Changesets: MantisBT
|
master 1b580799 2002-08-23 09:16 Details Diff |
- Fixed security issues where the wrong access level was checked, or an absolute one rather than a configurable threshold. - Removed check on an invalid variable ($result) in bug_delete. - Moved minimum required PHP version to core_php_API.php - Changed bug_delete() to return true/false which reflects the overall result. - Added a call to phpinfo() if user is using a version of PHP that is older than minimum required. - Restructured the core_php_API.php to reduce some code. - view_all_bug_update.php, allowed any user with UPDATER access level to move, delete, close, resolve bugs. - Added $g_delete_bugnote_threshold. - Added $g_update_bug_threshold. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1310 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - view_bug_page.php | Diff File | ||
| mod - bug_delete_page.php | Diff File | ||
| mod - bug_delete.php | Diff File | ||
| mod - core_bug_API.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - bug_reopen.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - core_php_API.php | Diff File | ||
| mod - bug_resolve_page.php | Diff File | ||
| mod - bug_close_page.php | Diff File | ||
| mod - bugnote_delete.php | Diff File | ||
| mod - bug_reopen_page.php | Diff File | ||
| mod - bug_close.php | Diff File | ||
| mod - core_API.php | Diff File | ||
| mod - view_bug_advanced_page.php | Diff File | ||
| mod - bugnote_delete_page.php | Diff File | ||
| mod - bug_update.php | Diff File | ||
| mod - bug_update_advanced_page.php | Diff File | ||
| mod - doc/ChangeLog | Diff File | ||
| mod - view_all_bug_update.php | Diff File | ||
|
master e9ab25d2 2002-08-23 05:54 Julian Fitzell Details Diff |
Fix bug 0002341: "Users with no permission see bugs from privat project" See: http://mantisbt.sourceforge.net/mantis/view_bug_advanced_page.php?f_id=0002341 git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1309 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0002341 |
|
| mod - doc/ChangeLog | Diff File | ||
| mod - view_all_bug_page.php | Diff File | ||
|
master 50422ea3 2002-08-23 05:52 Julian Fitzell Details Diff |
minor cleanups and comments git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1308 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_error_API.php | Diff File | ||
|
master fdee2dc1 2002-08-23 03:10 Julian Fitzell Details Diff |
changes for this evening git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1307 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - doc/ChangeLog | Diff File | ||
|
master dd047ce0 2002-08-23 03:08 Julian Fitzell Details Diff |
argh, I did it again... I always forget to "cvs add" new files before checking in git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1306 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| add - core_error_API.php | Diff File | ||
|
master 8fe96399 2002-08-23 02:59 Julian Fitzell Details Diff |
yup, thought so... as I was leaving my house I had the sudden realization that I thought I had left detailed error messages turned on by default which of course, as the comment says, is BAD!!!! all good now:) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1305 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master 2fbf03f1 2002-08-23 00:18 Details Diff |
Updated cvsignore to skip all custom_* and config_inc.php git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1304 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - .cvsignore | Diff File | ||
|
master a85825f4 2002-08-23 00:11 Julian Fitzell Details Diff |
fix php version typo and use a constant anyway git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1303 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_php_API.php | Diff File | ||
| mod - core_API.php | Diff File | ||
|
master 196b2947 2002-08-23 00:04 Julian Fitzell Details Diff |
Start implementing error handling - add a new error constant for missing GPC variables - add core_error_API.php - move debugging configuration options to their own section in config_defaults_inc.php - add $g_show_detailed_errors and $g_display_errors to configure error reporting - remove $g_register_globals from config_defaults_inc.php git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1302 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - lang/strings_english.txt | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - constant_inc.php | Diff File | ||
| mod - core_API.php | Diff File | ||
|
master 0659eabc 2002-08-22 23:35 Julian Fitzell Details Diff |
remove $g_register_globals and just check the php setting directly git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1301 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - config_inc.php.sample | Diff File | ||
| mod - core_php_API.php | Diff File | ||
|
master 4a973074 2002-08-22 23:34 Julian Fitzell Details Diff |
use null instead of 'nil' and call trigger_error correctly (more commits to come on that one) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1300 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_security_API.php | Diff File | ||
|
master 937b4804 2002-08-22 21:43 Julian Fitzell Details Diff |
add a cvsignore file that ignores the file custom_config_inc.php tired of seeing the question mark every time I update :) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1299 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| add - .cvsignore | Diff File | ||
