Changesets: MantisBT
|
master fd637338 2019-08-17 09:27 Details Diff |
Travis: use PHPUnit script from Composer bin dir This ensures we get the expected version of the script, and not whatever is installed in the Travis build environment (which varies based on current PHP version). |
||
| mod - build/travis_script.sh | Diff File | ||
|
master e1525732 2019-08-17 09:20 Details Diff |
Travis: remove force PHPUnit 5.7 This is now useless as we're using 6.5.14 |
||
| mod - .travis.yml | Diff File | ||
|
master 0c3ed6b1 2019-08-15 08:20 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_polish.txt | Diff File | ||
|
master 4030ebee 2019-08-15 06:37 Details Diff |
Merge remote-tracking branch 'origin/master-2.21' | ||
| mod - core/classes/IssueAttachmentTimelineEvent.class.php | Diff File | ||
|
master af44213d 2019-08-15 05:36 Committer: vboctor Details Diff |
Fix styling of custom field manage table Fix style of table headers to be consistent with the standard mantis tables. |
||
| mod - manage_custom_field_page.php | Diff File | ||
|
master e9e8f4e8 2019-08-15 04:40 Committer: vboctor Details Diff |
Sort custom field table Fixes: 0025975 |
Affected Issues 0025975 |
|
| mod - manage_custom_field_page.php | Diff File | ||
|
master fa10a333 2019-08-15 03:12 Committer: atrol Details Diff |
Add email on monitor to config page Email on "monitor" is an existing action, which is already configured in config_defaults_inc, but it's not displayed in the email configuration page. Fixes: 0026002 |
Affected Issues 0026002 |
|
| mod - core/email_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
|
master-2.21 9cee1971 2019-08-15 00:53 Details Diff |
Fix XSS on timeline (CVE-2019-15074) Kamran Saifullah reported a stored cross-site scripting (XSS) vulnerability in Timeline, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. Prevent the attack by sanitizing the filename before display. Fixes 0025995 |
Affected Issues 0025995 |
|
| mod - core/classes/IssueAttachmentTimelineEvent.class.php | Diff File | ||
|
master 4e786bd2 2019-08-14 03:34 Details Diff |
Fix PHP Notice in IssueAddCommand The code did not check for existence of `id` key in $t_tag before trying to access it. This caused REST API to generate an invalid JSON response when creating issue with tag by name. Fixes 0025997 |
Affected Issues 0025997 |
|
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
master 8e7d56cc 2019-08-14 03:26 Details Diff |
REST API: log tag creation when adding new issue | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
master f2756da0 2019-08-14 03:19 Details Diff |
Add missing tag name in error message When creating a new issue via REST API with a non-existing tag name, the error message generated by mci_tag_set_for_issue() did not include the tag's name. This was caused by reusing the $t_tag variable to store the return value of tag_get_by_name(), so the original data is no longer available when the exception is thrown. Same problem in IssueAddCommand::validate() if the user attempting to create the issue does not have the required privileges to create tags, this time due to usage of an uninitialized variable. Fixes 0025996 |
Affected Issues 0025996 |
|
| mod - api/soap/mc_tag_api.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
master b5857e4c 2019-08-12 02:20 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
|
master 0e1c34c3 2019-08-11 17:51 Details Diff |
Fix comments and documentation | ||
| mod - bug_actiongroup.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
| mod - core/classes/BugFilterQuery.class.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/issues.xml | Diff File | ||
|
master ad42c3ca 2019-08-10 13:21 Details Diff |
Prevent email about private note to unprivileged users In email_collect_recipient(), the logic to exclude users who can't see bugnotes relied on comparing the issue's last updated timestamp with the bugnote's date. Since these dates are not necessarily equal as they are updated separately when a bugnote is added, this may result in a race condition causing a notification e-mail about a new private bugnote to be sent to users not authorized to see them. Since email_collect_recipient()'s $p_bugnote_id parameter is always null except for 'bugnote' notifications, the date check is not necessary; it is sufficient to check that $p_bugnote_id is not null. Fixes 0022898 |
