View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015453 | mantisbt | security | public | 2013-01-31 16:28 | 2014-09-23 18:05 |
Reporter | TomR | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.12 | ||||
Target Version | 1.2.15 | Fixed in Version | 1.2.15 | ||
Summary | 0015453: CVE-2013-1930: Close button is shown on webpage despite 'close' is not a valid status by workflow | ||||
Description | It seems that te 'Close' button does not respect the workflow status. In my opinion the 'Close' button should only be visible ( or active ) when 'close' is a valid status ( by workflow ) | ||||
Tags | No tags attached. | ||||
Attached Files | config_inc.php (76,022 bytes)
<?php # MantisBT - a php based bugtracking system # MantisBT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # MantisBT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * Default Configuration Variables * * This file should not be changed. If you want to override any of the values * defined here, define them in a file called config_inc.php, which will * be loaded after this file. * * In general a value of OFF means the feature is disabled and ON means the * feature is enabled. Any other cases will have an explanation. * * For more details see http://www.mantisbt.org/docs/master-1.2.x/ * * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /****************************** * MantisBT Database Settings * ******************************/ /** * hostname should be either a hostname or connection string to supply to adodb. * For example, if you would like to connect to a database server on the local machine, * set hostname to 'localhost' * If you need to supply a port to connect to, set hostname as 'localhost:3306'. * @global string $g_hostname */ $g_hostname = 'localhost'; /** * User name to use for connecting to the database. The user needs to have read/write access to the MantisBT database. * The default user name is "root". * @global string $g_db_username */ $g_db_username = '<db_usename>'; /** * Password for the specified user name. The default password is empty. * @global string $g_db_password */ $g_db_password = '<password>'; /** * Name of database that contains MantisBT tables. * The default database name is "bugtracker". * @global string $g_database_name */ $g_database_name = '<db>'; /** * path to your installation as seen from the web browser * requires trailing / * @global string $g_path */ $g_path = 'http://<subdomain>.<domain>.nl/'; /************** * Web Server * **************/ /** * Session key name. Should be unique between multiple installations to prevent conflicts. * @global string $g_session_key */ $g_session_key = '<session_key>'; /** * Session save path. If false, uses default value as set by session handler. * @global bool $g_session_save_path */ $g_session_save_path = false; /** * Session validation * WARNING: Disabling this could be a potential security risk!! * @global int $g_session_validation */ $g_session_validation = ON; /** * Form security validation. * This protects against Cross-Site Request Forgery, but some proxy servers may * not correctly work with this option enabled because they cache pages incorrectly. * WARNING: Disabling this IS a security risk!! */ $g_form_security_validation = OFF; /**************************** * Signup and Lost Password * ****************************/ /** * allow users to signup for their own accounts. * Mail settings must be correctly configured in order for this to work * @global int $g_allow_signup */ $g_allow_signup = OFF; /** * Max. attempts to login using a wrong password before lock the account. * When locked, it's required to reset the password (lost password) * Value resets to zero at each successfully login * Set to OFF to disable this control * @global int $g_max_failed_login_count */ $g_max_failed_login_count = 10; /** * String used to generate the confirm_hash for the 'lost password' feature and captcha code for 'signup' * ATTENTION: CHANGE IT TO WHATEVER VALUE YOU PREFER * @global int $g_password_confirm_hash_magic_string * @todo randomize + admin check */ $g_password_confirm_hash_magic_string = '<password_confirm_hash_magic_string>'; /** * Max. simultaneous requests of 'lost password' * When this value is reached, it's no longer possible to request new password reset * Value resets to zero at each successfully login * @global int $g_max_lost_password_in_progress_count */ $g_max_lost_password_in_progress_count = 5; /** * absolute path (with trailing slash!) to folder which contains your TrueType-Font files * used to create the captcha image and since 0.19.3 for the Relationship Graphs * @global string $g_system_font_folder */ $g_system_font_folder = '/usr/share/fonts/bitstream-vera/'; /*************************** * MantisBT Email Settings * ***************************/ /** * the sender name, part of 'From: ' header in emails * @global string $g_from_name */ $g_from_name = '<from_name>'; /** * the return address for bounced mail * @global string $g_return_path_email */ /** * Allow email notification. * Set to ON to enable email notifications, OFF to disable them. Note that * disabling email notifications has no effect on emails generated as part * of the user signup process. When set to OFF, the password reset feature * is disabled. Additionally, notifications of administrators updating * accounts are not sent to users. * @global int $g_enable_email_notification */ $g_enable_email_notification = ON; /** * The following two config options allow you to control who should get email * notifications on different actions/statuses. The first option (default_notify_flags) * sets the default values for different user categories. The user categories * are: * * 'reporter': the reporter of the bug * 'handler': the handler of the bug * 'monitor': users who are monitoring a bug * 'bugnotes': users who have added a bugnote to the bug * 'explicit': users who are explicitly specified by the code based on the action (e.g. user added to monitor list). * 'threshold_max': all users with access <= max * 'threshold_min': ..and with access >= min * * The second config option (notify_flags) sets overrides for specific actions/statuses. * If a user category is not listed for an action, the default from the config * option above is used. The possible actions are: * * 'new': a new bug has been added * 'owner': a bug has been assigned to a new owner * 'reopened': a bug has been reopened * 'deleted': a bug has been deleted * 'updated': a bug has been updated * 'bugnote': a bugnote has been added to a bug * 'sponsor': sponsorship has changed on this bug * 'relation': a relationship has changed on this bug * 'monitor': an issue is monitored. * '<status>': eg: 'resolved', 'closed', 'feedback', 'acknowledged', ...etc. * this list corresponds to $g_status_enum_string * * If you wanted to have all developers get notified of new bugs you might add * the following lines to your config file: * * $g_notify_flags['new']['threshold_min'] = DEVELOPER; * $g_notify_flags['new']['threshold_max'] = DEVELOPER; * * You might want to do something similar so all managers are notified when a * bug is closed. If you didn't want reporters to be notified when a bug is * closed (only when it is resolved) you would use: * * $g_notify_flags['closed']['reporter'] = OFF; * * @global array $g_default_notify_flags */ $g_default_notify_flags = array('reporter' => ON, 'handler' => ON, 'monitor' => ON, 'bugnotes' => ON, 'explicit' => ON, 'threshold_min' => MANAGER, 'threshold_max' => MANAGER); /** * We don't need to send these notifications on new bugs * (see above for info on this config option) * @todo (though I'm not sure they need to be turned off anymore * - there just won't be anyone in those categories) * I guess it serves as an example and a placeholder for this * config option * @see $g_default_notify_flags * @global array $g_notify_flags */ $g_notify_flags['new'] = array('bugnotes' => OFF, 'monitor' => OFF); $g_notify_flags['monitor'] = array( 'reporter' => OFF, 'handler' => OFF, 'monitor' => OFF, 'bugnotes' => OFF, 'explicit' => ON, 'threshold_min' => NOBODY, 'threshold_max' => NOBODY); /** * set to OFF to disable email check * @global int $g_check_mx_record */ $g_check_mx_record = ON; # Not supported on Windows /** * if ON, allow the user to omit an email field * note if you allow users to create their own accounts, they * must specify an email at that point, no matter what the value * of this option is. Otherwise they wouldn't get their passwords. * @global int $g_allow_blank_email */ $g_allow_blank_email = OFF; /** * This specifies the access level that is needed to see realnames on user view page * @global int $g_show_user_realname_threshold */ $g_show_user_realname_threshold = VIEWER; /** * If