View Issue Details

IDProjectCategoryView StatusLast Update
0027383mantisbtadministrationpublic2021-03-07 13:23
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status assignedResolutionopen 
Target Version2.26.0 
Summary0027383: Move 'test_langs.php' script to admin checks
Description

Following discussion in 0027362, we can get rid of the script while keeping the functionality to help admins check for 3rd-party plugins language files by moving the logic into the Admin checks.

TagsNo tags attached.

Relationships

related to 0027362 closeddregad Sourceforge [admin/test_langs.php] File missing from installation packages ( mantisbt-2.24.3.zip & mantisbt-2.24.3.tar.gz) 

Activities

dregad

dregad

2020-10-08 19:54

developer   ~0064536

Last edited: 2020-10-09 04:02

The script relies on eval() to check the language scripts' syntax.

I'm concerned with this, as this could lead to execution of potentially harmful code (scenario where admin installs a "trojan horse" 3rd-party plugin).
We need to find an alternative approach.