2015-04-19 20:47 EDT

Changesets: MantisBT

Search ] Browse ] Back to Index ]
master cd8c758f
Timestamp: 2015-04-18 19:07:38
Author: dregad
Details ] Diff ]
Email validation

- PHPMailer upgrade to 5.2.9
- Use standard HTML5 regex both for validation and parsing
- Add logging to email_is_valid()
- Don't sanitize user email prior to validation

Pull Request https://github.com/mantisbt/mantisbt/pull/172 [^]
mod - config_defaults_inc.php Diff ] File ]
mod - core/email_api.php Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/email.xml Diff ] File ]
mod - library/README.libs Diff ] File ]
mod - library/phpmailer Diff ] File ]
master 789c71c7
Timestamp: 2015-04-18 18:38:13
Author: dregad
Details ] Diff ]
Update securimage captcha library to 3.5.4

Fixes 0019636
mod - library/README.libs Diff ] File ]
mod - library/securimage Diff ] File ]
master 0dae416a
Timestamp: 2015-04-18 18:37:23
Author: dregad
Details ] Diff ]
Fixing link to disposable library in README.libs
mod - library/README.libs Diff ] File ]
master ba6b8422
Timestamp: 2015-04-18 12:22:44
Author: vboctor
Details ] Diff ]
Anti-spam check when uploading files

Fixes #19261
mod - core/file_api.php Diff ] File ]
master 6a90613f
Timestamp: 2015-04-18 12:19:43
Author: vboctor
Details ] Diff ]
Update phpdoc for uses antispam_api
mod - core/bug_api.php Diff ] File ]
mod - core/bugnote_api.php Diff ] File ]
mod - core/tag_api.php Diff ] File ]
master 56859c9e
Timestamp: 2015-04-18 12:18:10
Author: vboctor
Details ] Diff ]
Rename spam_check() to antispam_check()

This matches our naming convention for APIs.
mod - core/antispam_api.php Diff ] File ]
mod - core/bug_api.php Diff ] File ]
mod - core/bugnote_api.php Diff ] File ]
mod - core/tag_api.php Diff ] File ]
master 0ed1d2d9
Timestamp: 2015-04-18 03:23:13
Author: vboctor
Details ] Diff ]
Fix required custom field not set on update

Users without write access to a required custom field can't update issue at all.

If there is a custom field that is marked as required-on-update with write access set to MANAGER.
Then developers who can update the issue, can no longer update it, otherwise,
they get error about required custom field not set.

Fixes 0019634
mod - bug_update.php Diff ] File ]
master 292db255
Timestamp: 2015-04-18 02:42:26
Author: vboctor
Details ] Diff ]
Protect against malicious REPORTERs

This is a proposal against enabling spammers to signup and spam
the bug tracker. The changes limits the number of possible changes
by signed up users to 10 per hour. Although the feature and limits are configurable.
This check doesn't apply when signup feature is not enabled or when users have access
level above the default was assigned on signup.

Issue #19261
mod - config_defaults_inc.php Diff ] File ]
add - core/antispam_api.php Diff ] File ]
mod - core/bug_api.php Diff ] File ]
mod - core/bugnote_api.php Diff ] File ]
mod - core/constant_inc.php Diff ] File ]
mod - core/history_api.php Diff ] File ]
mod - core/tag_api.php Diff ] File ]
mod - docbook/Admin_Guide/en-US/Configuration.xml Diff ] File ]
add - docbook/Admin_Guide/en-US/config/antispam.xml Diff ] File ]
mod - lang/strings_english.txt Diff ] File ]
master 7cd2fa56
Timestamp: 2015-04-16 18:34:25
Author: dregad
Details ] Diff ]
Don't sanitize user email prior to validation

Before this, email_is_valid() validated a sanitized string (using
filter_var() with FILTER_SANITIZE_EMAIL).

We now validate the email exactly as it was entered by the user to
ensure we don't accept an address that was actually made valid by the
sanitization itself.

Fixes 0017280
mod - core/email_api.php Diff ] File ]
master bc195dd5
Timestamp: 2015-04-16 17:53:48
Author: dregad
Details ] Diff ]
Simplify email validation to only use HTML5 regex

This commit follows the discussion in pull request
https://github.com/mantisbt/mantisbt/pull/172 [^]

It basically removes the possibility for the admin to choose between
several e-mail validation methods, and goes back to a simple ON/OFF
setting for $g_validate_email.

