Changesets: MantisBT
|
master-2.24 6c3482d0 2020-12-19 07:50 Details Diff |
Use parameterized string for confirmation messages Previously, the confirmation message was built manually in several places throughout the code, concatenating strings with variables. We now use a string with parameters, which is fed to sprintf prior to display. This gives translators more control to over the final message, and allows removing now-unused $s_in_project string. Updated strings: - $s_confirm_custom_field_deletion - $s_confirm_used_custom_field_deletion - $s_confirm_custom_field_unlinking - $s_config_delete_sure - $s_confirm_file_delete_msg - $s_delete_account_sure_msg - $s_query_delete_msg - $s_remove_user_sure_msg - $s_version_delete_sure Issue 0027779 |
Affected Issues 0027779 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_config_revert.php | Diff File | ||
| mod - manage_custom_field_delete.php | Diff File | ||
| mod - manage_filter_delete.php | Diff File | ||
| mod - manage_proj_custom_field_remove.php | Diff File | ||
| mod - manage_proj_user_remove.php | Diff File | ||
| mod - manage_proj_ver_delete.php | Diff File | ||
| mod - manage_user_delete.php | Diff File | ||
| mod - manage_user_proj_delete.php | Diff File | ||
| mod - proj_doc_delete.php | Diff File | ||
|
master f6502be6 2020-12-19 07:27 Details Diff |
Prevent XSS in helper_ensure_confirmed() calls When the confirmation message references user-provided data, it needs to be escaped prior to calling the function. Fixes 0027779, CVE-2020-35571 |
Affected Issues 0027779 |
|
| mod - manage_config_revert.php | Diff File | ||
| mod - manage_custom_field_update.php | Diff File | ||
| mod - manage_filter_delete.php | Diff File | ||
| mod - manage_proj_user_remove.php | Diff File | ||
| mod - manage_user_delete.php | Diff File | ||
| mod - manage_user_proj_delete.php | Diff File | ||
|
master-2.24 f6502be6 2020-12-19 07:27 Details Diff |
Prevent XSS in helper_ensure_confirmed() calls When the confirmation message references user-provided data, it needs to be escaped prior to calling the function. Fixes 0027779, CVE-2020-35571 |
Affected Issues 0027779 |
|
| mod - manage_config_revert.php | Diff File | ||
| mod - manage_custom_field_update.php | Diff File | ||
| mod - manage_filter_delete.php | Diff File | ||
| mod - manage_proj_user_remove.php | Diff File | ||
| mod - manage_user_delete.php | Diff File | ||
| mod - manage_user_proj_delete.php | Diff File | ||
|
master 100c3d58 2020-12-19 07:06 Details Diff |
Improve Project delete confirmation message The 'project_delete_msg' string now includes the bug count in addition to the Project's name. New Project API function project_get_bug_count() returns the number of issues associated to the given project. Fixes 0027768 |
Affected Issues 0027768 |
|
| mod - core/project_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_proj_delete.php | Diff File | ||
|
master 09886c87 2020-12-19 05:30 Details Diff |
Removed unused variables | ||
| mod - bug_revision_view_page.php | Diff File | ||
|
master 2996d8c4 2020-12-19 05:30 Details Diff |
Use static instead of global var in show_revision() The purpose of the global var was to store view_bug_threshold, using a static within the function makes it more self-contained. |
||
| mod - bug_revision_view_page.php | Diff File | ||
|
master d2276e60 2020-12-17 12:32 Details Diff |
Fix broken finnish translation Issue #0020198 |
Affected Issues 0020198 |
|
| mod - lang/strings_finnish.txt | Diff File | ||
|
master 0f742726 2020-12-17 05:17 Details Diff |
Merge branch 'i27700-use-kib' PR https://github.com/mantisbt/mantisbt/pull/1714 |
||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/uploads.xml | Diff File | ||
| mod - lang/strings_afrikaans.txt | Diff File | ||
| mod - lang/strings_amharic.txt | Diff File | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_arabicegyptianspoken.txt | Diff File | ||
| mod - lang/strings_asturian.txt | Diff File | ||
| mod - lang/strings_basque.txt | Diff File | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_bulgarian.txt | Diff File | ||
| mod - lang/strings_catalan.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_danish.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - lang/strings_eo.txt | Diff File | ||
| mod - lang/strings_estonian.txt | Diff File | ||
| mod - lang/strings_finnish.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
| mod - lang/strings_georgian.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_icelandic.txt | Diff File | ||
