Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 3.0.12-RC1
Affects Version/s: 3.0.11
Component/s: User Control Panel (UCP)
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb3/pull/1219

Although request_var() takes care of casting user input to the appropriate type, when comparing strings in a security context, it is required to use strict comparison (===). This is because e.g. "10" == "1e1" evaluates to true which might weaken security properties (e.g. when comparing to a random string).

blocks

PHPBB-11327 Implement reset password functionality via form instead of sending password

Unverified Fix

Assignee:: Andreas Fischer [X] (Inactive)

Reporter:: David King [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 25/Jan/13 6:22 PM

Updated:: 22/Jan/17 4:01 PM

Resolved:: 27/Jan/13 10:55 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates