Anonymous | Login | Signup for a new account

2010-09-02 14:55 EDT

Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories

Changesets: MantisBT		[ Browse ] [ Back to Index ]
master-1.2.x bce955ce Timestamp: 2010-09-02 11:58:37 Author: dhx Committer: David Hicks [ Details ] [ Diff ]	Issue 0012312: Provide patch for NuSOAP XSS fix and update README.libs
	mod - library/README.libs		[ Diff ] [ File ]
	add - library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch		[ Diff ] [ File ]
master c4f0d68e Timestamp: 2010-09-02 11:58:37 Author: dhx Committer: David Hicks [ Details ] [ Diff ]	Issue 0012312: Provide patch for NuSOAP XSS fix and update README.libs
	add - library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch		[ Diff ] [ File ]
	mod - library/README.libs		[ Diff ] [ File ]
master-1.2.x 6b2e7153 Timestamp: 2010-09-02 11:51:21 Author: dhx Committer: David Hicks [ Details ] [ Diff ]	Fix 0012312: NuSOAP web description XSS vulnerability Bogdan Calin from Acunetix discovered a number of XSS vulnerabilities in NuSOAP 0.9.5 (bundled with MantisBT) relating to improperly escaped URLs. A sample exploit URL is: /api/soap/mantisconnect.php?1<ScRiPt>prompt(923395)</ScRiPt> The upstream report for these XSS flaws in NuSOAP is located at the following URL: http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 [^] This patch provides an interim fix for MantisBT users until upstream makes a new release.
	mod - library/nusoap/nusoap.php		[ Diff ] [ File ]
	mod - library/nusoap/class.wsdl.php		[ Diff ] [ File ]
master edb81799 Timestamp: 2010-09-02 11:51:21 Author: dhx Committer: David Hicks [ Details ] [ Diff ]	Fix 0012312: NuSOAP web description XSS vulnerability Bogdan Calin from Acunetix discovered a number of XSS vulnerabilities in NuSOAP 0.9.5 (bundled with MantisBT) relating to improperly escaped URLs. A sample exploit URL is: /api/soap/mantisconnect.php?1<ScRiPt>prompt(923395)</ScRiPt> The upstream report for these XSS flaws in NuSOAP is located at the following URL: http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 [^] This patch provides an interim fix for MantisBT users until upstream makes a new release.
	mod - library/nusoap/nusoap.php		[ Diff ] [ File ]
	mod - library/nusoap/class.wsdl.php		[ Diff ] [ File ]
master 61e90d06 Timestamp: 2010-09-02 08:33:35 Author: atrol Committer: dhx Committer: David Hicks [ Details ] [ Diff ]	Fix #12309: XSS issues when viewing Summary page Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
	mod - core/summary_api.php		[ Diff ] [ File ]
master-1.2.x 085097fc Timestamp: 2010-09-02 08:33:35 Author: atrol Committer: dhx Committer: David Hicks [ Details ] [ Diff ]	Fix #12309: XSS issues when viewing Summary page Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
	mod - core/summary_api.php		[ Diff ] [ File ]
master-1.2.x 2de04c7f Timestamp: 2010-09-01 19:48:42 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix Issue 0012314 Plugin filter rows are broken when more than one row of plugin filters are used.
	mod - core/filter_api.php		[ Diff ] [ File ]
master 41075e5a Timestamp: 2010-09-01 19:48:42 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix Issue 0012314 Plugin filter rows are broken when more than one row of plugin filters are used.
	mod - core/filter_api.php		[ Diff ] [ File ]
master-1.2.x dd5810ec Timestamp: 2010-08-29 18:08:03 Author: siebrand Committer: Siebrand Mazeland [ Details ] [ Diff ]	Localisation updates from http://translatewiki.net [^]
	mod - lang/strings_ripoarisch.txt		[ Diff ] [ File ]
	mod - lang/strings_norwegian_bokmal.txt		[ Diff ] [ File ]
	mod - lang/strings_ukrainian.txt		[ Diff ] [ File ]
	mod - lang/strings_urdu.txt		[ Diff ] [ File ]
	mod - lang/strings_german.txt		[ Diff ] [ File ]
	mod - lang/strings_romanian.txt		[ Diff ] [ File ]
	mod - lang/strings_slovene.txt		[ Diff ] [ File ]
	mod - lang/strings_serbian.txt		[ Diff ] [ File ]
	mod - lang/strings_dutch.txt		[ Diff ] [ File ]
	mod - lang/strings_macedonian.txt		[ Diff ] [ File ]
	mod - lang/strings_chinese_traditional.txt		[ Diff ] [ File ]
	mod - lang/strings_occitan.txt		[ Diff ] [ File ]
master b729d5de Timestamp: 2010-08-27 18:46:01 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix incorrectly named form.
	mod - manage_columns_inc.php		[ Diff ] [ File ]
master-1.2.x 9d56dad2 Timestamp: 2010-08-27 18:25:16 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix 0012304 - If plugins set a params value for plugin filters the values are dropped.
	mod - core/filter_api.php		[ Diff ] [ File ]