Affected Issues 0022898 |
|
| mod - core/email_api.php | Diff File | ||
|
master 168deaa4 2019-08-08 16:26 Details Diff |
VersionTest: set date order to current timestamp Prior to this, date order was set to a hardcoded timestamp. This caused testAddVersion to fail if there were any existing Version records in the database having a more recent date order more recent. To fix the problem, the DATE_ORDER constant has been replaced by a $date_order class property, set to current date/time when the test suite starts. |
||
| mod - tests/soap/VersionTest.php | Diff File | ||
|
master a502d149 2019-08-08 14:27 Details Diff |
Update .mailmap | ||
| mod - .mailmap | Diff File | ||
|
master 609c6b8d 2019-08-08 13:22 Details Diff |
Update Chart.js and move to MantisGraph plugin - Update Chart.js library to v2.8.0 - Update colorschemes Chart.js plugin to v0.4.0 - Use jsDelivr CDN for all MantisGraph javascripts - Define Chart.js constants in MantisGraph plugin - Define and use constant for jsDelivr CDN URL - Use foreach loop to output script tags - PHPDoc fixes Merge PR 1533 - https://github.com/mantisbt/mantisbt/pull/1533 |
||
| mod - core/constant_inc.php | Diff File | ||
| mod - library/README.md | Diff File | ||
| mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
| rm - plugins/MantisGraph/files/Chart-2.7.3.min.js | Diff | ||
| add - plugins/MantisGraph/files/Chart-2.8.0.min.js | Diff File | ||
| rm - plugins/MantisGraph/files/Chart.bundle-2.7.3.min.js | Diff | ||
| add - plugins/MantisGraph/files/Chart.bundle-2.8.0.min.js | Diff File | ||
| add - plugins/MantisGraph/files/chartjs-plugin-colorschemes-0.4.0.min.js | Diff File | ||
| rm - plugins/MantisGraph/files/chartjs-plugin-colorschemes.min.js | Diff | ||
|
master a02680db 2019-08-08 10:15 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
|
master 404bdd68 2019-08-06 15:13 Committer: vboctor Details Diff |
Make custom fields table sortable. | ||
| mod - manage_custom_field_page.php | Diff File | ||
|
master 7786bfd5 2019-08-06 15:13 Committer: vboctor Details Diff |
Use html regex validation for string custom fields Use the custom field configured regex in the html input "pattern" attribute. This is only supported (natively in html5) for text inputs, not textareas. Fixes: 0025972 |
Affected Issues 0025972 |
|
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
|
master 82b8d472 2019-08-06 12:30 Committer: vboctor Details Diff |
Don't force caching of form pages These pages were explicitly setting a flag to make the pages cacheable. Before the changes in 97b745dc102323c312ca27b6fcb8f838c3e50b8f the expiration headers were not being correctly set, however after that commit, the issue is fixed and these pages have become cacheable This causes undesired effects. Since the previos status of this scenario is that the pages were not being cached anyway, we are removing the explicit $g_allow_browser_cache flag. Fixes: 0025969 |
Affected Issues 0025969 |
|
| mod - bug_change_status_page.php | Diff File | ||
| mod - bug_report_page.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
|
master bfcb3c6d 2019-08-05 16:36 Details Diff |
PHPUnit: fix RestIssueAddTest - categories The assertion is now conditional, based on how $g_allow_no_category is set. This option defaults to OFF, but Travis builds set it to ON to avoid skipping tests in SOAP suite. |
||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
|
master 9a1900fb 2019-08-05 16:35 Details Diff |
PHPUnit: fix RestIssueAddTest - tags | ||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
|
master b2096a72 2019-08-05 16:33 Details Diff |
Travis: generate Tag data | ||
| mod - scripts/travis_before_script.sh | Diff File | ||
|
master b3c85ad9 2019-08-05 15:46 Details Diff |
PHPUnit: fix RestIssueAddTest - versions Prior to this, the tests were written to use harcoded version numbers and ids taken from mantisbt.org database. Now we retrieve versions from the database; there must be at least 3 defined versions for the test project. |
||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