use_x_priority is set to ON, what should the value be? * Urgent = 1, Not Urgent = 5, Disable = 0 * Note: some MTAs interpret X-Priority = 0 to mean 'Very Urgent' * @global int $g_mail_priority */ $g_mail_priority = 3; /** * select the method to mail by: * PHPMAILER_METHOD_MAIL - mail() * PHPMAILER_METHOD_SENDMAIL - sendmail * PHPMAILER_METHOD_SMTP - SMTP * @global int $g_phpMailer_method */ $g_phpMailer_method = PHPMAILER_METHOD_SMTP; /** * It is recommended to use a cronjob or a scheduler task to send emails. * The cronjob should typically run every 5 minutes. If no cronjob is used, * then user will have to wait for emails to be sent after performing an action * which triggers notifications. This slows user performance. * @global int $g_email_send_using_cronjob */ $g_email_send_using_cronjob = OFF; /** * Specify whether e-mails should be sent with the category set or not. This is tested * with Microsoft Outlook. More testing for this feature + other formats will be added * in the future. * OFF, EMAIL_CATEGORY_PROJECT_CATEGORY (format: [Project] Category) * @global int $g_email_set_category */ $g_email_set_category = ON; /** * email separator and padding * @global string $g_email_separator1 */ $g_email_separator1 = str_pad('', 70, '_'); /** * email separator and padding * @global string $g_email_separator2 */ $g_email_separator2 = str_pad('', 70, '_'); /** * email separator and padding * @global int $g_email_padding_length */ $g_email_padding_length = 28; /*************************** * MantisBT Version String * ***************************/ /****************************** * MantisBT Language Settings * ******************************/ /** * If the language is set to 'auto', the actual * language is determined by the user agent (web browser) * language preference. * @global string $g_default_language */ $g_default_language = 'dutch'; /** * list the choices that the users are allowed to choose * @global array $g_language_choices_arr */ $g_language_choices_arr = array( 'dutch', 'english', ); /** * Browser language mapping for 'auto' language selection * @global array $g_language_auto_map */ $g_language_auto_map = array( 'nl-be, nl' => 'dutch', 'en-us, en-gb, en-au, en' => 'english', ); /** * Fallback for automatic language selection * @global string $g_fallback_language */ $g_fallback_language = 'english'; /***************************** * MantisBT Display Settings * *****************************/ /** * browser window title * @global string $g_window_title */ $g_window_title = '<window_title>'; /** * title at top of html page (empty by default, since there is a logo now) * @global string $g_page_title */ $g_page_title = '<page_title>'; /** * Favicon image * @global string $g_favicon_image */ $g_favicon_image = 'images/favicon.ico'; /** * Logo * @global string $g_logo_image */ $g_logo_image = 'images/<my>_logo.gif'; /** * Logo URL link * @global string $g_logo_url */ $g_logo_url = '%default_home_page%'; /** * Specifies whether to enable support for project documents or not. * This feature is deprecated and is expected to be moved to a plugin * in the future. * @global int $g_enable_project_documentation */ $g_enable_project_documentation = OFF; /** * Define the priority level at which a bug becomes significant. * Significant bugs are displayed with emphasis. Set this value to -1 to * disable the feature. * @global int $g_priority_significant_threshold */ $g_priority_significant_threshold = HIGH; /** * Define the severity level at which a bug becomes significant. * Significant bugs are displayed with emphasis. Set this value to -1 to * disable the feature. * @global int $g_severity_significant_threshold */ $g_severity_significant_threshold = MAJOR; /** * The default columns to be included in the View Issues Page. * This can be overriden using Manage -> Manage Configuration -> Manage Columns * Also each user can configure their own columns using My Account -> Manage Columns * Some of the columns specified here can be removed automatically if they conflict with other configuration. * Or if the current user doesn't have the necessary access level to view them. * For example, sponsorship_total will be removed if sponsorships are disabled. * To include custom field 'xyz', include the column name as 'custom_xyz'. * * Standard Column Names (i.e. names to choose from): * selection, edit, id, project_id, reporter_id, handler_id, priority, reproducibility, projection, eta, * resolution, fixed_in_version, view_state, os, os_build, build (for product build), platform, version, date_submitted, attachment, * category, sponsorship_total, severity, status, last_updated, summary, bugnotes_count, description, * steps_to_reproduce, additional_information * * @global array $g_view_issues_page_columns */ $g_view_issues_page_columns = array ( 'selection', 'edit', 'priority', 'id', 'sponsorship_total', 'bugnotes_count', 'attachment_count', 'date_submitted', 'category_id', 'severity', 'status', 'last_updated', 'view_state', 'summary' ); /** * The default columns to be included in the Print Issues Page. * This can be overriden using Manage -> Manage Configuration -> Manage Columns * Also each user can configure their own columns using My Account -> Manage Columns * @global array $g_print_issues_page_columns */ $g_print_issues_page_columns = array ( 'selection', 'priority', 'id', 'sponsorship_total', 'bugnotes_count', 'attachment_count', 'category_id', 'severity', 'status', 'last_updated', 'summary' ); /** * The default columns to be included in the CSV export. * This can be overriden using Manage -> Manage Configuration -> Manage Columns * Also each user can configure their own columns using My Account -> Manage Columns * @global array $g_csv_columns */ $g_csv_columns = array ( 'id', 'project_id', 'reporter_id', 'handler_id', 'priority', 'severity', 'reproducibility', 'version', 'projection', 'category_id', 'date_submitted', 'eta', 'os', 'os_build', 'platform', 'view_state', 'last_updated', 'summary', 'status', 'resolution', 'fixed_in_version' ); /** * The default columns to be included in the Excel export. * This can be overriden using Manage -> Manage Configuration -> Manage Columns * Also each user can configure their own columns using My Account -> Manage Columns * @global array $g_excel_columns */ $g_excel_columns = array ( 'id', 'project_id', 'reporter_id', 'handler_id', 'priority', 'severity', 'reproducibility', 'version', 'projection', 'category_id', 'date_submitted', 'eta', 'os', 'os_build', 'platform', 'view_state', 'last_updated', 'summary', 'status', 'resolution', 'fixed_in_version' ); /** * show projects when in All Projects mode * @global int $g_show_bug_project_links */ $g_show_bug_project_links = ON; /** * Position of the status colour legend, can be: POSITION_* * see constant_inc.php. (*: TOP , BOTTOM , or BOTH) * @global int $g_status_legend_position */ $g_status_legend_position = STATUS_LEGEND_POSITION_BOTTOM; /** * Show a legend with percentage of bug status * x% of all bugs are new, y% of all bugs are assigned and so on. * If set to ON it will printed below the status colour legend. * @global int $g_status_percentage_legend */ $g_status_percentage_legend = ON; /** * Position of action buttons when viewing issues. * Can be: POSITION_TOP, POSITION_BOTTOM, or POSITION_BOTH. * @global int $g_action_button_position */ $g_action_button_position = POSITION_BOTH; /** * show product versions in create, view and update screens * ON forces display even if none are defined * OFF suppresses display * AUTO suppresses the display if there are no versions defined for the project * @global int $g_show_product_version */ $g_show_product_version = OFF; /** * show users with their real name or not * @global int $g_show_realname */ $g_show_realname = ON; /** * sorting for names in dropdown lists. If turned on, "Jane Doe" will be sorted with the "D"s * @global int $g_sort_by_last_name */ $g_sort_by_last_name = ON; /** * Show user avatar * the current implementation is based on http://www.gravatar.com * users will need to register there the same address used in * this MantisBT installation to have their avatar shown * Please note: upon registration or avatar change, it takes some time for * the updated gravatar images to show on sites * @global int $g_show_avatar */ $g_show_avatar = ON; /** * Only users above this threshold will have their avatar shown * @global int $g_show_avatar_threshold */ $g_show_avatar_threshold = VIEWER; /************************** * MantisBT Time Settings * **************************/ /************************** * MantisBT Date Settings * **************************/ /** * date format strings defaults to ISO 8601 formatting * go to http://www.php.net/manual/en/function.date.php * for detailed