Changesets: MantisBT

master e75b9463

2019-09-22 06:33:55

dregad

Details Diff
Merge branch 'master-2.22'
Attach Issues:
mod - core/constant_inc.php Diff File
mod - core/html_api.php Diff File
mod - core/http_api.php Diff File
mod - core/layout_api.php Diff File

master-2.22 e3ebfb20

2019-09-22 06:32:54

dregad

Details Diff
Add integrity hashes for CSS resources

- bootstrap
- font-awesome
- bootstrap-datetimpicker

Issue 0026168
Affected Issues
0026168
mod - core/constant_inc.php Diff File
mod - core/layout_api.php Diff File

master-2.22 b7611645

2019-09-22 06:24:07

dregad

Details Diff
Allow integrity hashes for CSS CDN resources

Fixes 0026168
Affected Issues
0026168
mod - core/html_api.php Diff File

master-2.22 14cd147d

2019-09-22 06:20:01

dregad

Details Diff
Replace maxcdn by stackpath in CSP headers
Attach Issues:
mod - core/http_api.php Diff File

master-1.3.x 040b81dc

2019-09-22 05:13:41

dregad

Details Diff
Travis: ignore errors caused by 'apt-get update'
Attach Issues:
mod - scripts/travis_before_script.sh Diff File

master eb8494d8

2019-09-22 04:21:40

dregad

Details Diff
Merge branch 'master-2.22'
Attach Issues:
mod - core/constant_inc.php Diff File
mod - core/layout_api.php Diff File
rm - js/bootstrap-3.4.0.min.js Diff File
add - js/bootstrap-3.4.1.min.js Diff File

master fa538d1d

2019-09-21 12:14:53

dregad

Details Diff
Merge branch 'master-2.22'
Attach Issues:
mod - config_defaults_inc.php Diff File
mod - core/graphviz_api.php Diff File

master-1.3.x 7092573f

2019-09-21 12:10:24

dregad

Details Diff
Prevent arbitrary shell command execution

Prior to this, Administrators were able to edit 'dot_tool' and
'neato_tool' config options from the Manage Configuration Page

These can now only be set in the config_inc.php file.

Fixes #26162, CVE-2019-15715

Backported from fc7668c8e45db55fc3a4b991ea99d2b80861a14c.
Affected Issues
0026162
mod - config_defaults_inc.php Diff File

master-1.3.x cebfb9ac

2019-09-21 12:02:59

dregad

Details Diff
Escape GraphViz command before calling proc_open()

Fixes #26162, CVE-2019-15715

(cherry picked from commit 5fb979604d88c630343b3eaf2b435cd41918c501)
Affected Issues
0026162
mod - core/graphviz_api.php Diff File

master 5fb97960

2019-09-21 12:02:59

dregad

Details Diff
Escape GraphViz command before calling proc_open()

Fixes #26091, CVE-2019-15715
Affected Issues
0026091
mod - core/graphviz_api.php Diff File

master 72ff745b

2019-09-20 11:04:53

dregad

Details Diff
Change Bootstrap & FontAwesome CDN

According to the official download pages, these libraries switched from
Max CDN to StackPath (as the latter bought the former).
Attach Issues:
mod - core/layout_api.php Diff File

master 1e2a3018

2019-09-20 11:00:03

dregad

Details Diff
Update Bootstrap to 3.4.1

Original css files were modified to remove the # on the source map file.
This prevents warnings in the browser console.

Fixes 0026160, CVE-2019-8331
Affected Issues
0026160
mod - core/constant_inc.php Diff File
rm - js/bootstrap-3.4.0.min.js Diff File
add - js/bootstrap-3.4.1.min.js Diff File

master f3b4e39b

2019-09-16 12:57:44

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_persian.txt Diff File
mod - lang/strings_zazaki.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_zazaki.txt Diff File

master aa429d33

2019-09-16 03:59:08

dregad

Details Diff
Also display "monitors" section if issue not monitored

The "Users monitoring this issue" section was only displayed when there
is at least one user monitoring the issue.

