M sql/db_generate.sql

- Sec #3137: By default, every installation has an admin account with a known login cookie value. This value is now generated at installation time. M core/authentication_api.php - Fixed spelling error git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2289 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Jan 25, 2004 · cd11e3a · cd11e3a
1 parent 57b93db
commit cd11e3a
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/core/authentication_api.php b/core/authentication_api.php
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: authentication_api.php,v 1.30 2004-01-11 07:16:09 vboctor Exp $
+	# $Id: authentication_api.php,v 1.31 2004-01-25 17:00:13 jlatour Exp $
 	# --------------------------------------------------------
 
 	###########################################################################
@@ -248,7 +248,7 @@ function auth_clear_cookies() {
 
 	# --------------------
 	# Generate a string to use as the identifier for the login cookie
-	# It is not guarranteed to be unique and should be checked
+	# It is not guaranteed to be unique and should be checked
 	# The string returned should be 64 characters in length
 	function auth_generate_cookie_string() {
 		$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );

diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -2,9 +2,10 @@ Mantis ChangeLog
 
 2004.xx.xx  -  0.18.1
 
+ * Sec #3137: By default, every installation has an admin account with a known login cookie value. This value is now generated at installation time.
  * Fix #3177: Switching project in advanced summary changes current page.
  * Fix #3400: Reopen a 'closed' bug, the value of 'resolution' is 'reopen' and can't be changed (now resolution / duplicate id can be edited)
- * Security Fix #3445: User see all information from all projects (if user has access to 0 projects)
+ * Sec #3445: User see all information from all projects (if user has access to 0 projects)
  * Fix #3467: Delete user ends up at user not found error.
  * Fix #3475: Reopen bug to custom status possibility.
  * Fix #3479: Reset account preferences of a user results in reset administrators (current) account.

diff --git a/sql/db_generate.sql b/sql/db_generate.sql
@@ -702,5 +702,5 @@ CREATE TABLE mantis_user_table (
 # Dumping data for table 'mantis_user_table'
 #
 
-INSERT INTO mantis_user_table VALUES (1,'administrator','admin','63a9f0ea7bb98050796b649e85481845','2003-02-16 02:03:48','2003-02-16 02:36:38',1,1,90,3,'MN91uSF/JIhos8bcda8acc2ead8d60749ad019e56b54fadkPGTyoBgNBQf91563');
+INSERT INTO mantis_user_table VALUES (1,'administrator','admin','63a9f0ea7bb98050796b649e85481845','2003-02-16 02:03:48','2003-02-16 02:36:38',1,1,90,3,CONCAT(MD5(RAND()),MD5(NOW())));