| mod - lang/strings_interlingua.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - lang/strings_japanese.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_luxembourgish.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
| mod - lang/strings_occitan.txt | Diff File | ||
| mod - lang/strings_persian.txt | Diff File | ||
| mod - lang/strings_polish.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_portuguese_standard.txt | Diff File | ||
| mod - lang/strings_qqq.txt | Diff File | ||
| mod - lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_romanian.txt | Diff File | ||
| mod - lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_serbian.txt | Diff File | ||
| mod - lang/strings_serbian_latin.txt | Diff File | ||
| mod - lang/strings_sh.txt | Diff File | ||
| mod - lang/strings_slovak.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - lang/strings_swedish.txt | Diff File | ||
| mod - lang/strings_swissgerman.txt | Diff File | ||
| mod - lang/strings_tagalog.txt | Diff File | ||
| mod - lang/strings_turkish.txt | Diff File | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - lang/strings_vietnamese.txt | Diff File | ||
| mod - lang/strings_volapuk.txt | Diff File | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
| mod - plugins/XmlImportExport/pages/import.php | Diff File | ||
|
i27768-proj-del-bug-count 6c94c808 2020-12-17 05:06 Details Diff |
Improve Project delete confirmation message The 'project_delete_msg' string now includes the bug count in addition to the Project's name. New Project API function project_get_bug_count() returns the number of issues associated to the given project. Fixes 0027768 |
||
| mod - core/project_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_proj_delete.php | Diff File | ||
|
master acb9593c 2020-12-17 05:06 Details Diff |
Remove unused language string 'category_delete_sure_msg' was replaced by 'category_delete_confirm_msg' in commit 8379a94f8cfe43136c922838449d412ad0674648. Issue 0020198 |
Affected Issues 0020198 |
|
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_arabicegyptianspoken.txt | Diff File | ||
| mod - lang/strings_asturian.txt | Diff File | ||
| mod - lang/strings_basque.txt | Diff File | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_bulgarian.txt | Diff File | ||
| mod - lang/strings_catalan.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_croatian.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_danish.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - lang/strings_estonian.txt | Diff File | ||
| mod - lang/strings_finnish.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
| mod - lang/strings_georgian.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_icelandic.txt | Diff File | ||
| mod - lang/strings_interlingua.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - lang/strings_japanese.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
| mod - lang/strings_occitan.txt | Diff File | ||
| mod - lang/strings_persian.txt | Diff File | ||
| mod - lang/strings_polish.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_portuguese_standard.txt | Diff File | ||
| mod - lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_romanian.txt | Diff File | ||
| mod - lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_serbian.txt | Diff File | ||
| mod - lang/strings_serbian_latin.txt | Diff File | ||
| mod - lang/strings_slovak.txt | Diff File | ||
| mod - lang/strings_slovene.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - lang/strings_swedish.txt | Diff File | ||
| mod - lang/strings_swissgerman.txt | Diff File | ||
| mod - lang/strings_tagalog.txt | Diff File | ||
| mod - lang/strings_turkish.txt | Diff File | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - lang/strings_urdu.txt | Diff File | ||
| mod - lang/strings_vietnamese.txt | Diff File | ||
| mod - lang/strings_volapuk.txt | Diff File | ||
|
master 5a92a393 2020-12-17 04:16 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
|
master 2485659b 2020-12-15 19:39 dependabot-preview[bot] Committer: dregad Details Diff |
Bump adodb/adodb-php from 5.20.18 to 5.20.19 Bumps [adodb/adodb-php](https://github.com/ADOdb/ADOdb) from 5.20.18 to 5.20.19. - [Release notes](https://github.com/ADOdb/ADOdb/releases) - [Changelog](https://github.com/ADOdb/ADOdb/blob/v5.20.19/docs/changelog.md) - [Commits](https://github.com/ADOdb/ADOdb/compare/v5.20.18...v5.20.19) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Fixes 0026837, PR https://github.com/mantisbt/mantisbt/pull/1717 |
Affected Issues 0026837 |
|
| mod - composer.lock | Diff File | ||
|
dependabot/composer/adodb/adodb-php-5.20.19 bd48d289 2020-12-15 19:39 dependabot-preview[bot] Committer: community Details Diff |
