Changesets: MantisBT
master 5ceb96b2 2024-03-02 07:23 Details Diff |
Merge branch 'master-2.26' | ||
mod - core/timeline_inc.php | Diff File | ||
master 7b9ee439 2024-03-02 07:12 Details Diff |
Removed unused TIMELINE_* constants Those were added back in 2008 (6bc681fa2ae103998724ecb2b837036ee6e35f95) for an API that was never finalized, and finally removed in 2009, see commit b3c834c8ad621f087f9cd1113981848a9eff181d. |
||
mod - core/constant_inc.php | Diff File | ||
master 2eeeb42b 2024-03-02 07:06 Details Diff |
Protect timeline_inc.php with a constant Make sure it can't be accessed directly. Fixes 0033914 |
Affected Issues 0033914 |
|
mod - my_view_page.php | Diff File | ||
mod - timeline_inc.php | Diff File | ||
mod - view_user_page.php | Diff File | ||
master 834eba1a 2024-03-02 07:00 Details Diff |
Moving timeline_inc.php from core to root Consistency update. Historically, includes containing markup are stored with the scripts using them (see bug_view_inc.php for example). Fixes 0033914 |
Affected Issues 0033914 |
|
mod - my_view_page.php | Diff File | ||
mv - core/timeline_inc.php → timeline_inc.php | Diff File | ||
mod - view_user_page.php | Diff File | ||
master-2.26 bff76ed9 2024-03-02 06:56 Details Diff |
Remove inclusion of core.php in timeline_inc.php By definition an include file is part of a main script, which will always include core.php, so it's not necessary to reference it again in the include. This actually caused an error on a user's system (PHP 8.2 on IIS). The problem could not be reproduced, but an easy fix is to remove the useless require_once. Fixes 0033906 |
Affected Issues 0033906 |
|
mod - core/timeline_inc.php | Diff File | ||
master ef3d11b5 2024-02-29 07:08 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
mod - lang/strings_hungarian.txt | Diff File | ||
mod - lang/strings_korean.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_korean.txt | Diff File | ||
master 2c322b00 2024-02-26 07:09 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
mod - lang/strings_breton.txt | Diff File | ||
mod - lang/strings_chinese_traditional.txt | Diff File | ||
mod - lang/strings_hebrew.txt | Diff File | ||
mod - lang/strings_hungarian.txt | Diff File | ||
mod - lang/strings_interlingua.txt | Diff File | ||
mod - lang/strings_serbian.txt | Diff File | ||
mod - lang/strings_slovene.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_hungarian.txt | Diff File | ||
master cc2b4297 2024-02-26 02:20 dependabot[bot] Committer: community Details Diff |
Bump phpunit/phpunit from 9.6.16 to 9.6.17 (0001973) Bumps [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) from 9.6.16 to 9.6.17. - [Changelog](https://github.com/sebastianbergmann/phpunit/blob/9.6.17/ChangeLog-9.6.md) - [Commits](https://github.com/sebastianbergmann/phpunit/compare/9.6.16...9.6.17) --- updated-dependencies: - dependency-name: phpunit/phpunit dependency-type: direct:development update-type: version-update:semver-patch ... Fixes 0033098, PR https://github.com/mantisbt/mantisbt/pull/1973 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
Affected Issues 0033098 |
|
mod - composer.lock | Diff File | ||
dependabot/composer/phpunit/phpunit-9.6.17 99c377d0 2024-02-25 20:50 dependabot[bot] Committer: community Details Diff |
Bump phpunit/phpunit from 9.6.16 to 9.6.17 Bumps [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) from 9.6.16 to 9.6.17. - [Changelog](https://github.com/sebastianbergmann/phpunit/blob/9.6.17/ChangeLog-9.6.md) - [Commits](https://github.com/sebastianbergmann/phpunit/compare/9.6.16...9.6.17) --- updated-dependencies: - dependency-name: phpunit/phpunit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> |
||
mod - composer.lock | Diff File | ||
master d5c4c30a 2024-02-22 10:24 Details Diff |
Move buttons to Edit User section footer Until now, Reset Password, Delete User and Impersonate User buttons were displayed between the Edit User and Add user to project sections. This was dictated by legacy HTML limitation where it was not possible to have multiple buttons in a single form with different submit actions. With HTML5 we can leverage the formaction attribute, and move the buttons into the Edit User section's footer for a cleaner UI. Fixes 0033842 |
Affected Issues 0033842 |
|
mod - manage_user_delete.php | Diff File | ||
mod - manage_user_edit_page.php | Diff File | ||
mod - manage_user_reset.php | Diff File | ||
master 88f9ca34 2024-02-22 07:09 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
mod - lang/strings_finnish.txt | Diff File | ||
mod - lang/strings_hebrew.txt | Diff File | ||
