Changesets: MantisBT
master-2.10 c4afcb11 2018-01-30 01:58 Details Diff |
Fix XSS in adm_config_report.php (CVE-2018-6403) Nguyen Tri Tuan reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'value' parameter. Prevent the attack by sanitizing the variable before output. Fixes 0023906 |
Affected Issues 0023906 |
|
mod - adm_config_report.php | Diff File | ||
master cf5baefa 2018-01-29 20:34 Details Diff |
Fix username and realname uniqueness checks - Fix user realname uniqueness check which wasn’t working. - Remove `$g_differentiate_duplicates` config option. - Change username realname uniqueness check APIs to not take in username, since these are independent operations. Fixes 0023909, 0023900 |
Affected Issues 0023900, 0023909 |
|
mod - account_update.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - core/obsolete.php | Diff File | ||
mod - core/user_api.php | Diff File | ||
mod - manage_user_update.php | Diff File | ||
master c91d586b 2018-01-28 22:20 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
mod - lang/strings_catalan.txt | Diff File | ||
mod - lang/strings_chinese_traditional.txt | Diff File | ||
mod - lang/strings_greek.txt | Diff File | ||
mod - lang/strings_ka.txt | Diff File | ||
mod - lang/strings_portuguese_standard.txt | Diff File | ||
mod - lang/strings_serbian.txt | Diff File | ||
mod - lang/strings_spanish.txt | Diff File | ||
mod - lang/strings_ukrainian.txt | Diff File | ||
mod - lang/strings_urdu.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_serbian.txt | Diff File | ||
mod - plugins/XmlImportExport/lang/strings_greek.txt | Diff File | ||
master 5a9c3785 2018-01-28 09:13 Details Diff |
Merge remote-tracking branch 'origin/master-2.10' | ||
mod - api/soap/mc_project_api.php | Diff File | ||
master 09306f2f 2018-01-28 08:59 Details Diff |
Remove access and icon info for files Fixes 0022792 |
Affected Issues 0022792 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
mod - api/soap/mc_issue_api.php | Diff File | ||
master 386328eb 2018-01-28 07:00 Details Diff |
Doc: Remove legacy settings from publican.cfg The 'edition' and 'release' settings were required when using old versions of Publican. The new server is running 4.3.2, so these are no longer necessary. |
||
mod - docbook/Admin_Guide/publican.cfg | Diff File | ||
mod - docbook/Developers_Guide/publican.cfg | Diff File | ||
master bbc5f360 2018-01-28 02:35 Committer: dregad Details Diff |
Revert "Map user 0 to current user" This reverts commit 1faed58ec1050a855240a0bf4be018a3f2cda019. Previous commit was introduced due to some tests failing, but actually the tests were wrongly coded. Having a filter to be executed as NO_USER currently is not supported. I prefer let it raise an error when some of the filter operations makes no sense, than defaulting to current user thus potentially hiding higher level conceptual errors. |
||
mod - core/classes/BugFilterQuery.class.php | Diff File | ||
master 65b99b46 2018-01-28 01:53 Committer: atrol Details Diff |
Refactor common entry point for standard filters Create filter_standard_get() to build a standard filter. Remove filter_load() as a multipurspose filter function. Standard filters require a varying set of parameters, which add noise for the case of retrieving a raw filter by id. At this point, these are the functions to retrieve filters: - filter_get(): get a filter from database by id - filter_temporary_get(): get a temporary filter, by it's id. These filters are stored as session data at user's scope. - filter_standard_get(): build a filter for the standard filters predefined in the application. |
||
mod - api/soap/mc_filter_api.php | Diff File | ||
mod - core/filter_api.php | Diff File | ||
master 84349ec8 2018-01-27 21:15 Details Diff |
Remove `download_url` and `delete_url` for files The REST API shouldn’t return such URLs. They are specific for web app and can be calculated without being returned. Fixes 0022792 |
Affected Issues 0022792 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
mod - api/soap/mc_issue_api.php | Diff File | ||
mod - core/commands/IssueFileGetCommand.php | Diff File | ||
master 8e101aa0 2018-01-27 11:04 Details Diff |
Refactor mapping relationship type name to id - Move the lookup out of the command and make it consistent with other lookups. - Raise exceptions from relationship apis instead of triggering errors for invalid types. |
||
mod - core/commands/IssueRelationshipAddCommand.php | Diff File | ||
mod - core/relationship_api.php | Diff File | ||
master 843c450d 2018-01-27 10:48 Details Diff |
Fix relationship formating and localization in REST - Issue type name shouldn’t be localized. - Add issue type label with localized name. - Relationships where issue is destination were not formatted correctly. Fixes 0023898, 23899 |
Affected Issues 0023898 |
|
