Bug Id

Reporter

Michael von KÃƒÂ¤nel

Product/Version

Bugdar / 1.1.1

Status

Closed

Severity

Critical

Duplicate Of

- none -

Fixed in Revision

1248

Mstone

Summary

Report Time

October 12, 2006 02:30 PM

Assignment

Robert

Resolution

Fixed

Priority

Normal

Dependencies

- none -

Mstone (old)

Votes

For: 0 (0%)

Against: 0 (0%)

Total: 0

October 12, 2006 02:30 PM Michael von KÃƒÂ¤nel

Try add this one:
'; INSERT INTO `user` ( `userid` , `email` , `displayname` , `usergroupid` , `password` , `salt` , `authkey` , `showemail` , `showcolors` , `languageid` , `timezone` , `usedst` , `hidestatuses` , `defaultsortkey` , `defaultsortas` ) VALUES ('', 'got', 'you', '0', '', '', '', '0', NULL , '0', '0', '0', '', NULL , NULL); -- '

On October 12, 2006 06:17 PM, Robert changed:

Hidden from "0" to "1"
Status from "Unconfirmed" to "Confirmed"

October 12, 2006 06:17 PM Robert

Confirmed and marking security issue (hidden).

October 12, 2006 08:01 PM Robert

I'm now in the process of auditing all the Bugdar code. A 1.1.2 release will be issued promptly once the code is security checked and retested. Thank you for bringing this to my attention.

October 13, 2006 12:31 AM Robert

Thank you for your bug report. This issue has been closed and fixed in Subversion. This change will be available in a future release, but you can download the change at any time from the Subversion server.

On October 13, 2006 12:31 AM, Robert changed:

Status from "Confirmed" to "Closed"
Resolution from "Open" to "Fixed"
Fixed in Revision from "" to "1248"

October 13, 2006 12:50 AM Robert

Bugdar 1.1.2 is now released with this and two other security issues resolved. Unmarking as security and making visible.

On October 13, 2006 12:50 AM, Robert changed:

Hidden from "1" to ""