|
master 2124bef5 2002-08-22 21:42 Julian Fitzell Details Diff |
oops... ob_flush() was added in 4.2.0 and we really want to clear it anyway git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1298 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_php_API.php | Diff File | ||
|
master 18d3e4b5 2002-08-22 21:34 Julian Fitzell Details Diff |
Move PHP compatibility stuff to core_php_API.php and call it very first in core_API.php All compatibility checks should now use php_version_at_least() and all code designed for backwards compatibility should go in this new file. Thanks to Victor for the suggestion git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1297 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_API.php | Diff File | ||
| add - core_php_API.php | Diff File | ||
| mod - constant_inc.php | Diff File | ||
| mod - core_security_API.php | Diff File | ||
|
master c115664f 2002-08-22 14:15 Details Diff |
Restored trigger_error (it was in fact a PHP built-in) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1296 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_security_API.php | Diff File | ||
|
master 476502cf 2002-08-22 14:05 Details Diff |
Added support for get_var() and related functions. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1295 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core_API.php | Diff File | ||
| mod - doc/ChangeLog | Diff File | ||
| add - core_security_API.php | Diff File | ||
|
master b249707e 2002-08-22 09:53 Details Diff |
- Fixed a typo in DIRECTORY_SEPARATOR in config_defaults_inc.php - Defined DIRECTORY_SEPARATOR if not defined. Since it was introduced in 4.0.6 and Mantis requires 4.0.3. - Fixed some comments in the config_defaults_inc.php git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1294 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - constant_inc.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
|
master 86a5759a 2002-08-22 09:28 Details Diff |
Fixed 2364: proj_doc_add_page has hardcoded upload limit git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1293 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - proj_doc_add_page.php | Diff File | ||
|
master 720cde86 2002-08-21 23:49 Julian Fitzell Details Diff |
changelog updates for my commits today git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1289 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - doc/ChangeLog | Diff File | ||
|
master 70bd9132 2002-08-21 21:52 Julian Fitzell Details Diff |
fix bug 2076 (mantisbt.sourceforge.net/mantis/view_bug_advanced_page.php?f_id=0002076) also change a few other hardcoded '/' instances to use DIRECTORY_SEPARATOR for cross-platform compatibility git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1288 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0002076 |
|
| mod - config_defaults_inc.php | Diff File | ||
| mod - manage_proj_update.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
|
master a1623ed9 2002-08-21 21:40 Julian Fitzell Details Diff |
there are way too many places where data isn't unescaped when it's pulled out of the DB... this shouldn't be up to the php pages anyway, if the API escapes it putting it in, it needs to unescape it pulling it out. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1287 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - doc/FUTURE | Diff File | ||
|
master c78f2401 2002-08-21 20:02 Julian Fitzell Details Diff |
try to at least partially address issue 2359 (mantisbt.sourceforge.net/mantis/view_bug_advanced_page.php?f_id=0002359) This adds a better error message when an error is flagged in the upload array. I've indicated that it likely means the file is too big but I don't know for sure what else might cause the error to appear so the error string may not be entirely accurate. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1286 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0002359 |
|
| mod - bug_file_add.php | Diff File | ||
| mod - constant_inc.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
master d9debe5d 2002-08-21 19:33 Julian Fitzell Details Diff |
fix bug 2360 (mantisbt.sourceforge.net/mantis/view_bug_advanced_page.php?f_id=0002360) I realize this will be better fixed when we refactor stuff into API calls but I thought I'd fix it for n ow. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1285 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0002360 |
|
| mod - bug_delete_page.php | Diff File | ||
| mod - bug_delete.php | Diff File | ||
|
master 23a76d9b 2002-08-21 19:21 Julian Fitzell Details Diff |
display the max file size to the user this should ideally take the minimum of $g_max_file_size and the php variables upload_max_filesize and post_max_size but the last two seem to be returned as strings (eg '2M') on my system git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1284 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - lang/strings_english.txt | Diff File | ||
| mod - bug_file_upload_inc.php | Diff File | ||
|
master 39656408 2002-08-21 19:05 Julian Fitzell Details Diff |
typo (thanks to vboctor) git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1283 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - admin/admin_check.php | Diff File | ||
