View Issue Details

IDProjectCategoryView StatusLast Update
0000425XMB1Bugspublic2011-02-11 09:45
Reportermiqrogroove Assigned Tomiqrogroove  
PriorityhighSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.9.8 SP2 
Target Version1.9.11.11Fixed in Version1.9.11.11 
Summary0000425: Guests Should Not Have Subscription Privileges
DescriptionDue to historic mishandling of the $emailnotify variable in post.php, guests are still allowed to subscribe to threads when replying.

Guests are limited to one subscription per thread as of version 1.9.10, so there are no security concerns for supported versions. Older versions may be vulnerable to flooding.
TagsNo tags attached.
MySQL Version
PHP Version
Web Server
Browser
Flags
Original Reporter
SVN Revision2437

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2011-01-26 22:17 miqrogroove New Issue
2011-01-26 23:41 miqrogroove SVN Revision => 2437
2011-01-26 23:41 miqrogroove Status new => resolved
2011-01-26 23:41 miqrogroove Fixed in Version => 1.9.11.11
2011-01-26 23:41 miqrogroove Resolution open => fixed
2011-01-26 23:41 miqrogroove Assigned To => miqrogroove
2011-02-11 09:45 miqrogroove Status resolved => closed