instructions on date formatting * @global string $g_short_date_format */ $g_short_date_format = 'd-m-Y'; /** * date format strings defaults to ISO 8601 formatting * go to http://www.php.net/manual/en/function.date.php * for detailed instructions on date formatting * @global string $g_normal_date_format */ $g_normal_date_format = 'd-m-Y H:i'; /** * date format strings defaults to ISO 8601 formatting * go to http://www.php.net/manual/en/function.date.php * for detailed instructions on date formatting * @global string $g_complete_date_format */ $g_complete_date_format = 'd-m-Y H:i T'; /** * jscalendar date format string * go to http://www.php.net/manual/en/function.date.php * for detailed instructions on date formatting * @global string $g_calendar_js_date_format */ $g_calendar_js_date_format = '\%d-\%m-\%Y \%H:\%M'; /** * jscalendar date format string * go to http://www.php.net/manual/en/function.date.php * for detailed instructions on date formatting * @global string $g_calendar_date_format */ $g_calendar_date_format = 'd-m-Y H:i'; /************************** * MantisBT TimeZone Settings * **************************/ /************************** * MantisBT News Settings * **************************/ /******************************** * MantisBT Default Preferences * ********************************/ /** * signup default * look in constant_inc.php for values * @global int $g_default_new_account_access_level */ $g_default_new_account_access_level = REPORTER; /** * Default Bug View Status (VS_PUBLIC or VS_PRIVATE) * @global int $g_default_bug_view_status */ $g_default_bug_view_status = VS_PUBLIC; /** * Default value for steps to reproduce field. * @global string $g_default_bug_steps_to_reproduce */ $g_default_bug_steps_to_reproduce = ''; /** * Default value for addition information field. * @global string $g_default_bug_additional_info */ $g_default_bug_additional_info = ''; /** * Default Bugnote View Status (VS_PUBLIC or VS_PRIVATE) * @global int $g_default_bugnote_view_status */ $g_default_bugnote_view_status = VS_PUBLIC; /** * Default bug resolution when reporting a new bug * @global int $g_default_bug_resolution */ $g_default_bug_resolution = OPEN; /** * Default bug severity when reporting a new bug * @global int $g_default_bug_severity */ $g_default_bug_severity = TRIVIAL; /** * Default bug priority when reporting a new bug * @global int $g_default_bug_priority */ $g_default_bug_priority = NORMAL; /** * Default bug reproducibility when reporting a new bug * @global int $g_default_bug_reproducibility */ $g_default_bug_reproducibility = REPRODUCIBILITY_EMPTY; /** * Default bug projection when reporting a new bug * @global int $g_default_bug_projection */ $g_default_bug_projection = PROJECTION_NONE; /** * Default bug ETA when reporting a new bug * @global int $g_default_bug_eta */ $g_default_bug_eta = ETA_NONE; /** * * @global int $g_default_limit_view */ $g_default_limit_view = 100; /** * * @global int $g_default_show_changed */ $g_default_show_changed = 24; /** * * @global int $g_hide_status_default */ $g_hide_status_default = CLOSED; /** * * @global string $g_show_sticky_issues */ $g_show_sticky_issues = OFF; /** * make sure people aren't refreshing too often * in minutes * @global int $g_min_refresh_delay */ $g_min_refresh_delay = 10; /** * in minutes * @global int $g_default_refresh_delay */ $g_default_refresh_delay = 30; /** * in seconds * @global int $g_default_redirect_delay */ $g_default_redirect_delay = 0; /** * * @global string $g_default_bugnote_order */ $g_default_bugnote_order = 'DESC'; /** * * @global int $g_default_email_on_new */ $g_default_email_on_new = ON; /** * * @global int $g_default_email_on_assigned */ $g_default_email_on_assigned = ON; /** * * @global int $g_default_email_on_feedback */ $g_default_email_on_feedback = ON; /** * * @global int $g_default_email_on_resolved */ $g_default_email_on_resolved = ON; /** * * @global int $g_default_email_on_closed */ $g_default_email_on_closed = ON; /** * * @global int $g_default_email_on_reopened */ $g_default_email_on_reopened = ON; /** * * @global int $g_default_email_on_bugnote */ $g_default_email_on_bugnote = ON; /** * @todo Unused * @global int $g_default_email_on_status */ $g_default_email_on_status = 0; /** * @todo Unused * @global int $g_default_email_on_priority */ $g_default_email_on_priority = 0; /** * 'any' * @global int $g_default_email_on_new_minimum_severity */ $g_default_email_on_new_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_assigned_minimum_severity */ $g_default_email_on_assigned_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_feedback_minimum_severity */ $g_default_email_on_feedback_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_resolved_minimum_severity */ $g_default_email_on_resolved_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_closed_minimum_severity */ $g_default_email_on_closed_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_reopened_minimum_severity */ $g_default_email_on_reopened_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_bugnote_minimum_severity */ $g_default_email_on_bugnote_minimum_severity = OFF; /** * 'any' * @global int $g_default_email_on_status_minimum_severity */ $g_default_email_on_status_minimum_severity = OFF; /** * @todo Unused * @global int $g_default_email_on_priority_minimum_severity */ $g_default_email_on_priority_minimum_severity = OFF; /** * * @global int $g_default_email_bugnote_limit */ $g_default_email_bugnote_limit = 0; /***************************** * MantisBT Summary Settings * *****************************/ /** * how many reporters to show * this is useful when there are hundreds of reporters * @global int $g_reporter_summary_limit */ $g_reporter_summary_limit = 10; /** * summary date displays * date lengths to count bugs by (in days) * @global array $g_date_partitions */ $g_date_partitions = array( 1, 2, 3, 7, 30, 60, 90, 180, 365); /** * shows project '[project] category' when 'All Projects' is selected * otherwise only 'category name' * @global int $g_summary_category_include_project */ $g_summary_category_include_project = ON; /** * threshold for viewing summary * @global int $g_view_summary_threshold */ $g_view_summary_threshold = MANAGER; /** * Define the multipliers which are used to determine the effectiveness * of reporters based on the severity of bugs. Higher multipliers will * result in an increase in reporter effectiveness. * @global array $g_severity_multipliers */ $g_severity_multipliers = array( FEATURE => 1, TRIVIAL => 2, TEXT => 3, TWEAK => 2, MINOR => 5, MAJOR => 8, CRASH => 8, BLOCK => 10 ); /** * Define the resolutions which are used to determine the effectiveness * of reporters based on the resolution of bugs. Higher multipliers will * result in a decrease in reporter effectiveness. The only resolutions * that need to be defined here are those which match or exceed * $g_bug_resolution_not_fixed_threshold. * @global array $g_resolution_multipliers */ $g_resolution_multipliers = array( UNABLE_TO_DUPLICATE => 2, NOT_FIXABLE => 1, DUPLICATE => 3, NOT_A_BUG => 5, SUSPENDED => 1, WONT_FIX => 1 ); /***************************** * MantisBT Bugnote Settings * *****************************/ /** * bugnote ordering * change to ASC or DESC * @global string $g_bugnote_order */ $g_bugnote_order = 'DESC'; /********************************* * MantisBT Bug History Settings * *********************************/ /** * bug history visible by default when you view a bug * change to ON or OFF * @global int $g_history_default_visible */ $g_history_default_visible = ON; /** * bug history ordering * change to ASC or DESC * @global string $g_history_order */ $g_history_order = 'DESC'; /****************************** * MantisBT Reminder Settings * ******************************/ /** * are reminders stored as bugnotes * @global int $g_store_reminders */ $g_store_reminders = ON; /** * Automatically add recipients of reminders to monitor list, if they are not * the handler or the reporter (since they automatically get notified, if required) * If recipients of the reminders are below the monitor threshold, they will not be added. * @global int $g_reminder_recipients_monitor_bug */ $g_reminder_recipients_monitor_bug = ON; /** * Default Reminder View Status (VS_PUBLIC or VS_PRIVATE) * @global int $g_default_reminder_view_status */ $g_default_reminder_view_status = VS_PUBLIC; /** * The minimum access level required to show up in the list of users who can receive a reminder. * The access level is that of the project to which the issue belongs. * @global int $g_reminder_receive_threshold */ $g_reminder_receive_threshold = DEVELOPERCUSTOMER; /********************************* * MantisBT Sponsorship Settings * *********************************/ /** * Whether to enable/disable the whole issue sponsorship feature * @global int $g_enable_sponsorship */ $g_enable_sponsorship = OFF; /** * Currency used for all sponsorships. * @global string $g_sponsorship_currency */ $g_sponsorship_currency = 'EUR(�)'; /** * Access level threshold needed to view the total sponsorship for an issue by all users. * @global int $g_view_sponsorship_total_threshold */ $g_view_sponsorship_total_threshold = VIEWER; /** * Access level threshold needed to view the users sponsoring an issue and the sponsorship * amount for each. * @global int $g_view_sponsorship_details_threshold */ $g_view_sponsorship_details_threshold = VIEWER; /** * Access level threshold needed to allow user to sponsor issues. * @global int $g_sponsor_threshold */ $g_sponsor_threshold = REPORTER; /** * Access level required to be able to handle sponsored issues. * @global int $g_handle_sponsored_bugs_threshold */ $g_handle_sponsored_bugs_threshold = DEVELOPER; /** * Access level required to be able to assign a sponsored issue to a user with access level * greater or equal to 'handle_sponsored_bugs_threshold'. * @global int $g_assign_sponsored_bugs_threshold */ $g_assign_sponsored_bugs_threshold = MANAGER; /** * Minimum sponsorship amount. If the user enters a value less than this, an error will be prompted. * @global int $g_minimum_sponsorship_amount */ $g_minimum_sponsorship_amount = 5; /********************************* * MantisBT File Upload Settings * *********************************/ /** * --- file upload settings -------- * This is the master setting to disable *all* file uploading functionality * * If you want to allow file uploads, you must also make sure that they are * enabled in php. You may need to add 'file_uploads = TRUE' to your php.ini * * See also: $g_upload_project_file_threshold, $g_upload_bug_file_threshold, * $g_allow_reporter_upload * @global int $g_allow_file_upload */ $g_allow_file_upload = ON; /** * Upload destination: specify actual location in project settings * DISK, DATABASE, or FTP. * @global int $g_file_upload_method */ $g_file_upload_method = DISK; /** * When using FTP or DISK for storing uploaded files, this setting control * the access permissions they will have on the web server: with the default * value (0400) files will be read-only, and accessible only by the user * running the apache process (probably "apache" in Linux and "Administrator" * in Windows). * For more details on unix style permissions: * http://www.perlfect.com/articles/chmod.shtml * @global int $g_attachments_file_permissions */ $g_attachments_file_permissions = 0400; /** * Maximum file size that can be uploaded * Also check your PHP settings (default is usually 2MBs) * @global int $g_max_file_size */ $g_max_file_size = 8192000; /** * Files that are allowed or not allowed. Separate items by commas. * eg. 'php,html,java,exe,pl' * if $g_allowed_files is filled in NO other file types will be allowed. * $g_disallowed_files takes precedence over $g_allowed_files * @global string $g_allowed_files */ $g_allowed_files = ''; /** * * @global string $g_disallowed_files */ $g_disallowed_files = 'class,exe,pl'; /** * prefix to be used for the file system names of files uploaded to projects. * Eg: doc-001-myprojdoc.zip * @global string $g_document_files_prefix */ $g_document_files_prefix = 'doc'; /** * absolute path to the default upload folder. Requires trailing / or \ * @global string $g_absolute_path_default_upload_folder */ $g_absolute_path_default_upload_folder = '<absolute_path_default_upload_folder>'; /************************** * MantisBT HTML Settings * **************************/ /** * These are the valid html tags for multi-line fields (e.g. description) * do NOT include href or img tags here * do NOT include tags that have parameters (eg. <font face="arial">) * @global string $g_html_valid_tags */ $g_html_valid_tags = 'p, li, ul, ol, br, pre, i, b, u, em, del'; /************************ * MantisBT HR Settings * ************************/ /************************** * MantisBT LDAP Settings * **************************/ /******************* * Status Settings * *******************/ /** * Status to assign to the bug when submitted. * @global int $g_bug_submit_status */ $g_bug_submit_status = NEW_; /** * Status to assign to the bug when assigned. * @global int $g_bug_assigned_status */ $g_bug_assigned_status = ASSIGNED; /** * Status to assign to the bug when reopened. * @global int $g_bug_reopen_status */ $g_bug_reopen_status = NORESOLVED; /** * Status to assign to the bug when feedback is required from the issue reporter. * Once the reporter adds a note the status moves back from feedback to $g_bug_assigned_status * or $g_bug_submit_status. * @global int $g_bug_feedback_status */ $g_bug_feedback_status = FEEDBACK; /** * When a note is added to a bug currently in $g_bug_feedback_status, and the note * author is the bug's reporter, this option will automatically set the bug status * to $g_bug_submit_status or $g_bug_assigned_status if the bug is assigned to a * developer. Defaults to enabled. * @global boolean $g_reassign_on_feedback */ $g_reassign_on_feedback = OFF; /** * Resolution to assign to the bug when reopened. * @global int $g_bug_reopen_resolution */ $g_bug_reopen_resolution = REOPENED; /** * Bug becomes readonly if its status is >= this status. The bug becomes read/write again if re-opened and its * status becomes less than this threshold. * @global int $g_bug_readonly_status_threshold */ $g_bug_readonly_status_threshold = CLOSED; /** * Bug is resolved, ready to be closed or reopened. In some custom installations a bug * may be considered as resolved when it is moved to a custom (FIXED or TESTED) status. * @global int $g_bug_resolved_status_threshold */ $g_bug_resolved_status_threshold = RESOLVED; /** * Threshold resolution which denotes that a bug has been resolved and * successfully fixed by developers. Resolutions above this threshold * and below $g_bug_resolution_not_fixed_threshold are considered to be * resolved successfully. * @global int $g_bug_resolution_fixed_threshold */ $g_bug_resolution_fixed_threshold = FIXED; /** * Threshold resolution which denotes that a bug has been resolved without * being successfully fixed by developers. Resolutions above this * threshold are considered to be resolved in an unsuccessful way. * @global int $g_bug_resolution_not_fixed_threshold */ $g_bug_resolution_not_fixed_threshold = WONT_FIX; /** * Bug is closed. In some custom installations a bug may be considered as closed when * it is moved to a custom (COMPLETED or IMPLEMENTED) status. * @global int $g_bug_closed_status_threshold */ $g_bug_closed_status_threshold = CLOSED; /** * Automatically set status to ASSIGNED whenever a bug is assigned to a person. * This is useful for installations where assigned status is to be used when * the bug is in progress, rather than just put in a person's queue. * @global int $g_auto_set_status_to_assigned */ $g_auto_set_status_to_assigned = ON; /** * 'status_enum_workflow' defines the workflow, and reflects a simple * 2-dimensional matrix. For each existing status, you define which * statuses you can go to from that status, e.g. from NEW_ you might list statuses * '10:new,20:feedback,30:acknowledged' but not higher ones. * The following example can be transferred to config_inc.php * $g_status_enum_workflow[NEW_]='20:feedback,30:acknowledged,40:confirmed,50:assigned,80:resolved'; * $g_status_enum_workflow[FEEDBACK] ='10:new,30:acknowledged,40:confirmed,50:assigned,80:resolved'; * $g_status_enum_workflow[ACKNOWLEDGED] ='20:feedback,40:confirmed,50:assigned,80:resolved'; * $g_status_enum_workflow[CONFIRMED] ='20:feedback,50:assigned,80:resolved'; * $g_status_enum_workflow[ASSIGNED] ='20:feedback,80:resolved,90:closed'; * $g_status_enum_workflow[RESOLVED] ='50:assigned,90:closed'; * $g_status_enum_workflow[CLOSED] ='50:assigned'; * @global array $g_status_enum_workflow */ $g_status_enum_workflow = array(); /**************************** * Bug Attachments Settings * ****************************/ /** * Specifies the maximum width for the auto-preview feature. If no maximum width should be imposed * then it should be set to 0. * @global int $g_preview_max_width */ $g_preview_max_width = 800; /** * Specifies the maximum height for the auto-preview feature. If no maximum height should be imposed * then it should be set to 0. * @global int $g_preview_max_height */ $g_preview_max_height = 600; /** * Show an attachment indicator on bug list * Show a clickable attachment indicator on the bug * list page if the bug has one or more files attached. * Note: This option is disabled by default since it adds * 1 database query per bug listed and thus might slow * down