Changesets: MantisBT
|
master-2.28 7f527136 2026-04-19 06:01 Details Diff |
Throw error if CF id is not numeric | ||
| mod - return_dynamic_filters.php | Diff File | ||
|
master 6b0a0198 2026-04-18 05:31 Details Diff |
Fix recursion in require_api() and require_lib() Merge PR https://github.com/mantisbt/mantisbt/pull/2207 |
||
| mod - core.php | Diff File | ||
|
master a33ff537 2026-04-17 06:36 Details Diff |
Merge branch 'master-2.28' | ||
| mod - admin/check/check_email_inc.php | Diff File | ||
| mod - admin/check/check_php_inc.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
|
master-2.28 872f853e 2026-04-17 06:34 Details Diff |
Fix PHP supported version admin check When PHP_SUPPORTED_VERSION is defined as X.Y (no patch version), which is the normal use case, and PHP_VERSION is on the minor defined (e.g. 8.5.4 for supported 8.5), the version check incorrectly reports a warning, because 8.5.4 > 8.5. Fixed the check by appending `.999` to the supported version, cover the case when PHP_SUPPORTED_VERSION includes a patch number, and adjust the information message. Fixes 0036540 |
Affected Issues 0036540, 0037024 |
|
| mod - admin/check/check_php_inc.php | Diff File | ||
|
master-2.28 daf676b9 2026-04-17 06:31 Details Diff |
Fix PHP 8.5 deprecation warning in admin checks Using null as an array offset is deprecated, use an empty string instead Fixes 0037023 |
Affected Issues 0037023 |
|
| mod - admin/check/check_email_inc.php | Diff File | ||
|
master 6cb2cc46 2026-04-17 05:58 Details Diff |
Fix static analysis warnings | ||
| mod - proj_doc_add.php | Diff File | ||
| mod - proj_doc_add_page.php | Diff File | ||
|
master 514549f3 2026-04-16 08:07 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_arabic.txt | Diff File | ||
|
master-2.28 1cc10355 2026-04-15 11:30 Committer: dregad Details Diff |
Fix Undefined array key error The tag_bug_get_row() and tag_bug_get_attached() functions generated a PHP error when an unknown issue ID was provided, preventing the proper error message from being displayed. Fixes 0037022, PR https://github.com/mantisbt/mantisbt/pull/2208 |
Affected Issues 0037022 |
|
| mod - core/tag_api.php | Diff File | ||
|
master 34bbf8f5 2026-04-15 11:05 Committer: dregad Details Diff |
Fix require_lib() in the same way Also arrays has been formatted. Fixes 0037018 |
Affected Issues 0037018 |
|
| mod - core.php | Diff File | ||
|
master 3b3a08a6 2026-04-13 08:08 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_luxembourgish.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_upper_sorbian.txt | Diff File | ||
|
master-2.28 44f490bc 2026-04-12 19:40 Details Diff |
Fix XSS in manage_filter_page.php Escape the filter owner for display. Fixes 0037015, GHSA-f633-865q-2mhh |
Affected Issues 0037015 |
|
| mod - manage_filter_page.php | Diff File | ||
|
master e6731f0a 2026-04-12 16:16 Details Diff |
Fix wrong usage of string_display string_display should just be used for - multi line strings / text area - strings where $g_html_valid_tags must be considered Issue 0034465 |
Affected Issues 0034465 |
|
| mod - core/filter_form_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - plugins/XmlImportExport/pages/import.php | Diff File | ||
|
master 03754543 2026-04-12 14:47 Details Diff |
Use string_attribute instead of string_display_line Issue 0034465 |
Affected Issues 0034465 |
|
| mod - account_page.php | Diff File | ||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - account_sponsor_page.php | Diff File | ||
| mod - adm_config_page.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - adm_permissions_report.php | Diff File | ||
| mod - admin/check/check_email_inc.php | Diff File | ||
| mod - api_token_create.php | Diff File | ||
| mod - api_token_revoke.php | Diff File | ||
| mod - api_tokens_page.php | Diff File | ||
| mod - bug_revision_view_page.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - changelog_page.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/mention_api.php | Diff File | ||
| mod - core/prepare_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/summary_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - manage_config_workflow_graph_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - manage_custom_field_page.php | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_plugin_page.php | Diff File | ||
