Changesets: MantisBT
|
master 38c15c9a 2017-08-06 21:30 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_spanish.txt | Diff File | ||
|
master 7e0e097e 2017-08-06 06:51 Details Diff |
Correct access check for time tracking reports Fixes 0023191 |
Affected Issues 0023191 |
|
| mod - core/layout_api.php | Diff File | ||
|
master f4cbc57a 2017-08-05 15:21 Details Diff |
Update to latest libraries - Updating guzzlehttp/guzzle (6.2.3 => 6.3.0): Loading from cache - Updating phpmailer/phpmailer (v5.2.23 => v5.2.24): Downloading (100%) - Updating erusev/parsedown (1.6.2 => 1.6.3): Downloading (100%) - Updating symfony/yaml (v3.2.8 => v3.3.6): Downloading (100%) - Updating phpdocumentor/type-resolver (0.2.1 => 0.3.0): Downloading (100%) - Updating phpdocumentor/reflection-docblock (3.1.1 => 3.2.1): Downloading (100%) - Updating phpunit/phpunit (4.8.35 => 4.8.36): Downloading (100%) - Updating pimple/pimple (v3.0.2 => v3.2.2): Downloading (100%) Fixes 0023187, 0023188, 0023189, 0023190 |
Affected Issues 0023187, 0023188, 0023189, 0023190 |
|
| mod - composer.lock | Diff File | ||
|
master 32fd4fb7 2017-08-04 14:34 Details Diff |
Merge remote-tracking branch 'origin/master-2.5' | ||
| mod - admin/check/check_database_inc.php | Diff File | ||
| mod - admin/check/index.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - login_page.php | Diff File | ||
|
master-1.3.x 10211c90 2017-08-04 13:45 Details Diff |
Improve admin information about CVE-2017-12419 - Add admin check for mysqli.allow_local_infile - Add reminder to remove admin dir at end of Admin checks - Improve post-install tasks section of Admin Guide: add explicit warning about potential consequences of not deleting the admin directory, more descriptive wording. Stopgap measures for issue 0023173 Backported from master-2.5 branch 3a7c6f75bf3c4bc0856ebffe388df9e46ac10e5d Conflicts: admin/check/index.php |
Affected Issues 0023173, 0023186 |
|
| mod - admin/check/check_database_inc.php | Diff File | ||
| mod - admin/check/index.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
|
master-2.5 3a7c6f75 2017-08-03 15:39 Details Diff |
Improve admin information about CVE-2017-12419 - Add admin check for mysqli.allow_local_infile - Add reminder to remove admin dir at end of Admin checks - Improve post-install tasks section of Admin Guide: add explicit warning about potential consequences of not deleting the admin directory, more descriptive wording. Stopgap measures for issue 0023173 |
Affected Issues 0023173, 0023185 |
|
| mod - admin/check/check_database_inc.php | Diff File | ||
| mod - admin/check/index.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
|
master-1.3.x 600d0e0b 2017-08-03 13:47 Details Diff |
Improve wording of admin messages on login page Backported from master-2.5 branch a6dc088a395e3b4a8f2f243eac82786a751a7536 |
||
| mod - lang/strings_english.txt | Diff File | ||
|
master-2.5 a6dc088a 2017-08-03 13:47 Details Diff |
Improve wording of admin messages on login page | ||
| mod - lang/strings_english.txt | Diff File | ||
|
master-2.5 12ab69b8 2017-08-03 13:19 Details Diff |
Admin checks: fix HTML syntax error on index page A closing </div> was missing when displaying failures or warning. |
||
| mod - admin/check/index.php | Diff File | ||
|
master-1.3.x 82f913d3 2017-08-03 12:57 Details Diff |
Execute login page checks that can run without admin dir Some of the admin checks performed on login page can (and should) be executed if the admin dir does not exist (e.g. default administrator account password, detailed error settings). Fixes 0023181 Backported from master-2.5 branch 4980b3b0ae85cb76f3b14ac61214efde1f802da4 |
Affected Issues 0023181 |
|
| mod - login_page.php | Diff File | ||
|
master-2.5 4980b3b0 2017-08-03 12:57 Details Diff |
Execute login page checks that can run without admin dir Some of the admin checks performed on login page can (and should) be executed if the admin dir does not exist (e.g. default administrator account password, detailed error settings). Fixes 0023181 |
Affected Issues 0023181 |
|
| mod - login_page.php | Diff File | ||
|
master-1.3.x 21a15b88 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409 |
Affected Issues 0023173, 0023179, 0023186 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - login_page.php | Diff File | ||
|
master-2.5 d6d7dc2d 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 |
Affected Issues 0023173, 0023179, 0023185 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - login_page.php | Diff File | ||
|
master 5dea34c9 2017-08-02 07:04 Details Diff |
Update PHPMailer to 5.2.24 Fixes 0022940 |
Affected Issues 0022940 |
|
| mod - composer.lock | Diff File | ||
|
master 7cf4f0df 2017-08-02 07:03 Details Diff |
