Changesets: MantisBT
master-1.2.x 633799cf 2009-07-12 18:04 Committer: dhx Details Diff |
Issue 0010708: Relationship graphs broken after refactoring of bug_view_inc.php - Fixed the access_denied issue in relationship graphs. - Fixed the access_denied issue in bug reminders. I don't have the relationship graphs setup, so won't mark the issue as resolved yet until dhx verifies it. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010708 |
|
mod - view.php | Diff File | ||
mod - bug_relationship_graph.php | Diff File | ||
mod - bug_reminder_page.php | Diff File | ||
master 546e72b1 2009-07-11 04:17 Details Diff |
More work relating to issue 0010696: Refactor simple / advanced / change status view for consistency. 1. Use array of fields to specify fields to be displayed on issue view page. 2. Remove the concept of simple vs. advanced view issue pages. 3. Re-add the configuration options that can disable usage of certain fields. The same sort of changes need to be done for report / update / print pages. |
Affected Issues 0010696 |
|
mod - core/html_api.php | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - bug_update_advanced_page.php | Diff File | ||
mod - core/filter_api.php | Diff File | ||
mod - bug_update_page.php | Diff File | ||
mod - print_bug_page.php | Diff File | ||
mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
mod - bug_view_inc.php | Diff File | ||
mod - core/version_api.php | Diff File | ||
mod - bug_change_status_page.php | Diff File | ||
mod - view_filters_page.php | Diff File | ||
mod - core/obsolete.php | Diff File | ||
mod - bug_report_advanced_page.php | Diff File | ||
mod - core/constant_inc.php | Diff File | ||
mod - bug_report_page.php | Diff File | ||
mod - bug_view_advanced_page.php | Diff File | ||
mod - bug_view_page.php | Diff File | ||
mod - view.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core/columns_api.php | Diff File | ||
master-1.2.x 566a4f02 2009-07-11 04:17 Details Diff |
More work relating to issue 0010696: Refactor simple / advanced / change status view for consistency. 1. Use array of fields to specify fields to be displayed on issue view page. 2. Remove the concept of simple vs. advanced view issue pages. 3. Re-add the configuration options that can disable usage of certain fields. The same sort of changes need to be done for report / update / print pages. |
Affected Issues 0010696 |
|
mod - core/constant_inc.php | Diff File | ||
mod - core/html_api.php | Diff File | ||
mod - bug_update_advanced_page.php | Diff File | ||
mod - core/filter_api.php | Diff File | ||
mod - bug_update_page.php | Diff File | ||
mod - bug_view_inc.php | Diff File | ||
mod - bug_report_page.php | Diff File | ||
mod - core/version_api.php | Diff File | ||
mod - bug_change_status_page.php | Diff File | ||
mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
mod - lang/strings_english.txt | Diff File | ||
mod - view_filters_page.php | Diff File | ||
mod - bug_report_advanced_page.php | Diff File | ||
mod - core/obsolete.php | Diff File | ||
mod - bug_view_advanced_page.php | Diff File | ||
mod - bug_view_page.php | Diff File | ||
mod - view.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core/columns_api.php | Diff File | ||
mod - print_bug_page.php | Diff File | ||
master-1.2.x 2a6892bc 2009-07-11 01:11 Details Diff |
Teach MantisBT to bake tough cookies The Secure cookie flag is now set for all cookies when the user is browsing via a TLS protected connection. Originally this flag was only set for the PHP session ID cookie. MantisBT now supports the HttpOnly cookie flag and will use it when possible (PHP 5.2.0 is required). This flag tells the client browser to deny Javascript access to the cookie (both reading and writing). As such, this flag is very useful in providing another layer of protection against XSS attacks. The gpc_set_cookie function has an additional parameter to disable the HttpOnly flag on a per-cookie basis. This parameter should be set to false when sending a cookie to the client that client-side Javascript needs to read or write. Fixes 0010709,0010712 |
Affected Issues 0010709, 0010712 |
|
mod - core/session_api.php | Diff File | ||
mod - core/gpc_api.php | Diff File | ||
master 58a67eef 2009-07-11 01:11 Details Diff |
Teach MantisBT to bake tough cookies The Secure cookie flag is now set for all cookies when the user is browsing via a TLS protected connection. Originally this flag was only set for the PHP session ID cookie. MantisBT now supports the HttpOnly cookie flag and will use it when possible (PHP 5.2.0 is required). This flag tells the client browser to deny Javascript access to the cookie (both reading and writing). As such, this flag is very useful in providing another layer of protection against XSS attacks. The gpc_set_cookie function has an additional parameter to disable the HttpOnly flag on a per-cookie basis. This parameter should be set to false when sending a cookie to the client that client-side Javascript needs to read or write. Fixes 0010709,0010712 |
Affected Issues 0010709, 0010712 |
|
mod - core/session_api.php | Diff File | ||
mod - core/gpc_api.php | Diff File | ||
master 641b3a69 2009-07-10 20:57 Details Diff |
Bump version to 1.3.0dev | ||
mod - doc/RELEASE | Diff File | ||
mod - core/obsolete.php | Diff File | ||
mod - core/constant_inc.php | Diff File | ||
master-1.2.x 7d334bd6 2009-07-10 20:20 Details Diff |
