Source Control Integration

master-1.3.x 59121dde 2018-04-29 15:01 vboctor Details Diff	Update version to `1.3.15`
	mod - core/constant_inc.php	Diff File
	mod - docbook/Admin_Guide/en-US/Revision_History.xml	Diff File
	mod - docbook/Developers_Guide/en-US/Revision_History.xml	Diff File
master 384bdf3b 2018-04-29 14:51 vboctor Details Diff	Update version to `2.14.0`
	mod - core/constant_inc.php	Diff File
	mod - docbook/Admin_Guide/en-US/Revision_History.xml	Diff File
	mod - docbook/Developers_Guide/en-US/Revision_History.xml	Diff File
master 9edadd21 2018-04-29 14:47 vboctor Details Diff	Update credits
	mod - doc/CREDITS	Diff File
master-2.13 337f60c5 2018-04-29 14:45 vboctor Details Diff	Update version to `2.13.2`
	mod - core/constant_inc.php	Diff File
	mod - docbook/Admin_Guide/en-US/Revision_History.xml	Diff File
	mod - docbook/Developers_Guide/en-US/Revision_History.xml	Diff File
master e257b280 2018-04-27 16:43 vboctor Details Diff	Merge remote-tracking branch 'origin/master-2.13'
	mod - api/soap/mc_project_api.php	Diff File
	mod - core/classes/FilterConverter.class.php	Diff File
	mod - core/filter_api.php	Diff File
master a96bf279 2018-04-27 06:01 atrol Details Diff	Merge branch 'master-2.13'
	mod - core.php	Diff File
	mod - core/commands/IssueNoteAddCommand.php	Diff File
	mod - core/file_api.php	Diff File
master 743a7dc2 2018-04-25 08:39 dregad Details Diff	Merge branch 'master-2.13'
	mod - bug_report.php	Diff File
	mod - bug_report_page.php	Diff File
master-1.3.x 5cbf97f4 2018-04-25 08:31 dregad Details Diff	Prevent cloning private issues by unauthorized users Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. @atrol noted that the same vulnerability also existed in bug_report.php, although in this case the information disclosure is limited to notes and attachments (issue data itself does not become accessible). Added an access level check, so that the operation now fails with an Access Denied error in both cases. Backported from 1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea Fixes 0024365, CVE-2018-9839	Affected Issues 0024365
	mod - bug_report.php	Diff File
	mod - bug_report_page.php	Diff File
master 1fbcd9bc 2018-04-25 08:31 dregad Details Diff	Prevent cloning private issues by unauthorized users Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. @atrol noted that the same vulnerability also existed in bug_report.php, although in this case the information disclosure is limited to notes and attachments (issue data itself does not become accessible). Added an access level check, so that the operation now fails with an Access Denied error in both cases. Fixes 0024221, CVE-2018-9839 Prevent cloning private issues by unauthorized users Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). Added an access level check, so that the operation now fails with an Access Denied error. Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. Fixes 0024221	Affected Issues 0024221
	mod - bug_report.php	Diff File
	mod - bug_report_page.php	Diff File
master-2.13 e92176ef 2018-04-24 23:56 atrol Details Diff	Correct attachment handling when adding notes Fixing a SYSTEM WARNING on PHP 7.2 'count(): Parameter must be an array or an object that implements Countable' Fixes 0024355	Affected Issues 0024355
	mod - core/commands/IssueNoteAddCommand.php	Diff File
	mod - core/file_api.php	Diff File
master d6b1afe8 2018-04-24 17:51 vboctor Details Diff	Don’t auto-set status when explicitly set by user Fixes 0024242	Affected Issues 0024242
	mod - bug_update.php	Diff File
master-2.13 4471fe41 2018-04-24 10:42 atrol Details Diff	Set default encoding to UTF-8 Ensure that encoding is always set to UTF-8 independant from any PHP default or ini setting http://php.net/manual/en/ini.core.php#ini.default-charset Fixes 0024353	Affected Issues 0024353
	mod - core.php	Diff File
master 9e2daf94 2018-04-22 22:58 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net.