master b30ca3b9 Timestamp: 2010-08-27 18:25:16 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix 0012304 - If plugins set a params value for plugin filters the values are dropped.
	mod - core/filter_api.php		[ Diff ] [ File ]
master 7ec1d497 Timestamp: 2010-08-27 17:00:51 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Issue 0011826 - Remove all inline JavaScript from MantisBT (use external scripts instead) Issue 0011995 - Add CSS IDs to html elements for styling and javascript access.
	mod - css/default.css		[ Diff ] [ File ]
	mod - core/html_api.php		[ Diff ] [ File ]
	mod - javascript/dev/common.js		[ Diff ] [ File ]
	mod - javascript/common.js		[ Diff ] [ File ]
master 02aac88d Timestamp: 2010-08-27 07:07:37 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix 0012300 - Logout button hidden behind issue # box
	mod - css/default.css		[ Diff ] [ File ]
	mod - core/html_api.php		[ Diff ] [ File ]
master 839f1d68 Timestamp: 2010-08-25 19:50:24 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix 0006626 - Add text area custom field type. Add column to handle long text input. If the custom field type is TEXTAREA values are inserted into the text field. Otherwise they are inserted into the existing value field. Filters for TEXTAREA custom fields are not populated with existing data. A text box is provided and a LIKE query is performed.
	mod - lang/strings_english.txt		[ Diff ] [ File ]
	mod - core/cfdefs/cfdef_standard.php		[ Diff ] [ File ]
	mod - core/custom_field_api.php		[ Diff ] [ File ]
	mod - core/filter_api.php		[ Diff ] [ File ]
	mod - admin/schema.php		[ Diff ] [ File ]
	mod - config_defaults_inc.php		[ Diff ] [ File ]
	mod - core/constant_inc.php		[ Diff ] [ File ]
master 6b5e037c Timestamp: 2010-08-25 05:31:45 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Bug 0011826, Bug 0011995, Fix invalid html in the view all bug filter. Add divs, classes and id's where necessary to facilitate moving style elements into css and inline javascript into javascript files.
	mod - css/default.css		[ Diff ] [ File ]
	mod - core/filter_api.php		[ Diff ] [ File ]
	mod - javascript/dev/common.js		[ Diff ] [ File ]
	mod - javascript/common.js		[ Diff ] [ File ]
master 99a9d104 Timestamp: 2010-08-25 05:19:23 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	remove border. It is not a valid tr attribute.
	mod - view_all_inc.php		[ Diff ] [ File ]
master c0d22392 Timestamp: 2010-08-25 05:18:44 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Move styles for recently-visited into css. remove html style elements.
	mod - css/default.css		[ Diff ] [ File ]
	mod - core/print_api.php		[ Diff ] [ File ]
master e087425c Timestamp: 2010-08-25 05:10:42 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Bug 0011826 - Remove inline javascript for bug-jump field and put it in common.js. Add css styles for bug-jump.
	mod - css/default.css		[ Diff ] [ File ]
	mod - core/html_api.php		[ Diff ] [ File ]
	mod - javascript/dev/common.js		[ Diff ] [ File ]
	mod - javascript/common.js		[ Diff ] [ File ]
master 60836667 Timestamp: 2010-08-25 04:56:51 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Add missing closing tags.
	mod - core/html_api.php		[ Diff ] [ File ]
master 94c2e872 Timestamp: 2010-08-25 04:56:07 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Use class rather than id for the menu links. They may appear more than once on the page.
	mod - core/html_api.php		[ Diff ] [ File ]
master 5dec982e Timestamp: 2010-08-25 04:54:25 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Remove extra \".
	mod - core/collapse_api.php		[ Diff ] [ File ]
master d5a59a4c Timestamp: 2010-08-25 04:23:31 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix missing space causing validation error.
	mod - core/collapse_api.php		[ Diff ] [ File ]
master 0e504c88 Timestamp: 2010-08-24 14:53:20 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Fix Bug 0012288 - Remove the $j jquery No conflict code and replace with the normal '$' reference for jquery in the bugFilter.js minified file.
	mod - javascript/bugFilter.js		[ Diff ] [ File ]
master a50748bb Timestamp: 2010-08-24 14:24:37 Author: daryn Committer: Daryn Warriner [ Details ] [ Diff ]	Bug 0011995 - Add css id to bugnote row on bug change status page. This should eventually be a div rather than a table row.
	mod - bug_change_status_page.php		[ Diff ] [ File ]
1 2 3 4 5 6 ... 20 ... 40 ... 60 ... 80 ... 100 ... 120 ... 140 ... 160 ... 180 ... 200 ... 220 ... 240 ... 260 ... 280 ... 282 283 284  >>

---

MantisBT 1.2.2 git master-1.2.x[^] Copyright © 2000 - 2010 MantisBT Group Time: 0.1960 seconds. memory usage: 2,038 KB