Changesets: MantisBT
master f12c0ad2 2010-10-04 11:38 Damien Regad Committer: dhx Details Diff |
Fix 0011502 Close button not displayed when allow_reporter_close is set Display the "Change State" button for Reporters on Resolved issues when allow_reporter_close is set (even if issue is read-only) Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0011502 |
|
mod - core/html_api.php | Diff File | ||
master-1.2.x 8126ee69 2010-10-04 11:38 Damien Regad Committer: dhx Details Diff |
Fix 0011502 Close button not displayed when allow_reporter_close is set Display the "Change State" button for Reporters on Resolved issues when allow_reporter_close is set (even if issue is read-only) Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0011502 |
|
mod - core/html_api.php | Diff File | ||
master-1.2.x a75865f2 2010-10-03 16:25 Details Diff |
Localisation updates from http://translatewiki.net | ||
mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
mod - lang/strings_breton.txt | Diff File | ||
mod - lang/strings_slovene.txt | Diff File | ||
mod - lang/strings_finnish.txt | Diff File | ||
mod - lang/strings_tagalog.txt | Diff File | ||
mod - lang/strings_japanese.txt | Diff File | ||
mod - lang/strings_dutch.txt | Diff File | ||
mod - lang/strings_polish.txt | Diff File | ||
mod - lang/strings_french.txt | Diff File | ||
mod - lang/strings_spanish.txt | Diff File | ||
master 57a8ee8d 2010-09-30 17:08 Details Diff |
Updates to lang api to fix a couple of issues introduced by language changes Note: 1) We now define custom_strings_inc.php as a config entry in it's own right 2) custom strings file can use new array format 3) plugin's fallback to english in case where they did not before. |
||
mod - core/plugin_api.php | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - core/lang_api.php | Diff File | ||
mod - core/error_api.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
master 4d42be01 2010-09-30 16:26 Details Diff |
fix warning + better firebug output | ||
mod - core/logging_api.php | Diff File | ||
master b23efa9c 2010-09-22 05:14 Details Diff |
Fix 0009663: Roadmap underlines incorrect lengths The text underlines on the roadmap page are displayed with an incorrect length when the version name contains characters that are encodable via htmlspecialchars(). We need to use the length of the raw string instead of the length of the encoded string. Thanks to Roland Becker for the initial patch for this issue. |
Affected Issues 0009663 |
|
mod - roadmap_page.php | Diff File | ||
master-1.2.x 922d605c 2010-09-22 05:14 Details Diff |
Fix 0009663: Roadmap underlines incorrect lengths The text underlines on the roadmap page are displayed with an incorrect length when the version name contains characters that are encodable via htmlspecialchars(). We need to use the length of the raw string instead of the length of the encoded string. Thanks to Roland Becker for the initial patch for this issue. |
Affected Issues 0009663 |
|
mod - roadmap_page.php | Diff File | ||
master 80b8b1ab 2010-09-22 05:14 Details Diff |
Fix 0009663: Changelog underlines incorrect lengths The text underlines on the changelog page are displayed with an incorrect length when the version name contains characters that are encodable via htmlspecialchars(). We need to use the length of the raw string instead of the length of the encoded string. |
Affected Issues 0009663 |
|
mod - changelog_page.php | Diff File | ||
master-1.2.x 58969dfb 2010-09-22 05:14 Details Diff |
Fix 0009663: Changelog underlines incorrect lengths The text underlines on the changelog page are displayed with an incorrect length when the version name contains characters that are encodable via htmlspecialchars(). We need to use the length of the raw string instead of the length of the encoded string. |
Affected Issues 0009663 |
|
mod - changelog_page.php | Diff File | ||
master bc9b2dea 2010-09-21 21:06 Committer: dhx Details Diff |
Fix 0012373: log_event doesn't log simple strings $s_msg doesn't get a value if $p_msg is an array. When $s_msg is used later on in the function it will be undefined, throwing an error. This is solved by giving $s_msg a value when $p_msg is an array. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012373 |
|
mod - core/logging_api.php | Diff File | ||
master 89c9f85a 2010-09-21 17:58 Details Diff |
Following XSS changes, don't double encode |
Affected Issues 0003767 |
|
mod - core/custom_field_api.php | Diff File | ||
master-1.2.x 76c9a79e 2010-09-21 17:58 Committer: dhx Details Diff |
Following XSS changes, don't double encode |
Affected Issues 0003767 |
|
mod - core/custom_field_api.php | Diff File | ||
master a4349842 2010-09-21 15:19 Committer: dhx Details Diff |
Fix 0012383: Use of invalid color "brown" in CSS Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012383 |
|
mod - css/default.css | Diff File | ||
master-1.2.x d65402a4 2010-09-21 15:19 Committer: dhx Details Diff |
Fix 0012383: Use of invalid color "brown" in CSS Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012383 |
|
mod - css/default.css | Diff File | ||
master-1.1.x 3bc117fc 2010-09-18 19:29 Details Diff |