Bump release notes for 1.2.0rc2 | ||
mod - doc/RELEASE | Diff File | ||
mod - core/obsolete.php | Diff File | ||
master ce27f552 2009-07-10 19:39 Details Diff |
Use SCRIPT_NAME instead of PHP_SELF $_SERVER['SCRIPT_NAME'] does a similar thing to $_SERVER['PHP_SELF'] except it is defined in the CGI standard. Many web servers, by defualt, don't expose PHP_SELF when using CGI/FastCGI. They do expose SCRIPT_NAME, so this is a better choice to use. See: http://hoohoo.ncsa.illinois.edu/cgi/env.html http://www.php.net/manual/en/reserved.variables.server.php http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm |
Affected Issues 0005753 |
|
mod - core/html_api.php | Diff File | ||
mod - core.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core/access_api.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - manage_config_email_page.php | Diff File | ||
mod - manage_config_workflow_page.php | Diff File | ||
mod - core/database_api.php | Diff File | ||
mod - admin/test_email.php | Diff File | ||
mod - manage_config_work_threshold_page.php | Diff File | ||
mod - api/soap/mantisconnect.php | Diff File | ||
mod - core/utility_api.php | Diff File | ||
master-1.2.x 2fe55fdd 2009-07-10 19:39 Details Diff |
Use SCRIPT_NAME instead of PHP_SELF $_SERVER['SCRIPT_NAME'] does a similar thing to $_SERVER['PHP_SELF'] except it is defined in the CGI standard. Many web servers, by defualt, don't expose PHP_SELF when using CGI/FastCGI. They do expose SCRIPT_NAME, so this is a better choice to use. See: http://hoohoo.ncsa.illinois.edu/cgi/env.html http://www.php.net/manual/en/reserved.variables.server.php http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm |
Affected Issues 0005753 |
|
mod - core/html_api.php | Diff File | ||
mod - core.php | Diff File | ||
mod - core/access_api.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - manage_config_email_page.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - manage_config_workflow_page.php | Diff File | ||
mod - core/database_api.php | Diff File | ||
mod - admin/test_email.php | Diff File | ||
mod - manage_config_work_threshold_page.php | Diff File | ||
mod - api/soap/mantisconnect.php | Diff File | ||
mod - core/utility_api.php | Diff File | ||
master 55e48e0e 2009-07-10 19:24 Details Diff |
Revert "Add additional settings to g_global_settings" This reverts commit 5d6b5259db666e61cd6476b382129d5fe8f42ce5. Instead of banning these additional settings from being locatable in the database, we really need a new array of settings that cannot be set on a per-project basis. |
||
mod - config_defaults_inc.php | Diff File | ||
master 949b4809 2009-07-10 18:50 Details Diff |
Allow deletion of all per-project config options When upgrading incorrect configuration stored in the database, administrators need the ability to remove per-project configuration options that must only be set globally (via $g_global_configuration). |
||
mod - adm_config_delete.php | Diff File | ||
master-1.2.x 392ccb1f 2009-07-10 18:50 Details Diff |
Allow deletion of all per-project config options When upgrading incorrect configuration stored in the database, administrators need the ability to remove per-project configuration options that must only be set globally (via $g_global_configuration). |
||
mod - adm_config_delete.php | Diff File | ||
master 5d6b5259 2009-07-10 18:46 Details Diff |
Add additional settings to g_global_settings These configuration options also cannot be set on a per-project basis as they affect the entire Mantis installation when set. |
||
mod - config_defaults_inc.php | Diff File | ||
master-1.2.x 3593ed97 2009-07-10 16:30 Details Diff |
When creating users, store the hashed password | ||
mod - core/user_api.php | Diff File | ||
master a888575c 2009-07-10 16:30 Details Diff |
When creating users, store the hashed password | ||
mod - core/user_api.php | Diff File | ||
master-1.2.x 59f7a129 2009-07-10 10:00 Details Diff |
Version bump | ||
mod - core/constant_inc.php | Diff File | ||
master 8f6fc3b0 2009-07-09 18:27 Paul Richards Details Diff |
compress_api.php is included by core.php | ||
mod - bug_view_inc.php | Diff File | ||
master-1.2.x d375252e 2009-07-09 18:27 Paul Richards Committer: dhx Details Diff |
compress_api.php is included by core.php | ||
mod - bug_view_inc.php | Diff File | ||
master 839cfe6f 2009-07-09 18:27 Paul Richards Details Diff |
Fix a couple of html errors introduced | ||
mod - bug_view_inc.php | Diff File | ||
master-1.2.x c81216ab 2009-07-09 18:27 Paul Richards Committer: dhx Details Diff |
Fix a couple of html errors introduced | ||
mod - bug_view_inc.php | Diff File | ||
master a4d19072 2009-07-09 18:26 Paul Richards Details Diff |
Check if config string is empty before going around preg loop | ||
mod - core/config_api.php | Diff File | ||
master-1.2.x 686bb5ff 2009-07-09 18:26 Paul Richards Committer: dhx Details Diff |
Check if config string is empty before going around preg loop | ||
mod - core/config_api.php | Diff File | ||
master f657c277 2009-07-09 15:39 Paul Richards Details Diff |
Keep Victor happy :) | ||
mod - core/compress_api.php | Diff File | ||
master-1.2.x cfe034d9 2009-07-09 15:39 Paul Richards Committer: dhx Details Diff |
Keep Victor happy :) | ||
mod - core/compress_api.php | Diff File | ||
master a2c44379 2009-07-09 15:35 Paul Richards Details Diff |
compress_html can only be set globally. | ||
mod - config_defaults_inc.php | Diff File |