0028533: print_form_button() generates bad security token name for plugin action page

ID	Project	Category	View Status	Date Submitted	Last Update

0028533	mantisbt	bugtracker	public	2021-05-12 12:18	2021-06-05 10:37

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Target Version	2.26.0	Fixed in Version	2.26.0

Summary	0028533: print_form_button() generates bad security token name for plugin action page
Description	When print_form_button() is called with a plugin page (as generated by plugin_page() API) as action, the generated form security field is not valid. For example: `print_form_button( plugin_page( 'detach' ), plugin_lang_get( 'detach' ) );` The security field looks like this: `<input type="hidden" name="/mantis/plugin_token" value="xxxx">` It should be `<input type="hidden" name="plugin_Source_detach_token" value="xxxx">`
Tags	No tags attached.

MantisBT: master a98bd520 2021-05-12 09:20 dregad Details Diff	Fix security token field name for plugin pages When print_form_button() was called with a plugin page (as generated by the plugin_page() API function) as p_action_page parameter, the form security field's name is not valid. We now detect whether $p_action_page is a plugin page (i.e. script name is 'plugin.php') and if so generate a valid security token name from the 'page' parameter. Fixes 0028533		Affected Issues 0028533
	mod - core/print_api.php		Diff File

dregad 2021-05-13 05:49 developer ~0065504	PR https://mantisbt.org/bugs/view.php?id=28533