2014-12-22 10:34 EST

Changesets: MantisBT

Search ] Browse ] Back to Index ]
master 1bb9acd0
Timestamp: 2014-12-22 01:55:50
Author: vboctor
Details ] Diff ]
Hide 'Manage Global Profiles' menu when disabled

Fixes 0017978
mod - core/html_api.php Diff ] File ]
master 61c8548c
Timestamp: 2014-12-21 11:46:35
Author: dregad
Details ] Diff ]
Fix system warning in gpc_get_string_array()

The fix for issue 0017640 did not consider that the value returned by
gpc_get() is not necessarily an array - it can be the default value
(e.g. null) causing PHP to throw an 'Invalid argument supplied for
foreach()' warning.

Fixes 0017967 (ported from 1.2.x)
mod - core/gpc_api.php Diff ] File ]
master-1.2.x 99ada4de
Timestamp: 2014-12-21 11:46:35
Author: dregad
Details ] Diff ]
Fix system warning in gpc_get_string_array()

The fix for issue 0017640 did not consider that the value returned by
gpc_get() is not necessarily an array - it can be the default value
(e.g. null) causing PHP to throw an 'Invalid argument supplied for
foreach()' warning.

Fixes 0017967, regression from 215968fa8ff33e327f0600765a5caa24de392cbc
mod - core/gpc_api.php Diff ] File ]
master 0b7e1260
Timestamp: 2014-12-14 19:20:26
Author: dregad
Details ] Diff ]
Update mailmap file [skip ci]
mod - .mailmap Diff ] File ]
master 27a65d5e
Timestamp: 2014-12-14 18:38:47
Author: dregad
Details ] Diff ]
Improve Timezone initialization, default to UTC

Fixes https://github.com/mantisbt/mantisbt/pull/382 [^]
mod - account_prefs_update.php Diff ] File ]
mod - admin/check/check_i18n_inc.php Diff ] File ]
mod - admin/install.php Diff ] File ]
mod - admin/schema.php Diff ] File ]
mod - config_defaults_inc.php Diff ] File ]
mod - core.php Diff ] File ]
mod - core/date_api.php Diff ] File ]
mod - core/print_api.php Diff ] File ]
mod - docbook/Admin_Guide/en-US/config/timezone.xml Diff ] File ]
mod - scripts/travis_before_script.sh Diff ] File ]
master 54a1d300
Timestamp: 2014-12-14 03:56:31
Author: dregad
Details ] Diff ]
Documentation: fix typo and syntax in user management

Fixes 0017964
mod - docbook/Admin_Guide/en-US/User_Management.xml Diff ] File ]
master b751f3b1
Timestamp: 2014-12-13 17:10:44
Author: vboctor
Committer: dregad
Details ] Diff ]
Don't expand reporters by default in update page

For performance reasons with update issue pages, we should revert
back to 1.2.x behavior where we don't populate the combobox of
reporters by default. This is in order to reduce database load and
improve performance for instances with large number of reporters.

This change is also designed to make sure that search engine crawlers
don't expand such list and hence avoiding the database load.

In the future, we should use jquery auto-complete or similar control.
We could also possibly add a configuration option or cache a session
variable that determines whether to expand the list by default. This
can be useful for instances with small number of reporters.

Fixes 0017944
mod - bug_update_page.php Diff ] File ]
mod - javascript/common.js Diff ] File ]
master eb44011b
Timestamp: 2014-12-13 13:41:24
Author: vboctor
Details ] Diff ]
Fix 17959: Upgrade unattended produces a warning
mod - core/install_helper_functions_api.php Diff ] File ]
master 82afaec7
Timestamp: 2014-12-12 23:05:55
Author: vboctor
Details ] Diff ]
Disable admin_checks if admin folder doesn't exist

Fixes 0017958
mod - login_page.php Diff ] File ]
master 257c1fe1
Timestamp: 2014-12-09 11:23:19
Author: dregad
Details ] Diff ]
New API current_user_set()

The function sets the $g_cache_current_user_id global variable, and
clears the user preferences cache ($g_cache_current_user_pref) if
necessary.

Using this new API to set the current user as opposed to working with
$g_cache_current_user_id makes sure we always get the correct data from
get_user_pref().

Resolves an issue where the order (as well as the number) of bugnotes in
email notifications is based on the user who triggered the action,
instead of the email's recipient.

Fixes 0017925 (porting 559ba4e43a2dc6c9f8fd6491f6279379734ac549)
mod - core/authentication_api.php Diff ] File ]
mod - core/current_user_api.php Diff ] File ]
mod - core/email_api.php Diff ] File ]
master-1.2.x 559ba4e4
Timestamp: 2014-12-09 11:23:19
Author: dregad
Details ] Diff ]
New API current_user_set()

The function sets the $g_cache_current_user_id global variable, and
clears the user preferences cache ($g_cache_current_user_pref) if
necessary.

Using this new API to set the current user as opposed to working with
$g_cache_current_user_id makes sure we always get the correct data from
get_user_pref().

Resolves an issue where the order (as well as the number) of bugnotes in
email notifications is based on the user who triggered the action,
instead of the email's recipient.