	mod - lang/strings_icelandic.txt	Diff File
	add - plugins/Gravatar/lang/strings_icelandic.txt	Diff File
	add - plugins/MantisCoreFormatting/lang/strings_icelandic.txt	Diff File
	mod - plugins/MantisGraph/lang/strings_icelandic.txt	Diff File
	add - plugins/XmlImportExport/lang/strings_icelandic.txt	Diff File
master-2.13 021c13f7 2018-04-22 16:08 vboctor Details Diff	Expose default handler for categories for managers Fixes 0024346	Affected Issues 0024346
	mod - api/soap/mc_project_api.php	Diff File
master-2.13 b739c9f9 2018-04-21 11:55 vboctor Details Diff	Fix filter APIs The filter API was broken by recent refactoring causing it to return invalid id, name, public, and extra _filter_id. This broke both REST and SOAP APIs. Fixes 0024335, 0024349	Affected Issues 0024335, 0024349
	mod - core/classes/FilterConverter.class.php	Diff File
	mod - core/filter_api.php	Diff File
master 7fbb1d20 2018-04-21 11:07 vboctor Details Diff	Support getting a single project in REST API Fixes 0024333	Affected Issues 0024333
	mod - api/rest/restcore/projects_rest.php	Diff File
	mod - core/project_api.php	Diff File
master-2.13 8758ab82 2018-04-21 10:52 vboctor Details Diff	Use user account reference for category handler Fixes 0024343	Affected Issues 0024343
	mod - api/soap/mc_project_api.php	Diff File
master 5a229339 2018-04-19 23:33 atrol Details Diff	Correct priority check on Manage Plugins page Fixes 0024336	Affected Issues 0024336
	mod - core/print_api.php	Diff File
master f03ce567 2018-04-18 23:26 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net.
	mod - lang/strings_ukrainian.txt	Diff File
master c29aeb95 2018-04-18 13:25 atrol Details Diff	Correct default value of my_view_boxes in Admin Guide Fixes 0024326	Affected Issues 0024326
	mod - docbook/Admin_Guide/en-US/config/myview.xml	Diff File
master 65b8bff7 2018-04-18 13:09 atrol Details Diff	Remove unused function filter_exists No need to deprecate as the function didn't work. There is a call of function filter_cache_row that doesn't exist. Issue 0024325	Affected Issues 0024325
	mod - core/filter_api.php	Diff File
master 41543f15 2018-04-18 11:16 atrol Details Diff	Remove unused local variables Issue 0024325	Affected Issues 0024325
	mod - core/classes/FilterConverter.class.php	Diff File
	mod - core/commands/IssueFileAddCommand.php	Diff File
	mod - core/commands/IssueFileGetCommand.php	Diff File
	mod - core/commands/IssueNoteAddCommand.php	Diff File
	mod - core/filter_api.php	Diff File
	mod - core/filter_form_api.php	Diff File
master 6107c8db 2018-04-18 10:58 atrol Details Diff	PHPdoc fixes Issue 0024325	Affected Issues 0024325
	mod - core/classes/DbQuery.class.php	Diff File
	mod - core/classes/FilterConverter.class.php	Diff File
	mod - core/relationship_api.php	Diff File
master e6c18698 2018-04-16 22:27 dregad Details Diff	Merge remote-tracking branch 'origin/master-2.13' # Conflicts: # core/constant_inc.php
	mod - core/email_api.php	Diff File
	mod - docbook/Admin_Guide/en-US/Revision_History.xml	Diff File
	mod - docbook/Developers_Guide/en-US/Revision_History.xml	Diff File
	mod - plugins/MantisCoreFormatting/core/MantisMarkdown.php	Diff File
master 7bc6b579 2018-04-16 12:49 atrol Details Diff	Remove soap folder check Fixes 0024236	Affected Issues 0024236
	mod - admin/check/check_paths_inc.php	Diff File

Changesets: MantisBT