Bump adodb/adodb-php from 5.20.18 to 5.20.19 Bumps [adodb/adodb-php](https://github.com/ADOdb/ADOdb) from 5.20.18 to 5.20.19. - [Release notes](https://github.com/ADOdb/ADOdb/releases) - [Changelog](https://github.com/ADOdb/ADOdb/blob/v5.20.19/docs/changelog.md) - [Commits](https://github.com/ADOdb/ADOdb/compare/v5.20.18...v5.20.19) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> |
||
| mod - composer.lock | Diff File | ||
|
master e6365041 2020-12-14 07:38 Details Diff |
Documentation for bug revisions Added new $g_bug_revision_view_threshold config to Admin Guide's Bug History section, as well as $g_bug_revision_drop_threshold which was previously not documented. Issue 0020690 |
Affected Issues 0020690 |
|
| mod - config_defaults_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/bughistory.xml | Diff File | ||
|
master a16bb249 2020-12-14 04:09 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
|
master 5376d2a2 2020-12-13 07:08 Details Diff |
Prevent setting category not belonging to project When retrieving a category for a given project, make sure that it is available in the project's hierarchy, taking inheritance into account. This is a follow-up on commit b77859901050b558bfcd28050cff1599d60e45fa which only covered bug_report.php, when in fact the same problem was also present in bug_update.php. Fixes 0027361 |
Affected Issues 0027361 |
|
| mod - bug_update.php | Diff File | ||
|
master 889c8d24 2020-12-13 07:06 Details Diff |
New API to check category existence within project Added 2 new functions in Category API: category_exists_in_project() and category_ensure_exists_in_project. Improve PHPDoc for category_exists() and category_ensure_exists() to clearly indicate that they check for a category's existence globally, unlike the new functions. Issue 0027361 |
Affected Issues 0027361, 0027826 |
|
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/category_api.php | Diff File | ||
|
master 7a3a0de1 2020-12-10 02:50 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_french.txt | Diff File | ||
|
master 3a06f948 2020-12-07 04:47 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_turkish.txt | Diff File | ||
| mod - plugins/Gravatar/lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_greek.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_greek.txt | Diff File | ||
|
master 35568185 2020-12-06 14:03 Details Diff |
Fix Javascript error in View Issue page When there are no saved filters, 'source_query_id' is not defined, so check for that and return to avoid the error. Fixes 0027704 |
Affected Issues 0027704 |
|
| mod - js/bugFilter.js | Diff File | ||
|
master b2da7352 2020-12-06 13:43 Details Diff |
Prevent full private issue disclosure Missing access check in bug_actiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone of any private issue (including all bugnotes and attachments), thus gaining full access to potentially confidential information. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027728, 0027357, CVE-2020-29604 |
Affected Issues 0027357, 0027728 |
|
| mod - bug_actiongroup.php | Diff File | ||
|
master 12a9dcbb 2020-12-06 13:08 Details Diff |
Prevent disclosure of private issue summary Insufficient access level checks allowed an attacker to display private issues' summary via Group Actions (bug_actiongroup_page.php). Going through the provided list of issue IDs (bug_arr[]) and removing any issues the user does not have access to, fixes the vulnerability. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027727, 0027357, CVE-2020-29605 |
Affected Issues 0027357, 0027727 |
|
| mod - bug_actiongroup_page.php | Diff File | ||
|
master cff10f26 2020-12-06 07:39 Details Diff |
Avoid private project name disclosure When an unprivileged user tries to access a private project via manage_proj_edit_page.php, they receive an Access Denied as expected, but the project's name is leaked via the navbar's project selector. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting and providing an initial patch for this bug. Fixes 0027726, 0027357, CVE-2020-29603 |
Affected Issues 0027357, 0027726 |
|
| mod - core/layout_api.php | Diff File | ||
|
master 2d1c5389 2020-12-06 05:53 Details Diff |
Remove deprecated width attribute Instead of displaying the Drop button in an extra column at the right, we use print_link_button() and give it the 'pull-right' class. This allows us to get rid of the colspan too. |
||
| mod - bug_revision_view_page.php | Diff File | ||
|
master 68000e4b 2020-12-06 05:51 Details Diff |
Remove useless return value from show_revision() | ||
| mod - bug_revision_view_page.php | Diff File | ||