Fix 0012371: XSS in print_all_bug_page_word.php project/category names Backport of commit bfc9e9 for bug 12238 |
Affected Issues 0012371 |
|
mod - print_all_bug_page_word.php | Diff File | ||
master-1.1.x 51ee3d3f 2010-09-18 19:13 Details Diff |
Fix 0012370: Multiple XSS issues with custom field enumeration values Backport of commit 7ab71d01 fixing bug 12232 |
Affected Issues 0012370 |
|
mod - core/custom_field_api.php | Diff File | ||
master-1.1.x 8f1ebac6 2010-09-18 17:29 Details Diff |
Fix 0012369: XSS vulnerability when deleting maliciously named categories Backport of commit 083c34f06ca927b16e781bae3ae324f450c35ea4 |
Affected Issues 0012369 |
|
mod - manage_proj_cat_delete.php | Diff File | ||
master 544e76d9 2010-09-18 01:32 Committer: dhx Details Diff |
Fix 0011299: Custom menu links should be sanitised before output If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hickseydr@optusnet.com.au> Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0011299 |
|
mod - core/html_api.php | Diff File | ||
master-1.2.x d37df257 2010-09-18 01:32 Committer: dhx Details Diff |
Fix 0011299: Custom menu links should be sanitised before output If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hickseydr@optusnet.com.au> Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0011299 |
|
mod - core/html_api.php | Diff File | ||
master 01d2ffad 2010-09-18 01:19 Details Diff |
Issue 0012368: Remove input side XSS validation of user real names XSS issues should be handled on the output side of MantisBT rather than on the input side. The user real name field was being validated on the input side which is poor design due to the many number of ways in which a user real name could change (SOAP API, XML import, web interface, external scripts, plugins, etc). Furthermore different output interfaces (XML, CSS, XHTML, etc) require different sanitisation and escaping methods. Thus we should remove the input side XSS validation of the user real name field so that we allow ANY characters to be used in this field (except 0x00 of course). Our existing output layers already handle XSS sanitisation of variables such as the real name field. |
Affected Issues 0012368 |
|
mod - manage_user_create.php | Diff File | ||
mod - manage_user_update.php | Diff File | ||
mod - core/user_api.php | Diff File | ||
mod - core/custom_field_api.php | Diff File | ||
mod - account_update.php | Diff File | ||
mod - core/string_api.php | Diff File | ||
master c4d7ca49 2010-09-18 00:24 Committer: dhx Details Diff |
Fix 0012286: Sub projects not included in advanced filter ALL PROJECTS When advanced filter "Project" is set to "All Projects" sub projects are excluded from the results returned by the filter. These sub projects should be included. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012286 |
|
mod - core/filter_api.php | Diff File | ||
master-1.2.x d1a79720 2010-09-18 00:24 Committer: dhx Details Diff |
Fix 0012286: Sub projects not included in advanced filter ALL PROJECTS When advanced filter "Project" is set to "All Projects" sub projects are excluded from the results returned by the filter. These sub projects should be included. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0012286 |
|
mod - core/filter_api.php | Diff File | ||
master e9599997 2010-09-18 00:10 Details Diff |
Fix 0007328: ini_get_number uses wrong postfix multipliers The ini_get_number function currently uses the wrong postfix multipliers when determining the integer value of configuration options from php.ini. The PHP manual clearly states that k = kibibyte instead of k = kilobyte as per http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes Thus we need to change the postfix multipliers to reflect what the PHP manual defines for php.ini. Thanks to Morgan Parry for providing a patch to this issue just over 4 years ago. And thanks to Roland Becker for bumping up old issues like this one that have been forgotten in the past. |
Affected Issues 0007328 |
|
mod - core/utility_api.php | Diff File | ||
master-1.2.x 3536e18a 2010-09-18 00:10 Details Diff |
Fix 0007328: ini_get_number uses wrong postfix multipliers The ini_get_number function currently uses the wrong postfix multipliers when determining the integer value of configuration options from php.ini. The PHP manual clearly states that k = kibibyte instead of k = kilobyte as per http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes Thus we need to change the postfix multipliers to reflect what the PHP manual defines for php.ini. Thanks to Morgan Parry for providing a patch to this issue just over 4 years ago. And thanks to Roland Becker for bumping up old issues like this one that have been forgotten in the past. |
Affected Issues 0007328 |
|
mod - core/utility_api.php | Diff File | ||
master 3bb92717 2010-09-17 23:35 Details Diff |
Fix 0010995: Unable to read or find fonts when using JpGraph The logic inside the graph_get_font() function of MantisGraph/core/graph_api.php was completely broken when using JpGraph. Thanks to Kirill Krasnov for the initial patch. |
Affected Issues 0010995 |
|
mod - plugins/MantisGraph/core/graph_api.php | Diff File |