| mod - manage_proj_cat_delete.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - manage_proj_ver_delete.php | Diff File | ||
| mod - manage_tags_page.php | Diff File | ||
| mod - manage_user_edit_page.php | Diff File | ||
| mod - manage_user_page.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - news_list_page.php | Diff File | ||
| mod - print_all_bug_page.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
| mod - proj_doc_delete.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - tag_update_page.php | Diff File | ||
| mod - tag_view_page.php | Diff File | ||
| mod - verify.php | Diff File | ||
| mod - verify_email.php | Diff File | ||
| mod - view_user_page.php | Diff File | ||
|
master-2.28 b1ebc577 2026-04-12 13:22 Details Diff |
Escape redirect page before display to prevent XSS While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leading to HTML injection in the user's browser. Fixes 0037017, GHSA-6jh4-47v2-4g37 |
Affected Issues 0037017 |
|
| mod - tag_update_page.php | Diff File | ||
|
master aa457879 2026-04-12 12:48 Details Diff |
Allow inline display of WebP images Fixes 0026738 |
Affected Issues 0026738 |
|
| mod - file_download.php | Diff File | ||
|
master 87fdaa05 2026-04-12 09:24 Committer: dregad Details Diff |
Fix extra require_once() calls from require_api() To prevent recursive calls to the require_api() function, move the loading flag after require_once() to before it. Fixes 0037018. |
Affected Issues 0037018 |
|
| mod - core.php | Diff File | ||
|
master-2.28 75b10b39 2026-04-11 18:49 Details Diff |
Add CSRF protection to login process Improves security, reducing risk of a vulnerability escalating its impact. As recommended by @siunam in Issue 0037011. |
Affected Issues 0037011, 0037130, 0037135 |
|
| mod - login.php | Diff File | ||
| mod - login_page.php | Diff File | ||
| mod - login_password_page.php | Diff File | ||
|
master-2.28 fa2c797d 2026-04-11 16:16 Details Diff |
Escape font_family in generated style layout_user_font_preference() displayed the user's font_family without proper escaping, leaving the door open for XSS / HTML injection. Fixes 0037011, GHSA-j3v9-553h-x28j |
Affected Issues 0037011 |
|
| mod - core/layout_api.php | Diff File | ||
|
master-2.28 d78b75a5 2026-04-11 15:58 Details Diff |
Abort updating preferences if font is unknown Check that the font_family value exists in the list of available fonts prior to updating the user's preference. If not, we throw an invalid parameter Exception. Fixes 0037011, GHSA-j3v9-553h-x28j |
Affected Issues 0037011 |
|
| mod - account_prefs_update.php | Diff File | ||
|
master-2.28 8fc74f44 2026-04-11 15:55 Details Diff |
Don't overwrite stored font when updating user prefs If the user's chosen font is no longer part of the list of available fonts, we should not overwrite the value when updating user preferences without a conscious user action. Currently, the font is silently changed to the first entry in the selection list. Adding the current font to the selection list if it's not part of it prevents this unwanted behavior. Fixes 0037019 |
Affected Issues 0037019 |
|
| mod - core/print_api.php | Diff File | ||
|
master-2.28 16511e69 2026-04-11 15:48 Details Diff |
New function helper_get_font_list() Currently the retrieval of available fonts families is contained in print_font_option_list() function. We need to be able to get it from other parts of the code. Issue 0037019 |
Affected Issues 0037019 |
|
| mod - core/helper_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
|
master 87d665e8 2026-04-11 14:05 Details Diff |
Update test cases to test using multi-byte characters Fixes 0037008 |
Affected Issues 0037008 |
|
| mod - tests/rest/RestIssueTest.php | Diff File | ||
| mod - tests/soap/IssueAddTest.php | Diff File | ||
| mod - tests/soap/IssueUpdateTest.php | Diff File | ||
|
master-2.28 eef4bb3e 2026-04-11 13:45 Details Diff |
Coding guidelines: use f_ prefix for form vars | ||
| mod - account_prefs_update.php | Diff File | ||
|
master 2c6f1125 2026-04-11 00:36 Details Diff |
REST API: Test cases for user self deletion Fixes 0037012 |
Affected Issues 0037012 |
|
| mod - tests/rest/RestUserTest.php | Diff File | ||
|
master c2caedc7 2026-04-11 00:34 Details Diff |
Update user delete to use UserDeleteCommand Fixes 0037012 |
Affected Issues 0037012 |
|
| mod - account_delete.php | Diff File | ||