Includes fixes to PR review comments by @vboctor
- Fix check of force_readonly option
- "Belt & braces" when processing list of monitoring users

Fixes 0026125
Affected Issues
0026125
mod - bug_view_inc.php Diff File
mod - core/commands/IssueViewPageCommand.php Diff File

master 25110fd3

2019-09-13 17:11:30

dregad

Details Diff
Convert redirect_delay column back to integer

Follow-up fix for user_pref.redirect_delay, which was incorrectly
set to boolean in check_pgsql_bool_columns() before MantisBT 2.23.0,
so we need to check its type and convert it back to integer if needed.

Fixes 0026109
Affected Issues
0026109
mod - admin/install.php Diff File
mod - core/install_helper_functions_api.php Diff File

master b215c4d5

2019-09-13 17:04:22

dregad

Details Diff
Check DB type before calling check_pgsql_bool_columns()
Attach Issues:
mod - admin/install.php Diff File

master c7f87915

2019-09-13 17:03:42

dregad

Details Diff
Fix PHP Warning if check_pgsql_bool_columns() fails

If SQL to retrieve column data in information_schema fails, the function
returns a string. This string is then used in a foreach loop, triggering
a warning.
Attach Issues:
mod - admin/install.php Diff File

master c73fd8b0

2019-09-12 19:11:13

dregad

Details Diff
Only display time spent if time tracking is enabled

Fixes 0026134
Affected Issues
0026134
mod - bugnote_view_inc.php Diff File

master c57ccb2b

2019-09-12 18:38:11

dregad

Details Diff
Add missing column from group by clause

This causes an error when retrieving time tracking information on View
Issue Details page, on MySQL when ONLY_FULL_GROUP_BY is enabled (default
since 5.7).

Fixes 0026132
Affected Issues
0026132
mod - core/bugnote_api.php Diff File

master 9d840d2b

2019-09-12 12:47:03

dregad

Details Diff
Add file with default value 'null' for user id

This ensures that the file attachment is added with a reference to the
current user.

Regression introduced by 255dfdf261c42adb76c4f3b6a157186afe999f9b,
caused attachments uploaded together with the issue's submission to be
linked to user '0' instead of the reporter.

Fixes 0026128
Affected Issues
0026128
mod - core/file_api.php Diff File

master 7acc1d26

2019-09-12 10:04:36

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_italian.txt Diff File
mod - lang/strings_japanese.txt Diff File
add - plugins/Gravatar/lang/strings_en-gb.txt Diff File

master 0785615c

2019-09-11 07:16:30

dregad

Details Diff
IssueViewPageCommand: regroup monitor flags
Attach Issues:
mod - core/commands/IssueViewPageCommand.php Diff File

master b64d993f

2019-09-10 07:21:06

dregad

Details Diff
Fix display of monitor/unmonitor buttons

The monitor button should only be displayed when the current user is not
yet monitoring the issue.

Likewise for the unmonitor button when the user is indeed monitoring it.

Fixes 0026123
Affected Issues
0026123
mod - core/commands/IssueViewPageCommand.php Diff File

master 185d18ee

2019-09-09 13:20:48

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_chinese_simplified.txt Diff File
mod - lang/strings_macedonian.txt Diff File
mod - lang/strings_spanish.txt Diff File

master c03afdce

2019-09-07 11:55:30

dregad

Details Diff
Improve UX & consistency for inline action icons

Fixes 0025905, PR https://github.com/mantisbt/mantisbt/pull/1545
Affected Issues
0025905
mod - bug_monitor_list_view_inc.php Diff File
mod - bug_report_page.php Diff File
mod - bug_view_inc.php Diff File
mod - bugnote_update.php Diff File
mod - bugnote_view_inc.php Diff File
mod - core/collapse_api.php Diff File
mod - core/prepare_api.php Diff File
mod - core/print_api.php Diff File
mod - css/ace-mantis.css Diff File
mod - tests/Mantis/PrepareTest.php Diff File
1 2 3 ... 60 ... 120 ... 180 ... 240 ... 300 ... 360 ... 420 ... 480 ... 540 ... 600 ... 620 621 622  Next  Last