Changesets: MantisBT
|
master-1.3.x 17f9b94f 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5 |
Affected Issues 0023146, 0023175 |
|
| mod - admin/install.php | Diff File | ||
|
master-2.5 c73ae3d3 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 |
Affected Issues 0023146 |
|
| mod - admin/install.php | Diff File | ||
|
master-2.5 9b5b71da 2017-07-27 13:14 Committer: dregad Details Diff |
Fix XSS in manage_user_page.php (CVE-2017-12062) trichimtrich (https://twitter.com/trichimtrich) reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'filter' form variable. Prevent the attack by sanitizing the variable before output. Fixes 0023166 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0023166 |
|
| mod - manage_user_page.php | Diff File | ||
|
master 3fa9f5d6 2017-07-27 11:59 Details Diff |
Enhance graph display Reduce transparency Remove axes form pie charts Fixes 0023159 |
Affected Issues 0023159 |
|
| mod - plugins/MantisGraph/core/graph_api.php | Diff File | ||
| mod - plugins/MantisGraph/files/MantisGraph.js | Diff File | ||
|
master 09f749de 2017-07-27 00:18 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_asturian.txt | Diff File | ||
|
master df80e3a0 2017-07-25 12:41 Details Diff |
Display "Monitored By" user list based on monitor_bug_threshold Fixes 0023087 |
Affected Issues 0023087 |
|
| mod - core/filter_form_api.php | Diff File | ||
|
master 18d5214f 2017-07-24 12:27 Details Diff |
Remove UTF-8 library from source Issue 0023214 |
Affected Issues 0023214 |
|
| mod - core.php | Diff File | ||
| mod - library/README.md | Diff File | ||
| rm - library/utf8/ChangeLog | Diff | ||
| rm - library/utf8/LICENSE | Diff | ||
| rm - library/utf8/README | Diff | ||
| rm - library/utf8/TODO.tsk | Diff | ||
| rm - library/utf8/exp/regexunicode.php | Diff | ||
| rm - library/utf8/index.html | Diff | ||
| rm - library/utf8/mbstring/core.php | Diff | ||
| rm - library/utf8/native/core.php | Diff | ||
| rm - library/utf8/ord.php | Diff | ||
| rm - library/utf8/readme_mantis.txt | Diff | ||
| rm - library/utf8/str_ireplace.php | Diff | ||
| rm - library/utf8/str_pad.php | Diff | ||
| rm - library/utf8/str_split.php | Diff | ||
| rm - library/utf8/strcasecmp.php | Diff | ||
| rm - library/utf8/strcspn.php | Diff | ||
| rm - library/utf8/stristr.php | Diff | ||
| rm - library/utf8/strrev.php | Diff | ||
| rm - library/utf8/strspn.php | Diff | ||
| rm - library/utf8/substr_replace.php | Diff | ||
| rm - library/utf8/trim.php | Diff | ||
| rm - library/utf8/ucfirst.php | Diff | ||
| rm - library/utf8/ucwords.php | Diff | ||
| rm - library/utf8/utf8.php | Diff | ||
| rm - library/utf8/utils/ascii.php | Diff | ||
| rm - library/utf8/utils/bad.php | Diff | ||
| rm - library/utf8/utils/patterns.php | Diff | ||
| rm - library/utf8/utils/position.php | Diff | ||
| rm - library/utf8/utils/specials.php | Diff | ||
| rm - library/utf8/utils/unicode.php | Diff | ||
| rm - library/utf8/utils/validation.php | Diff | ||
|
master d61ccd1e 2017-07-24 10:59 Details Diff |
Remove unused code and generation of unused CSS code The following kind of CSS is no longer needed since status legend and status_legend_position have been obsoleted. .status-legend-width { width: 14%; } Fixes 0023150 |
Affected Issues 0023150 |
|
| mod - config_defaults_inc.php | Diff File | ||
| mod - css/status_config.php | Diff File | ||
|
master 32e30f3e 2017-07-23 15:55 Committer: atrol Details Diff |
Show file added event in timeline. And remove identical event from timeline. |
||
| add - core/classes/IssueFileAddedTimelineEvent.class.php | Diff File | ||
| mod - core/timeline_api.php | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
master bb69572c 2017-07-23 11:32 Details Diff |
Support deleting notes via REST API Fixes 0023145 |
Affected Issues 0023145 |
|
| mod - api/rest/restcore/issues_rest.php | Diff File | ||
|
master 4a4cc453 2017-07-23 11:18 Details Diff |
Fix note timestamps in REST APIs Fixes 0023139 |
Affected Issues 0023139 |
|
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master 10ff2817 2017-07-23 11:11 Details Diff |
Support sub-projects in REST API get all projects - GET /api/rest/projects should return sub-projects. - Projects should include “subProjects” element that lists sub-projects. - Project info returned for sub-project reflects inherited information like categories and versions. Fixes 0023131 |