mod - lang/strings_hungarian.txt | Diff File | ||
mod - lang/strings_italian.txt | Diff File | ||
mod - lang/strings_macedonian.txt | Diff File | ||
mod - lang/strings_portuguese_standard.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_galician.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_hebrew.txt | Diff File | ||
master 658e3a64 2024-02-22 05:22 Details Diff |
Upgrade to PHPUnit 9.6 - Update minimum version in composer.json - Minor adjustments to the test suite, fixing deprecation warnings. Fixes 0033098, PR https://github.com/mantisbt/mantisbt/pull/1936 |
Affected Issues 0033098 |
|
mod - composer.json | Diff File | ||
mod - composer.lock | Diff File | ||
mod - core/helper_api.php | Diff File | ||
mod - tests/Mantis/ConfigParserTest.php | Diff File | ||
mod - tests/Mantis/HelperTest.php | Diff File | ||
mv - tests/Mantis/EnumTest.php → tests/Mantis/MantisEnumTest.php | Diff File | ||
mod - tests/Mantis/PluginTest.php | Diff File | ||
mod - tests/Mantis/PrepareTest.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
mv - tests/Mantis/UserTest.php → tests/Mantis/UserApiTest.php | Diff File | ||
mod - tests/rest/RestImpersonateUserTest.php | Diff File | ||
mod - tests/rest/RestUserTest.php | Diff File | ||
mod - tests/soap/AttachmentTest.php | Diff File | ||
mod - tests/soap/FilterTest.php | Diff File | ||
mod - tests/soap/LoginTest.php | Diff File | ||
mod - tests/soap/RelationshipTest.php | Diff File | ||
master 7e76c6b7 2024-02-21 18:37 Details Diff |
Fix assertObjectHasAttribute() is deprecated Replace usage by assertObjectHasProperty(). Same thing for assertObjectNotHasAttribute(), replaced by assertObjectNotHasProperty() |
||
mod - tests/soap/FilterTest.php | Diff File | ||
mod - tests/soap/RelationshipTest.php | Diff File | ||
master 7d187adc 2024-02-21 18:33 Details Diff |
Fix assertRegExp() is deprecated Replace usage by assertMatchesRegularExpression(). |
||
mod - tests/soap/AttachmentTest.php | Diff File | ||
mod - tests/soap/LoginTest.php | Diff File | ||
master 981d8d99 2024-02-21 18:23 Details Diff |
Fix Expecting E_ERROR and E_USER_ERROR is deprecated Expecting E_ERROR and E_USER_ERROR is deprecated and will no longer be possible in PHPUnit 10. helper_array_transpose() now throws a ClientException instead of calling trigger_error() when detecting a non-bidimensional array. Adapt HelperTest::testArrayTransposeInvalid() to handle the exception instead of E_USER_ERROR. |
||
mod - core/helper_api.php | Diff File | ||
mod - tests/Mantis/HelperTest.php | Diff File | ||
master ee5194fe 2024-02-21 17:48 Details Diff |
Fix PHPUnit deprecation warnings - Abstract test case classes with "Test" suffix are deprecated - Test case class not matching filename is deprecated |
||
mod - tests/Mantis/ConfigParserTest.php | Diff File | ||
mod - tests/Mantis/HelperTest.php | Diff File | ||
mv - tests/Mantis/EnumTest.php → tests/Mantis/MantisEnumTest.php | Diff File | ||
mod - tests/Mantis/PluginTest.php | Diff File | ||
mod - tests/Mantis/PrepareTest.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
mv - tests/Mantis/UserTest.php → tests/Mantis/UserApiTest.php | Diff File | ||
mod - tests/rest/RestImpersonateUserTest.php | Diff File | ||
mod - tests/rest/RestUserTest.php | Diff File | ||
master e238195e 2024-02-21 17:05 Details Diff |
Composer update Running `composer update -W phpunit/phpunit` - Removing phpunit/php-token-stream (4.0.4) - Upgrading sebastian/version (2.0.1 => 3.0.2) - Upgrading sebastian/type (1.1.4 => 3.2.1) - Upgrading sebastian/resource-operations (2.0.2 => 3.0.3) - Upgrading sebastian/recursion-context (3.0.1 => 4.0.5) - Upgrading sebastian/object-reflector (1.1.2 => 2.0.4) - Upgrading sebastian/object-enumerator (3.0.4 => 4.0.4) - Upgrading sebastian/global-state (3.0.3 => 5.0.6) - Upgrading sebastian/exporter (3.1.5 => 4.0.5) - Upgrading sebastian/environment (4.2.4 => 5.1.5) - Upgrading sebastian/diff (3.0.4 => 4.0.5) - Upgrading sebastian/comparator (3.0.5 => 4.0.8) - Installing sebastian/code-unit (1.0.8) - Installing sebastian/cli-parser (1.0.1) - Upgrading phpunit/php-timer (2.1.3 => 5.0.3) - Upgrading phpunit/php-text-template (1.2.1 => 2.0.4) - Installing phpunit/php-invoker (3.1.1) - Upgrading phpunit/php-file-iterator (2.0.5 => 3.0.6) - Upgrading theseer/tokenizer (1.2.1 => 1.2.2) - Installing nikic/php-parser (v5.0.1) - Installing sebastian/lines-of-code (1.0.4) - Installing sebastian/complexity (2.0.3) - Upgrading sebastian/code-unit-reverse-lookup (1.0.2 => 2.0.3) - Upgrading phpunit/php-code-coverage (7.0.15 => 9.2.30) - Upgrading phpunit/phpunit (8.5.34 => 9.6.16) |
||
mod - composer.lock | Diff File | ||
