--- mantis-0.19.2.orig/login_page.php
+++ mantis-0.19.2/login_page.php
@@ -139,13 +139,13 @@
}
}
- # Check if the admin directory is available and is readable.
- $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
- if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
- echo '
', "\n";
- echo '
WARNING: Admin directory should be removed.
', "\n";
- echo '
', "\n";
- }
+# # Check if the admin directory is available and is readable.
+# $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
+# if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
+# echo '', "\n";
+# echo '
WARNING: Admin directory should be removed.
', "\n";
+# echo '
', "\n";
+# }
?>
--- mantis-0.19.2.orig/core/database_api.php
+++ mantis-0.19.2/core/database_api.php
@@ -6,9 +6,16 @@
# See the README and LICENSE files for details
# --------------------------------------------------------
- # $Id: database_api.php,v 1.38 2004/12/09 18:55:06 thraxisp Exp $
+ # $Id: database_api.php,v 1.5.2.1 2005/08/16 21:38:27 bengen Exp $
# --------------------------------------------------------
+ #
+ # Patch for #0005956: Database system scanner via variable poisoning
+ #
+
+ if (isset($_REQUEST["g_db_type"]))
+ die("");
+
### Database ###
# This is the general interface for all database calls.
--- mantis-0.19.2.orig/core/filter_api.php
+++ mantis-0.19.2/core/filter_api.php
@@ -753,7 +753,7 @@
?>
-