the page display. * * @global int $g_show_attachment_indicator */ $g_show_attachment_indicator = ON; /** * access level needed to delete bug attachments * @global int $g_delete_attachments_threshold */ $g_delete_attachments_threshold = DEVELOPERCUSTOMER; /** * allow users to delete attachments uploaded by themselves even if their access * level is below delete_attachments_threshold. * @global int $g_allow_delete_own_attachments */ $g_allow_delete_own_attachments = ON; /********************** * Field Visibility **********************/ /** * Enable or disable usage of the ETA field. * @global int $g_enable_eta */ $g_enable_eta = OFF; /** * Enable or disable usage of the Projection field. * @global int $g_enable_projection */ $g_enable_projection = OFF; /** * Enable or disable usage of the Product Build field. * @global int $g_enable_product_build */ $g_enable_product_build = OFF; /** * An array of the fields to show on the bug report page. * * The following fields can not be included: * id, project, date_submitted, last_updated, status, * resolution, tags, fixed_in_version, projection, eta, * reporter. * * The following fields must be included: * category_id, summary, description. * * To overload this setting per project, then the settings must be included in the database through * the generic configuration form. * * @global array $g_bug_report_page_fields */ $g_bug_report_page_fields = array( 'category_id', 'view_state', 'handler', 'priority', 'severity', 'summary', 'description', 'attachments', ); /** * An array of the fields to show on the bug view page. * * To overload this setting per project, then the settings must be included in the database through * the generic configuration form. * * @global array $g_bug_view_page_fields */ $g_bug_view_page_fields = array ( 'id', 'project', 'category_id', 'view_state', 'date_submitted', 'last_updated', 'reporter', 'handler', 'priority', 'severity', 'status', 'resolution', 'summary', 'description', 'tags', 'attachments', ); /** * An array of the fields to show on the bug print page. * @global array $g_bug_print_page_fields */ $g_bug_print_page_fields = array ( 'id', 'project', 'category_id', 'view_state', 'date_submitted', 'last_updated', 'reporter', 'handler', 'priority', 'severity', 'status', 'resolution', 'summary', 'description', 'tags', 'attachments', ); /** * An array of the fields to show on the bug update page. * * To overload this setting per project, then the settings must be included in the database through * the generic configuration form. * * @global array $g_bug_update_page_fields */ $g_bug_update_page_fields = array ( 'id', 'project', 'category_id', 'view_state', 'date_submitted', 'last_updated', 'reporter', 'handler', 'priority', 'severity', 'status', 'resolution', 'summary', 'description', 'attachments', ); /** * An array of the fields to show on the bug change status page. * * To overload this setting per project, then the settings must be included in the database through * the generic configuration form. * * @global array $g_bug_change_status_page_fields */ $g_bug_change_status_page_fields = array ( 'id', 'project', 'category_id', 'view_state', 'date_submitted', 'last_updated', 'reporter', 'handler', 'priority', 'severity', 'status', 'resolution', 'summary', 'description', 'tags', 'attachments', ); /************************** * MantisBT Misc Settings * **************************/ /** * access level needed to report a bug * @global int $g_report_bug_threshold */ $g_report_bug_threshold = REPORTER; /** * access level needed to update bugs (i.e., the update_bug_page) * This controls whether the user sees the "Update Bug" button in bug_view*_page * and the pencil icon in view_all_bug_page * @global int $g_update_bug_threshold */ $g_update_bug_threshold = UPDATER; /** * Access level needed to monitor bugs. * Look in the constant_inc.php file if you want to set a different value. * @global int $g_monitor_bug_threshold */ $g_monitor_bug_threshold = REPORTER; /** * Access level needed to add other users to the list of users monitoring * a bug. * Look in the constant_inc.php file if you want to set a different value. * @global int $g_monitor_add_others_bug_threshold */ $g_monitor_add_others_bug_threshold = DEVELOPERCUSTOMER; /** * Access level needed to delete other users from the list of users * monitoring a bug. * Look in the constant_inc.php file if you want to set a different value. * @global int $g_monitor_add_others_bug_threshold */ $g_monitor_delete_others_bug_threshold = DEVELOPERCUSTOMER; /** * access level needed to view private bugs * Look in the constant_inc.php file if you want to set a different value * @global int $g_private_bug_threshold */ $g_private_bug_threshold = DEVELOPER; /** * access level needed to be able to be listed in the assign to field. * @global int $g_handle_bug_threshold */ $g_handle_bug_threshold = DEVELOPER; /** * access level needed to show the Assign To: button bug_view*_page or * the Assigned list in bug_update*_page. * This allows control over who can route bugs * This defaults to $g_handle_bug_threshold * @global int $g_update_bug_assign_threshold */ $g_update_bug_assign_threshold = '%handle_bug_threshold%'; /** * access level needed to view private bugnotes * Look in the constant_inc.php file if you want to set a different value * @global int $g_private_bugnote_threshold */ $g_private_bugnote_threshold = DEVELOPER; /** * access level needed to view handler in bug reports and notification email * @todo yarick123: now it is implemented for notification email only * @global int $g_view_handler_threshold */ $g_view_handler_threshold = VIEWER; /** * access level needed to view history in bug reports and notification email * @todo yarick123: now it is implemented for notification email only * @global int $g_view_history_threshold */ $g_view_history_threshold = DEVELOPERCUSTOMER; /** * access level needed to send a reminder from the bug view pages * set to NOBODY to disable the feature * @global int $g_bug_reminder_threshold */ $g_bug_reminder_threshold = DEVELOPER; /** * Access lever required to drop bug history revisions * @global int $g_bug_revision_drop_threshold */ $g_bug_revision_drop_threshold = MANAGER; /** * access level needed to upload files to the project documentation section * You can set this to NOBODY to prevent uploads to projects * See also: $g_upload_bug_file_threshold, $g_allow_file_upload * @global int $g_upload_project_file_threshold */ $g_upload_project_file_threshold = MANAGER; /** * access level needed to upload files to attach to a bug * You can set this to NOBODY to prevent uploads to bugs but note that * the reporter of the bug will still be able to upload unless you set * $g_allow_reporter_upload or $g_allow_file_upload to OFF * See also: $g_upload_project_file_threshold, $g_allow_file_upload, * $g_allow_reporter_upload * @global int $g_upload_bug_file_threshold */ $g_upload_bug_file_threshold = REPORTER; /** * Add bugnote threshold * @global int $g_add_bugnote_threshold */ $g_add_bugnote_threshold = REPORTER; /** * Update bugnote threshold (if the bugnote is not your own) * @global int $g_update_bugnote_threshold */ $g_update_bugnote_threshold = DEVELOPER; /** * Threshold needed to view project documentation * @global int $g_view_proj_doc_threshold */ $g_view_proj_doc_threshold = ANYBODY; /** * Site manager * @global int $g_manage_site_threshold */ $g_manage_site_threshold = MANAGER; /** * Threshold at which a user is considered to be a site administrator. * These users have "superuser" access to all aspects of Mantis including * the admin/ directory. WARNING: DO NOT CHANGE THIS VALUE UNLESS YOU * ABSOLUTELY KNOW WHAT YOU'RE DOING! Users at this access level have the * ability to damage your Mantis installation and data within the database. * It is strongly advised you leave this option alone. * @global int $g_admin_site_threshold */ $g_admin_site_threshold = ADMINISTRATOR; /** * Threshold needed to manage a project: edit project * details (not to add/delete projects) ...etc. * @global int $g_manage_project_threshold */ $g_manage_project_threshold = MANAGER; /** * Threshold needed to add/delete/modify news * @global int $g_manage_news_threshold */ $g_manage_news_threshold = MANAGER; /** * Threshold required to delete a project * @global int $g_delete_project_threshold */ $g_delete_project_threshold = ADMINISTRATOR; /** * Threshold needed to create a new project * @global int $g_create_project_threshold */ $g_create_project_threshold = ADMINISTRATOR; /** * Threshold needed to be automatically included in private projects * @global int $g_private_project_threshold */ $g_private_project_threshold = ADMINISTRATOR; /** * Threshold needed to manage user access to a project * @global int $g_project_user_threshold */ $g_project_user_threshold = MANAGER; /** * Threshold needed to manage user accounts * @global int $g_manage_user_threshold */ $g_manage_user_threshold = ADMINISTRATOR; /** * Delete bug threshold * @global int $g_delete_bug_threshold */ $g_delete_bug_threshold = DEVELOPER; /** * Delete bugnote threshold * @global string $g_delete_bugnote_threshold */ $g_delete_bugnote_threshold = '%delete_bug_threshold%'; /** * Are users allowed to change and delete their own bugnotes? * @global int $g_bugnote_allow_user_edit_delete */ $g_bugnote_allow_user_edit_delete = ON; /** * Move bug threshold * @global int $g_move_bug_threshold */ $g_move_bug_threshold = DEVELOPER; /** * Threshold needed to set the view status while reporting a bug or a bug note. * @global int $g_set_view_status_threshold */ $g_set_view_status_threshold = REPORTER; /** * Threshold needed to update the view status while updating a bug or a bug note. * This threshold should be greater or equal to $g_set_view_status_threshold. * @global int $g_change_view_status_threshold */ $g_change_view_status_threshold = UPDATER; /** * Threshold needed to show the list of users montoring a bug on the bug view pages. * @global int $g_show_monitor_list_threshold */ $g_show_monitor_list_threshold = DEVELOPER; /** * Threshold needed to be able to use stored queries * @global int $g_stored_query_use_threshold */ $g_stored_query_use_threshold = REPORTER; /** * Threshold needed to be able to create stored queries * @global int $g_stored_query_create_threshold */ $g_stored_query_create_threshold = DEVELOPERCUSTOMER; /** * Threshold needed to be able to create shared stored queries * @global int $g_stored_query_create_shared_threshold */ $g_stored_query_create_shared_threshold = MANAGER; /** * Threshold needed to update readonly bugs. Readonly bugs are identified via * $g_bug_readonly_status_threshold. * @global int $g_update_readonly_bug_threshold */ $g_update_readonly_bug_threshold = MANAGER; /** * threshold for viewing changelog * @global int $g_view_changelog_threshold */ $g_view_changelog_threshold = NOBODY; /** * threshold for viewing roadmap * @global int $g_roadmap_view_threshold */ $g_roadmap_view_threshold = NOBODY; /** * threshold for updating roadmap, target_version, etc * @global int $g_roadmap_update_threshold */ $g_roadmap_update_threshold = DEVELOPER; /** * status change thresholds * @global int $g_update_bug_status_threshold */ $g_update_bug_status_threshold = DEVELOPER; /** * access level needed to re-open bugs * @global int $g_reopen_bug_threshold */ $g_reopen_bug_threshold = DEVELOPER; /** * access level needed to assign bugs to unreleased product versions * @global int $g_report_issues_for_unreleased_versions_threshold */ $g_report_issues_for_unreleased_versions_threshold = DEVELOPER; /** * access level needed to set a bug sticky * @global int $g_set_bug_sticky_threshold */ $g_set_bug_sticky_threshold = NOBODY; /** * The minimum access level for someone to be a member of the development team * and appear on the project information page. * @global int $g_development_team_threshold */ $g_development_team_threshold = DEVELOPER; /** * this array sets the access thresholds needed to enter each status listed. * if a status is not listed, it falls back to $g_update_bug_status_threshold * example: $g_set_status_threshold = array( ACKNOWLEDGED => MANAGER, CONFIRMED => DEVELOPER, CLOSED => MANAGER ); * @global array $g_set_status_threshold */ $g_set_status_threshold = array(); /** * Allow a bug to have no category * @global int $g_allow_no_category */ $g_allow_no_category = ON; /** * login method * CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH * You can simply change this at will. MantisBT will try to figure out how the passwords were encrypted. * @global int $g_login_method */ $g_login_method = MD5; /** * limit reporters * Set to ON if you wish to limit reporters to only viewing bugs that they report. * @global int $g_limit_reporters */ $g_limit_reporters = OFF; /** * close immediately * Allow developers and above to close bugs immediately when resolving bugs * @global int $g_allow_close_immediately */ $g_allow_close_immediately = OFF; /** * reporter can close * Allow reporters to close the bugs they reported, after they're marked resolved. * @global int $g_allow_reporter_close */ $g_allow_reporter_close = OFF; /** * reporter can reopen * Allow reporters to reopen the bugs they reported, after they're marked resolved. * @global int $g_allow_reporter_reopen */ $g_allow_reporter_reopen = ON; /** * reporter can upload * Allow reporters to upload attachments to bugs they reported. * @global int $g_allow_reporter_upload */ $g_allow_reporter_upload = ON; /** * account delete * Allow users to delete their own accounts * @global int $g_allow_account_delete */ $g_allow_account_delete = OFF; /** * Enable anonymous access to Mantis. You must also specify * $g_anonymous_account as the account which anonymous users will browse * Mantis with. The default setting is OFF. * @global int $g_allow_anonymous_login */ $g_allow_anonymous_login = OFF; /** * Define the account which anonymous users will assume when using Mantis. * You only need to define this setting when $g_allow_anonymous_login is * set to ON. This account will always be treated as a protected account * and thus anonymous users will not be able to update the preferences or * settings of this account. It is suggested that the access level of this * account have read only access to your Mantis installation (VIEWER). * Please read the documentation on this topic before setting up anonymous * access to your Mantis installation. * @global string $g_anonymous_account */ $g_anonymous_account = ''; /** * Bug Linking * if a number follows this tag it will create a link to a bug. * eg. for # a link would be #45 * eg. for bug: a link would be bug:98 * @global string $g_bug_link_tag */ $g_bug_link_tag = '#'; /** * Bugnote Linking * if a number follows this tag it will create a link to a bugnote. * eg. for ~ a link would be ~45 * eg. for bugnote: a link would be bugnote:98 * @global string $g_bugnote_link_tag */ $g_bugnote_link_tag = '~'; /** * Bug Count Linking * this is the prefix to use when creating links to bug views from bug counts (eg. on the main * page and the summary page). * Default is a temporary filter * only change the filter this time - 'view_all_set.php?type=1&temporary=y' * permanently change the filter - 'view_all_set.php?type=1'; * @global string $g_bug_count_hyperlink_prefix */ $g_bug_count_hyperlink_prefix = 'view_all_set.php?type=1&temporary=y'; /** * The regular expression to use when validating new user login names * The default regular expression allows a-z, A-Z, 0-9, +, -, dot, space and * underscore. If you change this, you may want to update the * ERROR_USER_NAME_INVALID string in the language files to explain * the rules you are using on your site * See http://en.wikipedia.org/wiki/Regular_Expression for more details about regular expressions. * For testing regular expressions, use http://rubular.com/. * @global string $g_user_login_valid_regex */ $g_user_login_valid_regex = '/^([a-z\d\-.+_ ]+(@[a-z\d\-.]+\.[a-z]{2,4})?)$/i'; /** * Default user name prefix used to filter the list of users in * manage_user_page.php. Change this to 'A' (or any other * letter) if you have a lot of users in the system and loading * the manage users page takes a long time. * @global string $g_default_manage_user_prefix */ $g_default_manage_user_prefix = 'ALL'; /** * Default tag prefix used to filter the list of tags in * manage_tags_page.php. Change this to 'A' (or any other * letter) if you have a lot of tags in the system and loading * the manage tags page takes a long time. * @global string $g_default_manage_tag_prefix */ $g_default_manage_tag_prefix = 'ALL'; /** * CSV Export * Set the csv separator * @global string $g_csv_separator */ $g_csv_separator = ','; /** * threshold for users to view the system configurations * @global int $g_view_configuration_threshold */ $g_view_configuration_threshold = ADMINISTRATOR; /** * threshold for users to set the system configurations generically via MantisBT web interface. * WARNING: Users who have access to set configuration via the interface MUST be trusted. This is due * to the fact that such users can set configurations to PHP code and hence there can be a security * risk if such users are not trusted. * @global int $g_set_configuration_threshold */ $g_set_configuration_threshold = ADMINISTRATOR; /************************************ * MantisBT Look and Feel Variables * ************************************/ /** * status color codes, using the Tango color palette * @global array $g_status_colors */ $g_status_colors = array( 'new' => '#ffa0a0', // red (scarlet red #ef2929) 'noresolved' => '#ef2929', 'feedback' => '#ffffcc', // purple (plum #75507b) 'acknowledged' => '#ffd850', // orange (orango #f57900) 'confirmed' => '#ffffb0', // yellow (butter #fce94f) 'assigned' => '#c8c8ff', // blue (sky blue #729fcf) 'hold' => '#729fcf', // blue (sky blue #729fcf) 'resolved' => '#cceedd', // green (chameleon #8ae234) 'closed' => '#e8e8e8'); // grey (aluminum #babdb6) /** * The padding level when displaying project ids * The bug id will be padded with 0's up to the size given * @global int $g_display_project_padding */ $g_display_project_padding = 2; /** * The padding level when displaying bug ids * The bug id will be padded with 0's up to the size given * @global int $g_display_bug_padding */ $g_display_bug_padding = 5; /** * The padding level when displaying bugnote ids * The bugnote id will be padded with 0's up to the size given * @global int $g_display_bugnote_padding */ $g_display_bugnote_padding = 5; /***************************** * MantisBT Cookie Variables * *****************************/ /** * --- cookie prefix --------------- * set this to a unique identifier. No spaces. * @global string $g_cookie_prefix */ $g_cookie_prefix = '<cookie_prefix>'; /***************************** * MantisBT Filter Variables * *****************************/ /** * The threshold required for users to be able to create permalinks. To turn of this feature use NOBODY. * @global int $g_create_permalink_threshold */ $g_create_permalink_threshold = NOBODY; /************************************* * MantisBT Database Table Variables * *************************************/ /************************* * MantisBT Enum Strings * *************************/ /** * status from $g_status_index-1 to 79 are used for the onboard customization (if enabled) * directly use MantisBT to edit them. * @global string $g_access_levels_enum_string */ $g_access_levels_enum_string = '10:viewer,25:reporter,40:updater,45:developercustomer,46:updatercustomer,55:developer,65:pmcustomer,70:manager,90:administrator'; /** * * @global string $g_project_status_enum_string */ $g_project_status_enum_string = '10:development,30:release,50:stable,70:obsolete'; /** * * @global string $g_project_view_state_enum_string */ $g_project_view_state_enum_string = '10:public,50:private'; /** * * @global string $g_view_state_enum_string */ $g_view_state_enum_string = '10:public,50:private'; /** * * @global string $g_priority_enum_string */ $g_priority_enum_string = '10:none,20:low,30:normal,40:high,50:urgent'; /** * * @global string $g_severity_enum_string */ $g_severity_enum_string = '20:AKTIE,30:PRD'; /** * * @global string $g_reproducibility_enum_string */ $g_reproducibility_enum_string = '1:empty,3:planning,5:draft fo,10:draft to,15:plan,20:develop,30:draft procedure,50:draft flows,70:draft workinstructions,80:install,90:test,100:training'; /** * * @global string $g_status_enum_string */ $g_status_enum_string = '10:new,15:noresolved,30:acknowledged,40:confirmed,50:assigned,60:hold,80:resolved,90:closed'; /** * @@@ for documentation, the values in this list are also used to define variables in the language files * (e.g., $s_new_bug_title referenced in bug_change_status_page.php ) * Embedded spaces are converted to underscores (e.g., "working on" references $s_working_on_bug_title). * they are also expected to be english names for the states * @global string $g_resolution_enum_string */ $g_resolution_enum_string = '10:open,20:fixed,30:reopened,60:duplicate,90:wont fix'; /** * * @global string $g_projection_enum_string */ $g_projection_enum_string = '10:none,30:tweak,50:minor fix,70:major rework,90:redesign'; /** * * @global string $g_eta_enum_string */ $g_eta_enum_string = '10:none,20:< 1 day,30:2-3 days,40:< 1 week,50:< 1 month,60:> 1 month'; /** * * @global string $g_sponsorship_enum_string */ $g_sponsorship_enum_string = '0:Unpaid,1:Requested,2:Paid'; /** * * @global string $g_custom_field_type_enum_string */ $g_custom_field_type_enum_string = '0:string,1:numeric,2:float,3:enum,4:email,5:checkbox,6:list,7:multiselection list,8:date,9:radio'; /********************************* * MantisBT Javascript Variables * *********************************/ /******************************* * MantisBT Speed Optimisation * *******************************/ /** * Use compression of generated html if browser supports it * If you already have compression enabled in your php.ini file * (either with zlib.output_compression or * output_handler=ob_gzhandler) this option will be ignored. * * If you do not have zlib enabled in your PHP installation * this option will also be ignored. PHP 4.3.0 and later have * zlib included by default. Windows users should uncomment * the appropriate line in their php.ini files to load * the zlib DLL. You can check what extensions are loaded * by running "php -m" at the command line (look for 'zlib') * @global int $g_compress_html */ $g_compress_html = ON; /** * Use persistent database connections * @global int $g_use_persistent_connections */ $g_use_persistent_connections = OFF; /***************** * Include files * *****************/ /** * Specify your top/bottom include file (logos, banners, etc) * @global string $g_bottom_include_page */ $g_bottom_include_page = '%absolute_path%'; /** * Specify your top/bottom include file (logos, banners, etc) * if a top file is supplied, the default MantisBT logo at the top will be hidden * @global string $g_top_include_page */ $g_top_include_page = '%absolute_path%'; /** * CSS file * @global string $g_css_include_file */ $g_css_include_file = 'css/default.css'; /** * RTL CSS file * @global string $g_css_rtl_include_file */ $g_css_rtl_include_file = 'css/rtl.css'; /** * meta tags * @global string $g_meta_include_file */ $g_meta_include_file = '%absolute_path%meta_inc.php'; /**************** * Redirections * ****************/ /** * Default page after Login or Set Project * @global string $g_default_home_page */ $g_default_home_page = 'view_all_bug_page.php'; /*********** * Headers * ***********/ /** * Browser Caching Control * By default, we try to prevent the browser from caching anything. These two settings * will defeat this for some cases. * * Browser Page caching - This will allow the browser to cache all pages. The upside will * be better performance, but there may be cases where obsolete information is displayed. * Note that this will be bypassed (and caching is allowed) for the bug report pages. * * @global int $g_allow_browser_cache */ // $g_allow_browser_cache = ON; /** * File caching - This will allow the browser to cache downloaded files. Without this set, * there may be issues with IE receiving files, and launching support programs. * @global int $g_allow_file_cache */ // $g_allow_file_cache = ON; /***************** * Custom Fields * *****************/ /**************** * Custom Menus * ****************/ /******************** * My View Settings * ********************/ /** * Number of bugs shown in each box * @global int $g_my_view_bug_count */ $g_my_view_bug_count = 10; /** * Boxes to be shown and their order * A box that is not to be shown can have its value set to 0 * @global array $g_my_view_boxes */ $g_my_view_boxes = array ( 'assigned' => '1', 'unassigned' => '7', 'reported' => '3', 'resolved' => '5', 'recent_mod' => '2', 'monitored' => '4', 'feedback' => '0', 'verify' => '8', 'my_comments' => '6' ); /** * Toggle whether 'My View' boxes are shown in a fixed position (i.e. adjacent boxes start at the same vertical position) * @global int $g_my_view_boxes_fixed_position */ $g_my_view_boxes_fixed_position = ON; /************* * RSS Feeds * *************/ /** * This flag enables or disables RSS syndication. In the case where RSS syndication is not used, * it is recommended to set it to OFF. * @global int $g_rss_enabled */ $g_rss_enabled = OFF; /** * This seed is used as part of the inputs for calculating the authentication key for the RSS feeds. * If this seed changes, all the existing keys for the RSS feeds will become invalid. This is * defaulted to the database user name, but it is recommended to overwrite it with a specific value * on installation. * @global string $g_rss_key_seed */ $g_rss_key_seed = '%db_username%'; /********************* * Bug Relationships * *********************/ /** * Enable relationship graphs support. * Show issue relationships using graphs. * * In order to use this feature, you must first install either GraphViz * (all OSs except Windows) or WinGraphviz (only Windows). * * Graphviz homepage: http://www.research.att.com/sw/tools/graphviz/ * WinGraphviz homepage: http://home.so-net.net.tw/oodtsen/wingraphviz/ * * Refer to the notes near the top of core/graphviz_api.php and * core/relationship_graph_api.php for more information. * @global int $g_relationship_graph_enable */ $g_relationship_graph_enable = ON; /** * Font name and size, as required by Graphviz. If Graphviz fails to run * for you, you are probably using a font name that gd can't find. On * Linux, try the name of the font file without the extension. * @global string $g_relationship_graph_fontname */ $g_relationship_graph_fontname = 'Arial'; /** * * @global int $g_relationship_graph_fontsize */ $g_relationship_graph_fontsize = 8; /** * Default dependency orientation. If you have issues with lots of childs * or parents, leave as 'horizontal', otherwise, if you have lots of * "chained" issue dependencies, change to 'vertical'. * @global string $g_relationship_graph_orientation */ $g_relationship_graph_orientation = 'horizontal'; /** * Max depth for relation graphs. This only affects relation graphs, * dependency graphs are drawn to the full depth. A value of 3 is already * enough to show issues really unrelated to the one you are currently * viewing. * @global int $g_relationship_graph_max_depth */ $g_relationship_graph_max_depth = 3; /** * If set to ON, clicking on an issue on the relationship graph will open * the bug view page for that issue, otherwise, will navigate to the * relationship graph for that issue. * * @global int $g_relationship_graph_view_on_click */ $g_relationship_graph_view_on_click = ON; /** * Complete path to dot and neato tools. Your webserver must have execute * permission to these programs in order to generate relationship graphs. * NOTE: These are meaningless under Windows! Just ignore them! * @global string $g_dot_tool */ $g_dot_tool = '/usr/bin/dot'; /** * Complete path to dot and neato tools. Your webserver must have execute * permission to these programs in order to generate relationship graphs. * NOTE: These are meaningless under Windows! Just ignore them! * @global string $g_neato_tool */ $g_neato_tool = '/usr/bin/neato'; /** * Number of years in the past that custom date fields will display in * drop down boxes. * @global int $g_backward_year_count */ $g_backward_year_count = 4; /** * Number of years in the future that custom date fields will display in * drop down boxes. * @global int $g_forward_year_count */ $g_forward_year_count = 4; /** * Custom Group Actions * * This extensibility model allows developing new group custom actions. This * can be implemented with a totally custom form and action pages or with a * pre-implemented form and action page and call-outs to some functions. These * functions are to be implemented in a predefined file whose name is based on * the action name. For example, for an action to add a note, the action would * be EXT_ADD_NOTE and the file implementing it would be bug_actiongroup_add_note_inc.php. * See implementation of this file for details. * * Sample: * * array( * array( 'action' => 'my_custom_action', * 'label' => 'my_label', // string to be passed to lang_get_defaulted() * 'form_page' => 'my_custom_action_page.php', * 'action_page' => 'my_custom_action.php' * ) * array( 'action' => 'my_custom_action2', * 'form_page' => 'my_custom_action2_page.php', * 'action_page' => 'my_custom_action2.php' * ) * array( 'action' => 'EXT_ADD_NOTE', // you need to implement bug_actiongroup_<action_without_'EXT_')_inc.php * 'label' => 'actiongroup_menu_add_note' // see strings_english.txt for this label * ) * ); * @global array $g_custom_group_actions */ $g_custom_group_actions = array(); /******************** * Wiki Integration * ********************/ /******************** * Recently Visited * ********************/ /** * Whether to show the most recently visited issues or not. At the moment we always track them even if this flag is off. * @global int $g_recently_visited */ $g_recently_visited = ON; /** * The maximum number of issues to keep in the recently visited list. * @global int $g_recently_visited_count */ $g_recently_visited_count = 5; /*************** * Bug Tagging * ***************/ /** * String that will separate tags as entered for input * @global int $g_tag_separator */ $g_tag_separator = ','; /** * Access level required to view tags attached to a bug * @global int $g_tag_view_threshold */ $g_tag_view_threshold = VIEWER; /** * Access level required to attach tags to a bug * @global int $g_tag_attach_threshold */ $g_tag_attach_threshold = REPORTER; /** * Access level required to detach tags from a bug * @global int $g_tag_detach_threshold */ $g_tag_detach_threshold = DEVELOPER; /** * Access level required to detach tags attached by the same user * @global int $g_tag_detach_own_threshold */ $g_tag_detach_own_threshold = REPORTER; /** * Access level required to create new tags * @global int $g_tag_create_threshold */ $g_tag_create_threshold = REPORTER; /** * Access level required to edit tag names and descriptions * @global int $g_tag_edit_threshold */ $g_tag_edit_threshold = DEVELOPER; /** * Access level required to edit descriptions by the creating user * @global int $g_tag_edit_own_threshold */ $g_tag_edit_own_threshold = REPORTER; /***************** * Time tracking * *****************/ /**************************** * Profile Related Settings * ****************************/ /** * Enable Profiles * @global int $g_enable_profiles */ $g_enable_profiles = OFF; /******************** * Twitter Settings * ********************/ /***************** * Plugin System * *****************/ /************ * Due Date * ************/ /** * threshold to update due date submitted * @global int $g_due_date_update_threshold */ $g_due_date_update_threshold = NOBODY; /** * threshold to see due date * @global int $g_due_date_view_threshold */ $g_due_date_view_threshold = NOBODY; /***************** * Sub-projects ***************** /** * show extra dropdown for subprojects * Shows only top projects in the project dropdown and adds an extra dropdown for subprojects. * @global int $g_show_extended_project_browser */ $g_show_extended_project_browser = ON; /********************************** * Debugging / Developer Settings * **********************************/ /** * Used for debugging e-mail feature, when set to OFF the emails work as normal. * when set to e-mail address, all e-mails are sent to this address with the * original To, Cc, Bcc included in the message body. * @global int $g_debug_email */ $g_debug_email = OFF; /** * --- system logging --- * This controls the logging of information to a separate file for debug or audit * $g_log_level controls what information is logged * see constant_inc.php for details on the log channels available * e.g., $g_log_level = LOG_EMAIL | LOG_EMAIL_RECIPIENT | LOG_FILTERING | LOG_AJAX; * * $g_log_destination specifies the file where the data goes * right now, only "file:<file path>" is supported * e.g. (Linux), $g_log_destination = 'file:/tmp/mantisbt.log'; * e.g. (Windows), $g_log_destination = 'file:c:/temp/mantisbt.log'; * see http://www.php.net/error_log for details * @global int $g_log_level */ $g_log_level = LOG_EMAIL | LOG_EMAIL_RECIPIENT; /** * * @global string $g_log_destination */ $g_log_destination = 'file:<log_destination>'; /************************** * Configuration Settings * **************************/ | ||||
Could you post your current config to facilitate issue reproduction ? |
|
Posted my config_inc.php However Workflow is done on a per project base ( and this installations has about 150 projects ). But be sure that even when status 'closed' is not a valid status ( by workflow for the project ), the close button is shown. |
|
If needed I can supply you with account on development enviroment. |
|
Hi Tom,
In that case, a screenshot of your workflow settings (or the definition of the corresponding records in mantis_config_table) for a sample project would be useful. |
|
Nevermind my request for sample config - I had a look and see what you mean now. I think we're just missing a call to bug_check_workflow. |
|
Thanks dregad, for now wil update my installation with your patch. |
|
Let me know if that works as expected (or not) |
|
Dregad, works as expected. ( Patch seems logical to me, I should have been able to tacle this one myself :-) Thanks for your speedy reply. |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
CVE assigned on 06-Apr-2013 [1] [1] http://article.gmane.org/gmane.comp.security.oss.general/9878 |
|
MantisBT: master 562db4f4 2013-02-06 03:37 Details Diff |
Fix 0015453: Only display Close button if workflow allows Closed status |
Affected Issues 0015453 |
|
mod - core/html_api.php | Diff File | ||
MantisBT: master-1.2.x d85e69fe 2013-02-06 03:37 Details Diff |
Fix 0015453: Only display Close button if workflow allows Closed status |
Affected Issues 0015453 |
|
mod - core/html_api.php | Diff File |