core/file_api.php Diff File