Changesets: MantisBT
|
master 4ece39a3 2020-09-19 00:23 Details Diff |
Remove duplicates of 'Update' string Using the generic update language string and removing duplicate plugin_update. |
||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_plugin_page.php | Diff File | ||
|
master 5a37a796 2020-09-19 00:06 Details Diff |
New generic 'delete' string, remove duplicates There were several language strings defined for the same label: actiongroup_menu_delete, delete_attachment_button, delete_bug_button, delete_filter_button, delete_link, delete_relationship_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - adm_config_delete.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - bug_file_delete.php | Diff File | ||
| mod - bug_relationship_delete.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
|
master 0a8eaa71 2020-09-18 23:58 Details Diff |
New generic 'edit' string, remove duplicates There were several language strings defined for the same label: edit_link, bugnote_edit_link, update_bug_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - news_update.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
|
master-2.24 1e0de68e 2020-09-18 23:42 Details Diff |
Avoid testing the same thing twice Refactored the code so the global access check to edit tags is performed only once. |
||
| mod - tag_update.php | Diff File | ||
|
master 07b91f3c 2020-09-18 15:18 Details Diff |
Profiles refactoring and enhancements Merge PR https://github.com/mantisbt/mantisbt/pull/1698 |
||
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
| mod - css/ace-mantis.css | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - lost_pwd_page.php | Diff File | ||
| mod - news_menu_page.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
|
master-2.24 fe3a91cb 2020-09-18 09:00 Details Diff |
Plugin update: validate Priority parameter Plugin Priority must be a number from 1 to 5. Trigger an error if the parameter's value is outside of that range. Fixes 0027284 |
Affected Issues 0027284 |
|
| mod - manage_plugin_update.php | Diff File | ||
|
master-2.24 8d9fbb58 2020-09-18 08:48 Details Diff |
manage_plugin_update.php: use DbQuery | ||
| mod - manage_plugin_update.php | Diff File | ||
|
master 97ea7453 2020-09-14 07:04 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_turkish.txt | Diff File | ||
|
master-2.24 f2b0f843 2020-09-12 12:25 Details Diff |
Fix PHPStorm undefined variable warnings | ||
| mod - file_download.php | Diff File | ||
|
master-2.24 34199561 2020-09-12 12:24 Details Diff |
Improve PHPDoc for file_get_visible_attachments() | ||
| mod - core/file_api.php | Diff File | ||
|
master-2.24 9de20c09 2020-09-12 12:21 Details Diff |
Check ability to download attachments at bugnote level This prevents users authorized to download attachments but not to view private bugnotes, from accessing files attached to a private note via `file_download.php?file_id={FILE_ID}&type=bug` (CVE-2020-25781). Includes some minor code cleanup in file_get_visible_attachments(): - use a foreach loop - reuse variables instead of derefenrcing array Fixes 0027039 |
Affected Issues 0027039 |
|
| mod - core/file_api.php | Diff File | ||
| mod - file_download.php | Diff File | ||
|
master-2.24 5595c90f 2020-09-12 12:09 Details Diff |
Functions to check view/download ability at bugnote level 2 new File API functions: - file_can_view_bugnote_attachments() - file_can_download_bugnote_attachments Prerequisite to fix issue 0027039 |
Affected Issues 0027039 |
|
| mod - core/file_api.php | Diff File | ||
|
master-2.24 90b83956 2020-09-12 12:04 Details Diff |
New file_can_view_or_download() function file_can_view_bug_attachments() and file_can_download_bug_attachments() have nearly identical code, the only difference being the names of the configs. Adding a new internal File API function to avoid code duplication. Fixes 0027299 |
Affected Issues 0027299 |
|
| mod - core/file_api.php | Diff File | ||
|
master-2.24 221cf323 2020-09-12 02:20 Details Diff |
Fix XSS in Custom Field regex pattern validation Improper escaping of the custom field definition's Regular Expression allowed an attacker to inject HTML into the page (CVE-2020-25288). Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding. Fixes 0027275 |
Affected Issues 0027275 |
|
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
|
master c776e54d 2020-09-10 20:14 Details Diff |
Regroup the 2 subprojects sections into one There is now a single section allowing to create a new subproject or add an existing project as subproject, and list/edit/remove existing subprojects. Fixes 0030423 |
Affected Issues 0030423 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
master 6db5ae6a 2020-09-10 13:27 Details Diff |
Move Delete button to form footer: Version Using the HTML5 button's `formaction` property we can get rid of the separate form that caused the button to be displayed below the Edit box, and put the Delete button in the main form's footer. Fixes 0027274 |
Affected Issues 0027274 |
|
| mod - manage_proj_ver_delete.php | Diff File | ||
| mod - manage_proj_ver_edit_page.php | Diff File | ||
|
master aaa671c2 2020-09-10 12:50 Details Diff |
Move Delete button to form footer: Category Using the HTML5 button's `formaction` property we can get rid of the separate form that caused the button to be displayed below the Edit box, and put the Delete button in the main form's footer This required the following changes - renaming the form parameter from `id` to `category_id` - using the same CSRF token `manage_proj_cat_update` for deletion Fixes 0027274 |
Affected Issues 0027274 |
|
| mod - manage_proj_cat_add.php | Diff File | ||
| mod - manage_proj_cat_delete.php | Diff File | ||
| mod - manage_proj_cat_edit_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
|
master f6234f0e 2020-09-10 12:47 Details Diff |
Move Delete button to form footer: Project Using the HTML5 button's `formaction` property we can get rid of the separate form that caused the button to be displayed below the Edit box, and put the Delete button in the main form's footer This required the following additional changes - using the same CSRF token `manage_proj_update` for deletion Fixes 0027274 |
Affected Issues 0027274 |
|
| mod - manage_proj_delete.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
|
master 8b51fc49 2020-09-10 11:59 Details Diff |
Add comments before each section of Manage Projects page | ||
| mod - manage_proj_edit_page.php | Diff File | ||
|
master fbe26fa9 2020-09-10 09:07 Details Diff |
Remove tautologies | ||
| mod - manage_proj_edit_page.php | Diff File | ||
|
master 11182316 2020-09-07 06:45 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
|
master 79b70c9b 2020-09-06 06:50 Details Diff |
New internal function to avoid code duplication Added profile_validate_before_update() as the same code snippet was used in profile_create() and profile_update(). Fixes 0027258 |
Affected Issues 0027258 |
|
| mod - core/profile_api.php | Diff File | ||
|
master 0baeffcf 2020-09-06 06:45 Details Diff |
Rename profile_get_row_direct() to profile_get_row() Fixes 0027258 |
Affected Issues 0027258 |
|
| mod - account_prof_edit_page.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
|
master e4a9f3eb 2020-09-06 06:44 Details Diff |
Removed unused API function profile_get_row() Fixes 0027258 |
Affected Issues 0027258 |
|
| mod - core/profile_api.php | Diff File | ||
|
master 59d78ad4 2020-09-06 06:41 Details Diff |
Remove last remaining call to profile_get_row() Replacing it with profile_get_row_direct(). Since profiles identified with a globally unique ID, it does not make sense for the API to require a user ID to retrieve a profile, as it needlessly complexifies the caller's code. Fixes 0027258 |
Affected Issues 0027258 |
|
| mod - account_prof_edit_page.php | Diff File | ||