master d58e13d3 2024-02-20 19:34 Details Diff |
Merge branch 'master-2.26' | ||
mod - build/travis_before_script.sh | Diff File | ||
master-2.26 0e4e6e3c 2024-02-20 19:30 Details Diff |
Travis: fix builds timing out Since merge of GHSA-mcqj-7p29-9528 (7055731d09ff12b2781410a372f790172e279744), the builds are timing out during travis_before_script.sh "MantisBT Installation" step, because curl is not returning any output. This is due to to introduction of the new path parameter. Setting it to the actual URL `http://$HOSTNAME:$PORT/` does not work, so we use a blank path. Fixes 0033791 (cherry picked from commit cd2cf5b3f99b67668bba667e7f918c7a49f04969) |
Affected Issues 0033791 |
|
mod - build/travis_before_script.sh | Diff File | ||
master 4024da02 2024-02-20 16:25 Details Diff |
Merge tag 'release-2.26.1' Stable release 2.26.1 # Conflicts: # config_defaults_inc.php # core/constant_inc.php |
||
mod - admin/check/check_paths_inc.php | Diff File | ||
mod - admin/install.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core.php | Diff File | ||
mod - doc/CREDITS | Diff File | ||
mod - docbook/Admin_Guide/en-US/config/path.xml | Diff File | ||
mod - js/install.js | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - login_page.php | Diff File | ||
release-2.26.1 b8778103 2024-02-20 16:14 Details Diff |
Bump version to 5.26.1 | ||
mod - core/constant_inc.php | Diff File | ||
release-2.26.1 ba4e14ce 2024-02-20 16:13 Details Diff |
Update Credits | ||
mod - doc/CREDITS | Diff File | ||
master-2.26 7055731d 2024-02-20 16:10 Committer: community Details Diff |
Merge pull request from GHSA-mcqj-7p29-9528 * Address host header injection vulnerability $g_path is empty by default, and should be defined in config_inc.php. Not doing so is a security risk, as the path will then be set based on headers from the HTTP request, exposing the system to Host Header injection attacks. Document the risk in PHPDoc and Admin Guide. Move the code that initializes $g_path's default value from config_defaults_inc.php to a function in core.php. Detect if $g_path was defaulted, and if yes alert the user in: - Login Page (if $g_admin_checks == ON) - Admin Checks Fixes 0019381, CVE-2024-23830, GHSA-mcqj-7p29-9528 * Remove dead code * Use OWASP as reference for host header injection * Link to OWASP reference page from admin guide * Invalid $g_path at install time is a hard fail Empty $g_path remains just a warning about the security risk. Request and set $g_path at install time This is an improvement on the original patch for CVE-2024-23830. The admin is now able to set $g_path when installing MantisBT. A default value is provided, based on the URL used to perform the installation (using the same logic that is applied when $g_path is empty). A check of the provided URL is performed during install stage 2, and an error is reported if it is invalid. If an empty $g_path is given, then we only display a warning about the security risk. The URL is then stored as $g_path in the generated config_inc.php file at stage 5. This greatly reduces the risk of the admin forgetting to set $g_path manually, while still allowing them to set it to empty should they want to. Fixes 0019381 * Add Reset button to path input Reuse the existing functionality implemented for database prefix/suffix, with the following changes - Rename `reset-prefix` selector class to `reset` to be more generic - Add Reset functionality markup to path input including default value - Add title attribute to Reset buttons - Adapt initialization logic to only set the default value for the table-prefix fields |
Affected Issues 0019381 |
|
mod - admin/check/check_paths_inc.php | Diff File | ||
mod - admin/install.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core.php | Diff File | ||
mod - docbook/Admin_Guide/en-US/config/path.xml | Diff File | ||
mod - js/install.js | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - login_page.php | Diff File | ||
master a254b244 2024-02-19 19:08 Committer: community Details Diff |
Revert unrelated changes to prevent a regression Changes for issue 0033521 introduce a regression. Without undoing, we will get again issue 0032459. |
Affected Issues 0032459, 0033521 |
|
mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
master a16fa867 2024-02-19 18:30 Details Diff |
Always consider Category 0 as enabled Fixes a regression introduced by e3f572c0f9dd8e1820d76df23281a99e07636bea. APPLICATION ERROR 1502 (Category not found) prevents editing an issue without a category. Issue 0031017 |
Affected Issues 0031017 |
|
mod - core/category_api.php | Diff File |