Fixes 0017925
mod - core/authentication_api.php Diff ] File ]
mod - core/current_user_api.php Diff ] File ]
mod - core/email_api.php Diff ] File ]
master 0c220b23
Timestamp: 2014-12-07 23:06:01
Author: vboctor
Details ] Diff ]
Update version to 1.3.0-beta.1
mod - core/constant_inc.php Diff ] File ]
master 1840db4a
Timestamp: 2014-12-07 22:52:22
Author: vboctor
Details ] Diff ]
Update credits and mailmap
mod - .mailmap Diff ] File ]
mod - doc/CREDITS Diff ] File ]
master 469dfb72
Timestamp: 2014-12-07 22:52:22
Author: vboctor
Details ] Diff ]
Update credits and mailmap
mod - .mailmap Diff ] File ]
mod - doc/CREDITS Diff ] File ]
master-1.2.x ad8c788e
Timestamp: 2014-12-05 18:48:27
Author: dregad
Details ] Diff ]
Changed version to 1.2.19dev [skip ci]
mod - core/constant_inc.php Diff ] File ]
master-1.2.x 54f94230
Timestamp: 2014-12-05 17:45:33
Author: dregad
Details ] Diff ]
Fix invalid link in 'nosniff' header comment

Missed that occurence in html_api.php when I updated it in
file_download.php (e66ecc9f886a97a3b54a8bdaa9afbfa6902f1d9a).
mod - core/http_api.php Diff ] File ]
master-1.2.x 5616fcf7
Timestamp: 2014-12-05 16:52:11
Author: dregad
Details ] Diff ]
Bump version and update release notes for 1.2.18
mod - core/constant_inc.php Diff ] File ]
mod - doc/RELEASE Diff ] File ]
master-1.2.x a551d7db
Timestamp: 2014-12-03 18:36:46
Author: dregad
Details ] Diff ]
Fix 0017827: PHP STRICT warnings in Disposable library
mod - library/disposable/disposable.php Diff ] File ]
master-1.2.x 305019bd
Timestamp: 2014-12-03 18:26:56
Author: dregad
Details ] Diff ]
Update CREDITS
mod - doc/CREDITS Diff ] File ]
master 75f6bf97
Timestamp: 2014-12-03 17:18:17
Author: dregad
Details ] Diff ]
Fix URL redirection issue in login_page.php

When Mantis is installed at the web server's root, $g_short_path is set
to '/'. string_sanitize_url() removes the trailing '/' from the short
path, which causes the URL to be incorrectly categorized as "type 2",
thus allowing cross-site redirection to occur.

By making checking that the short path is not empty before setting URL
as type 2, we ensure that we categorize it as type 3, which then forces
the function's return value to 'index.php'

Fixes 0017648 (CVE-2014-6316)
mod - core/string_api.php Diff ] File ]
master-1.2.x e66ecc9f
Timestamp: 2014-12-03 17:18:17
Author: dregad
Details ] Diff ]
Fix URL redirection issue in login_page.php

When Mantis is installed at the web server's root, $g_short_path is set
to '/'. string_sanitize_url() removes the trailing '/' from the short
path, which causes the URL to be incorrectly categorized as "type 2",
thus allowing cross-site redirection to occur.

By making checking that the short path is not empty before setting URL
as type 2, we ensure that we categorize it as type 3, which then forces
the function's return value to 'index.php'

Fixes 0017648 (CVE-2014-6316)
mod - core/string_api.php Diff ] File ]
master f148884f
Timestamp: 2014-12-03 17:09:35
Author: dregad
Details ] Diff ]
Tests: revise StringTest.php

- Add assertion to check string_sanitize_url() when $g_short_path = '/'
This is a bit of a hack, but it gets the job done
- Add test case for login page URL redirection issue 0017648
mod - tests/Mantis/StringTest.php Diff ] File ]
master-1.2.x 662bcd2e
Timestamp: 2014-12-03 17:09:35
Author: dregad
Details ] Diff ]
Tests: revise StringTest.php

- Add assertion to check string_sanitize_url() when $g_short_path = '/'
This is a bit of a hack, but it gets the job done
- Add test case for login page URL redirection issue 0017648
mod - tests/Mantis/StringTest.php Diff ] File ]
master b35d3436
Timestamp: 2014-12-02 02:25:28
Author: syncguru
Committer: dregad
Details ] Diff ]
Fix view issue page UI inconsistencies

1. Titles in table headers are left aligned
2. Fix issue relationship box header title width

Fixes: 0017831

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - core/relationship_api.php Diff ] File ]
mod - css/default.css Diff ] File ]
master 3a0c7f8c
Timestamp: 2014-12-02 01:58:38
Author: syncguru
Committer: dregad
Details ] Diff ]
Fix 0017916: limit width of project boxes

Affects: Login, signup, reauth, reset password & switch project boxes

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - css/default.css Diff ] File ]
1 2 3 4 ... 50 ... 100 ... 150 ... 200 ... 250 ... 300 ... 350 ... 400 ... 450 ... 464 465 466  Next  Last