Composer: minimum PHPMailer version is 5.2.22 Older versions have security issues. Issue 0022940 |
Affected Issues 0022940 |
|
| mod - composer.json | Diff File | ||
|
master e7d5e46a 2017-08-02 06:50 Details Diff |
Add former Submodules to .gitignore Following the move of libraries from Git Submodules to Composer and removal of the former, their respective directories need to be ignored to avoid risk of inadvertant updates when switching back and forth between 2.6+ and older branches. Issues 0022913, 0022939, 0022940 |
Affected Issues 0022913, 0022939, 0022940 |
|
| mod - .gitignore | Diff File | ||
|
master 54929f3b 2017-08-02 04:18 Details Diff |
Fix inline viewing of image attachments The code extracting the MIME type from the content was incorrect, assuming that a semi-colon would always be present but it's not always the case. This resulted in MIME type being empty, which in turn made the browser download the file instead of displaying the image inline when the web server's content disposition header is set to "attachment". Jan Müller's original patch [1] was replaced by more efficient code. Fixes 0012313 [1] https://github.com/mantisbt/mantisbt/pull/1125 |
Affected Issues 0012313 |
|
| mod - file_download.php | Diff File | ||
|
master 5884ba47 2017-08-01 05:16 Details Diff |
Merge remote-tracking branch 'origin/master-2.5' # Conflicts: # core/constant_inc.php |
||
| mod - admin/install.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - manage_user_page.php | Diff File | ||
|
master-1.3.x 17f9b94f 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5 |
Affected Issues 0023146, 0023175 |
|
| mod - admin/install.php | Diff File | ||
|
master-2.5 c73ae3d3 2017-08-01 03:00 Details Diff |
Fix XSS in install.php (CVE-2017-12061) aLLy from ONSEC (https://twitter.com/IamSecurity) reported this vulnerability, allowing an attacker to inject arbitrary code through crafted forms variables. Sanitizing the database error message prior to output prevents the attack. Fixes 0023146 |
Affected Issues 0023146 |
|
| mod - admin/install.php | Diff File | ||
|
master-2.5 9b5b71da 2017-07-27 13:14 Committer: dregad Details Diff |
Fix XSS in manage_user_page.php (CVE-2017-12062) trichimtrich (https://twitter.com/trichimtrich) reported this vulnerability, allowing an attacker to inject arbitrary code through a crafted 'filter' form variable. Prevent the attack by sanitizing the variable before output. Fixes 0023166 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0023166 |
|
| mod - manage_user_page.php | Diff File | ||
|
master 3fa9f5d6 2017-07-27 11:59 Details Diff |
Enhance graph display Reduce transparency Remove axes form pie charts Fixes 0023159 |
Affected Issues 0023159 |
|
| mod - plugins/MantisGraph/core/graph_api.php | Diff File | ||
| mod - plugins/MantisGraph/files/MantisGraph.js | Diff File | ||
|
master 09f749de 2017-07-27 00:18 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_asturian.txt | Diff File | ||
|
master df80e3a0 2017-07-25 12:41 Details Diff |
Display "Monitored By" user list based on monitor_bug_threshold Fixes 0023087 |
Affected Issues 0023087 |
|
| mod - core/filter_form_api.php | Diff File | ||
|
master 18d5214f 2017-07-24 12:27 Details Diff |
Remove UTF-8 library from source Issue 0023214 |
Affected Issues 0023214 |
|
| mod - core.php | Diff File | ||
| mod - library/README.md | Diff File | ||
| rm - library/utf8/ChangeLog | Diff | ||
| rm - library/utf8/LICENSE | Diff | ||
| rm - library/utf8/README | Diff | ||
| rm - library/utf8/TODO.tsk | Diff | ||
| rm - library/utf8/exp/regexunicode.php | Diff | ||
| rm - library/utf8/index.html | Diff | ||
| rm - library/utf8/mbstring/core.php | Diff | ||
| rm - library/utf8/native/core.php | Diff | ||
| rm - library/utf8/ord.php | Diff | ||
| rm - library/utf8/readme_mantis.txt | Diff | ||
| rm - library/utf8/str_ireplace.php | Diff | ||
| rm - library/utf8/str_pad.php | Diff | ||
| rm - library/utf8/str_split.php | Diff | ||
| rm - library/utf8/strcasecmp.php | Diff | ||
| rm - library/utf8/strcspn.php | Diff | ||
| rm - library/utf8/stristr.php | Diff | ||
| rm - library/utf8/strrev.php | Diff | ||
| rm - library/utf8/strspn.php | Diff | ||
| rm - library/utf8/substr_replace.php | Diff | ||
| rm - library/utf8/trim.php | Diff | ||
| rm - library/utf8/ucfirst.php | Diff | ||
| rm - library/utf8/ucwords.php | Diff | ||
| rm - library/utf8/utf8.php | Diff | ||
| rm - library/utf8/utils/ascii.php | Diff | ||
| rm - library/utf8/utils/bad.php | Diff | ||
| rm - library/utf8/utils/patterns.php | Diff | ||
| rm - library/utf8/utils/position.php | Diff | ||
| rm - library/utf8/utils/specials.php | Diff | ||
| rm - library/utf8/utils/unicode.php | Diff | ||
| rm - library/utf8/utils/validation.php | Diff | ||