Fixes 0017279
mod - config_defaults_inc.php Diff ] File ]
mod - core/constant_inc.php Diff ] File ]
mod - core/email_api.php Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/email.xml Diff ] File ]
master 6d4378b9
Timestamp: 2015-04-13 11:35:20
Author: dregad
Details ] Diff ]
Time tracking: project-specific access to billing page

The access check against $g_time_tracking_reporting_threshold is now
made with access_ensure_project_level() instead of
access_ensure_global_level()

Fixes 0019588
mod - billing_page.php Diff ] File ]
mod - core/html_api.php Diff ] File ]
master-1.2.x 1eb1f88d
Timestamp: 2015-04-13 11:35:20
Author: dregad
Details ] Diff ]
Time tracking: project-specific access to billing page

The access check against $g_time_tracking_reporting_threshold is now
made with access_ensure_project_level() instead of
access_ensure_global_level()

Fixes 0019588
mod - billing_page.php Diff ] File ]
mod - core/html_api.php Diff ] File ]
master-1.2.x ea6184a7
Timestamp: 2015-04-13 05:13:45
Author: dregad
Details ] Diff ]
Only use timezone_identifiers_list if it exists

The function was called during admin checks before its existence was
verified.

Fixes 0019609
mod - admin/check.php Diff ] File ]
master 119aca13
Timestamp: 2015-04-11 00:25:09
Author: vboctor
Details ] Diff ]
Support multi-line default values for memo fields

- When type is text area enable setting multi-line default.
- When type is text area, don't enable possible values field.

Fixes 0019542
mod - core/custom_field_api.php Diff ] File ]
add - javascript/manage_custom_field_edit_page.js Diff ] File ]
mod - manage_custom_field_edit_page.php Diff ] File ]
master cbfe0832
Timestamp: 2015-04-10 08:16:18
Author: dregad
Details ] Diff ]
Add $g_crypto_master_salt to sample config file

Since the string is required for MantisBT to operate, including it in
the sample file gives a good hint to administrators that they need to
initialize it.

Fixes 0019583
mod - config/config_inc.php.sample Diff ] File ]
master d8f7cc8a
Timestamp: 2015-04-08 11:28:43
Author: vboctor
Details ] Diff ]
Support adding a note + attachment in one step

Fixes 0019589
mod - bug_file_add.php Diff ] File ]
mod - bug_file_upload_inc.php Diff ] File ]
mod - bug_report.php Diff ] File ]
mod - bug_report_page.php Diff ] File ]
mod - bugnote_add.php Diff ] File ]
mod - bugnote_add_inc.php Diff ] File ]
mod - core/file_api.php Diff ] File ]
master 83a66f11
Timestamp: 2015-04-05 19:39:15
Author: dregad
Details ] Diff ]
Synchronous email sending via shutdown function

Pull request https://github.com/mantisbt/mantisbt/pull/589 [^]
mod - api/soap/mantisconnect.php Diff ] File ]
mod - core.php Diff ] File ]
mod - core/constant_inc.php Diff ] File ]
mod - core/email_api.php Diff ] File ]
mod - core/helper_api.php Diff ] File ]
mod - core/html_api.php Diff ] File ]
mod - core/logging_api.php Diff ] File ]
master 4900fd88
Timestamp: 2015-04-05 19:32:20
Author: dregad
Details ] Diff ]
Documentation: catch up on revision history
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff ] File ]
master 07100eff
Timestamp: 2015-04-05 19:32:07
Author: dregad
Details ] Diff ]
Documentation: use programlisting tag
mod - docbook/Admin_Guide/en-US/config/security.xml Diff ] File ]
master f26298d7
Timestamp: 2015-04-05 19:29:45
Author: dregad
Details ] Diff ]
Document disabling of CSP via $g_custom_headers

Fixes 0019576
mod - config_defaults_inc.php Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/security.xml Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/webserver.xml Diff ] File ]
master 2191daad
Timestamp: 2015-04-05 12:54:06
Author: dregad
Details ] Diff ]
Documentation: use 'warning' tags
mod - docbook/Admin_Guide/en-US/Installation.xml Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/misc.xml Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/security.xml Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/webserver.xml Diff ] File ]
master 5ca2fb68
Timestamp: 2015-04-05 10:26:48
Author: dregad
Details ] Diff ]
Reword 'send reminders' messages
mod - lang/strings_english.txt Diff ] File ]
master fd1bcd95
Timestamp: 2015-04-05 10:14:47
Author: dregad
Details ] Diff ]
Fix HTML/CSS for bug_reminder_page.php

This is a follow up on 3ad885bf2e362a4a4005d39ef4c1aa729b16c6cd which
did a minimal adjustment on the styling, continuing use of tables for
page layout.

The page now uses 1.3 standard div/CSS layout.

Issue 0017832, fixes 0019575
mod - bug_reminder_page.php Diff ] File ]
mod - css/default.css Diff ] File ]
master e32a9448
Timestamp: 2015-04-05 10:13:30
Author: dregad
Details ] Diff ]
Reword signup and lost password messages
mod - lang/strings_english.txt Diff ] File ]
master 71057a42
Timestamp: 2015-04-05 09:58:57
Author: dregad
Details ] Diff ]
Whitespace
mod - lost_pwd_page.php Diff ] File ]
mod - signup_page.php Diff ] File ]
1 2 3 4 ... 50 ... 100 ... 150 ... 200 ... 250 ... 300 ... 350 ... 400 ... 450 ... 471 472 473  Next  Last