Affected Issues 0023131 |
|
| mod - api/rest/restcore/projects_rest.php | Diff File | ||
|
master 39219bd9 2017-07-23 10:46 Details Diff |
Support adding issue notes Support adding a note while specifying text, reporter, and view state. Fixes 0023143 |
Affected Issues 0023143 |
|
| mod - api/rest/restcore/issues_rest.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master 3034a126 2017-07-23 05:27 Details Diff |
Remove loading of UTF8 library Issue 0023214 |
Affected Issues 0023214 |
|
| mod - core.php | Diff File | ||
|
master 3278e4d5 2017-07-23 05:17 Details Diff |
Move function utf8_str_pad to Mantis core Thers is still no function mb_str_pad in latest PHP https://bugs.php.net/bug.php?id=21317 The function has been changed to use no longer utf8_*, but mb_* functions. I didn't rename the function to mb_str_pad to avoid any problems if there will be mb_str_pad in later PHP versions. Issue 0023214 |
Affected Issues 0023214 |
|
| mod - core.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
|
master 442eb35e 2017-07-23 01:49 Details Diff |
Remove generation of unused CSS code The following kind of CSS is no longer need since status_percentage_legend has been obsoleted. .status-10-percentage { width: 11%; } Fixes 0023141 |
Affected Issues 0023141 |
|
| mod - css/status_config.php | Diff File | ||
|
master 9e81d27a 2017-07-22 03:14 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_spanish.txt | Diff File | ||
|
master 27090d47 2017-07-16 12:33 Details Diff |
Replace utf8_strtoupper by mb_strtoupper Issue 0023214 |
Affected Issues 0023214 |
|
| mod - manage_tags_page.php | Diff File | ||
| mod - manage_user_page.php | Diff File | ||
|
master 322acccd 2017-07-16 12:29 Details Diff |
Replace utf8_strtolower by mb_strtolower Issue 0023214 |
Affected Issues 0023214 |
|
| mod - bug_actiongroup_ext_page.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/install_helper_functions_api.php | Diff File | ||
| mod - core/lang_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - core/version_api.php | Diff File | ||
| mod - manage_proj_cat_update.php | Diff File | ||
| mod - print_all_bug_options_update.php | Diff File | ||
| mod - signup.php | Diff File | ||
|
master 292c7049 2017-07-16 12:18 Details Diff |
Replace utf8_substr by mb_substr Issue 0023214 |
Affected Issues 0023214 |
|
| mod - bug_actiongroup_ext_page.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/custom_field_api.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - core/form_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/install_helper_functions_api.php | Diff File | ||
| mod - core/php_api.php | Diff File | ||
| mod - core/plugin_api.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - csv_export.php | Diff File | ||
| mod - issues_rss.php | Diff File | ||
| mod - news_rss.php | Diff File | ||
| mod - plugins/MantisGraph/pages/issues_trend_bystatus_table.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
| mod - search.php | Diff File | ||
|
master 63cac7b8 2017-07-16 11:46 Details Diff |
Replace utf8_strlen by mb_strlen Issue 0023214 |
Affected Issues 0023214 |
|
| mod - bug_actiongroup_ext_page.php | Diff File | ||
| mod - bug_actiongroup_page.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/api_token_api.php | Diff File | ||
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
| mod - core/custom_field_api.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/install_helper_functions_api.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
|
master 94cf14e4 2017-07-15 06:59 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_french.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_breton.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_lithuanian.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_portuguese_brazil.txt | Diff File | ||
|
master dd288c34 2017-07-14 04:08 Details Diff |
Fix HTML syntax error |
Affected Issues 0023116 |
|
| mod - bug_update_page.php | Diff File | ||
|
master ca19157c 2017-07-12 21:12 Details Diff |
Support issue id as part of the path Support paths like: https://…./api/rest/issues/12345 In addition to: https://…./api/rest/issues?id=12345 |
||
| mod - api/rest/restcore/issues_rest.php | Diff File | ||
|
master f1f9de60 2017-07-04 00:08 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_chinese_simplified.txt | Diff File | ||