mod - api/soap/mc_issue_api.php | Diff File | ||
master 2f88f94d 2018-01-27 10:00 Details Diff |
PR feedback for issue relationships API Fixes 0023868 |
Affected Issues 0023868 |
|
mod - core/commands/IssueRelationshipAddCommand.php | Diff File | ||
mod - core/commands/IssueRelationshipDeleteCommand.php | Diff File | ||
master 75e5a188 2018-01-25 20:53 Details Diff |
Address Tags API PR comments | ||
mod - core/commands/TagAttachCommand.php | Diff File | ||
master 46c3c1ad 2018-01-24 18:24 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
mod - lang/strings_finnish.txt | Diff File | ||
mod - lang/strings_portuguese_standard.txt | Diff File | ||
mod - lang/strings_swedish.txt | Diff File | ||
master 2735ca1a 2018-01-22 04:14 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
mod - lang/strings_belarusian_tarask.txt | Diff File | ||
mod - lang/strings_bulgarian.txt | Diff File | ||
mod - lang/strings_chinese_simplified.txt | Diff File | ||
mod - lang/strings_chinese_traditional.txt | Diff File | ||
mod - lang/strings_danish.txt | Diff File | ||
mod - lang/strings_french.txt | Diff File | ||
mod - lang/strings_galician.txt | Diff File | ||
mod - lang/strings_german.txt | Diff File | ||
mod - lang/strings_ka.txt | Diff File | ||
mod - lang/strings_lb.txt | Diff File | ||
mod - lang/strings_macedonian.txt | Diff File | ||
mod - lang/strings_portuguese_standard.txt | Diff File | ||
mod - lang/strings_serbian.txt | Diff File | ||
mod - lang/strings_spanish.txt | Diff File | ||
master 627c8a29 2018-01-21 21:10 Details Diff |
DELETE tag REST API shouldn’t have a payload Fixes 0023858 |
Affected Issues 0023858 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
mod - core/commands/TagDetachCommand.php | Diff File | ||
mod - tag_detach.php | Diff File | ||
master 43facfa1 2018-01-21 15:33 Details Diff |
Support `delete_url`, `access`, `icon` for files - Add `delete_url` for attachment information. - Add `icon` for attachment infromation including font awesome icon. - Add `alt` for alt text of the icon. - Add `access` for download and delete access. - Show `download` and `delete` urls when user has access. Fixes 0022792 |
Affected Issues 0022792 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
mod - api/soap/mc_issue_api.php | Diff File | ||
mod - core/commands/IssueFileGetCommand.php | Diff File | ||
master ee9e004d 2018-01-21 12:35 Details Diff |
Support deleting issue relationships via REST API Fixes 0023868 |
Affected Issues 0023868 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
master dccd5cf6 2018-01-21 12:25 Details Diff |
Support adding relationships via REST API Fixes 0023866 |
Affected Issues 0023866 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
master 972523db 2018-01-21 12:10 Details Diff |
Implement `IssueRelationshipDeleteCommand` Fixes 0023867 |
Affected Issues 0023867 |
|
mod - bug_relationship_delete.php | Diff File | ||
add - core/commands/IssueRelationshipDeleteCommand.php | Diff File | ||
mod - core/helper_api.php | Diff File | ||
master b0bd8016 2018-01-21 08:20 Details Diff |
Implement `IssueRelationshipAddCommand` Fixes 0023865 |
Affected Issues 0023865 |
|
mod - bug_relationship_add.php | Diff File | ||
add - core/commands/IssueRelationshipAddCommand.php | Diff File | ||
master a1cd2f65 2018-01-20 20:24 Details Diff |
Support downloading issue attachments via REST API - Get all files for an issue - Get a specific file for an issue Fixes 0022792 |
Affected Issues 0022792 |
|
mod - api/rest/restcore/issues_rest.php | Diff File | ||
add - core/commands/IssueFileGetCommand.php | Diff File | ||
mod - core/file_api.php | Diff File | ||
master 51e159c4 2018-01-20 14:31 Details Diff |
Fix resolved/closed links for summary by status When using custom statuses higher than bug_resolved_status_threshold, the filter links for figures in the Summary page's "By Status" report are incorrect for the Resolved and Closed columns. This is caused by summary_print_by_enum() adding an extra 'status' query parameter set to bug_resolved_status_threshold / bug_closed_status_threshold (depending on the column being processed), which overrides the status set for the row. The code now skips adding the 'status' query parameter when processing the Status enum, and only does it when processing other enums. Fixes 0023796 |
Affected Issues 0023796 |
|
mod - core/summary_api.php | Diff File | ||
master 43eba6c8 2018-01-20 12:37 Details Diff |
Move config_get() calls outside of loop | ||
mod - core/summary_api.php | Diff File | ||
master c3edd920 2018-01-20 12:35 Details Diff |
Summary: add Total column to Reporter/Dev by Resolution Since the tables are sorted based on this value, it makes sense that it is visible to the user. Fixes 0023863 |
Affected Issues 0023863 |
|
mod - core/summary_api.php | Diff File | ||
mod - summary_page.php | Diff File |