Source Control Integration

master b7f337de 2017-05-20 01:28 dregad Details Diff	Refactor db_insert_id() to use $g_db_functional_type Avoid multiple calls to db_is_xxx.
	mod - core/database_api.php	Diff File
master 2d541e98 2017-05-20 00:59 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net.	Affected Issues 0022852
	mod - lang/strings_bulgarian.txt	Diff File
	mod - lang/strings_chinese_simplified.txt	Diff File
	mod - lang/strings_german.txt	Diff File
	mod - lang/strings_russian.txt	Diff File
master-2.4 2d2309a3 2017-05-19 07:48 dregad Details Diff	Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816	Affected Issues 0022702, 0022816
	mod - core/filter_api.php	Diff File
	mod - core/string_api.php	Diff File
	mod - permalink_page.php	Diff File
	mod - tests/Mantis/StringTest.php	Diff File
master-2.3 8b6787c8 2017-05-19 07:48 dregad Details Diff	Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816	Affected Issues 0022702, 0022816
	mod - core/filter_api.php	Diff File
	mod - core/string_api.php	Diff File
	mod - permalink_page.php	Diff File
	mod - tests/Mantis/StringTest.php	Diff File
master-1.3.x c4f50e5d 2017-05-19 07:48 dregad Details Diff	Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection (code changed from original commit) 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816	Affected Issues 0022702, 0022816
	mod - core/filter_api.php	Diff File
	mod - core/string_api.php	Diff File
	mod - permalink_page.php	Diff File
	mod - tests/Mantis/StringTest.php	Diff File
master b0c652f3 2017-05-15 15:32 Carlos Proensa Committer: Damien Regad Details Diff	Make buttons visible only on hover over container Make some buttons visible only when hovering over it's container. Applied to: adm_config_report.php, view.php (bugnotes) Fixes: 0022872	Affected Issues 0022872
	mod - adm_config_report.php	Diff File
	mod - bugnote_view_inc.php	Diff File
	mod - js/common.js	Diff File
master aee0080d 2017-05-15 14:40 Carlos Proensa Committer: Damien Regad Details Diff	Add margin css to single button forms Add margin between buttons generated by print_form_button(), to be consistent with the general styling of inline buttons in a general form. Fixes: 0022870	Affected Issues 0022870
	mod - core/print_api.php	Diff File
	mod - css/ace-mantis.css	Diff File
master a0aa8078 2017-05-15 14:22 cproensa Committer: dregad Details Diff	Make single button forms flow inlined Add inline class to single button forms. Now it should not be needed to "pull-left" to place several buttons in line. Fixes: 0022871	Affected Issues 0022871
	mod - core/print_api.php	Diff File
master cf972ca1 2017-05-15 14:01 cproensa Committer: dregad Details Diff	Use button tag for print_form_button() Use 'button' tag instead of 'input', to offer better customization for labels and icons.
	mod - core/print_api.php	Diff File
master c0903f25 2017-05-15 03:55 dregad Details Diff	Fix 0022868: typo in variable name	Affected Issues 0022868
	mod - core/html_api.php	Diff File
master 06e76774 2017-05-15 00:33 dregad Details Diff	Improve db_fetch_array performance Improve db_fetch_array performance by caching the result from: - db_is_pgsql() - db_is_oracle() Based on profiling, the repeated calls were using up to 20% of total time for the db_fetch_array execution. Fixes 0021871, PR https://github.com/mantisbt/mantisbt/pull/1105	Affected Issues 0021871
	mod - core/constant_inc.php	Diff File
	mod - core/database_api.php	Diff File
master-2.4 a64a0d22 2017-05-14 20:32 vboctor Details Diff	Fixes markdown formating for notes column The 3 dashes marked the notes above it as a markdown header. Fix is to use `=-=` instead. Fixes 0022867	Affected Issues 0022867
	mod - core/bugnote_api.php	Diff File
master-2.4 8dad4e18 2017-05-14 19:43 vboctor Details Diff	Fix CSV and Excel export when markdown is enabled The output for CSV and Excel included paragraph html tags which polluted the output and corrupted Excel output when there are numeric custom fields. This was caused by calling html processing when getting the value of custom fields. The fix is to have the retrieval of custom field values not process it for any output and have the calling code do the appropriate processing. The code also now does processing based on the custom field type rather than treating types all as string. Fixes 0022428	Affected Issues 0022428
	mod - core/cfdefs/cfdef_standard.php	Diff File
	mod - core/classes/MantisColumn.class.php	Diff File
	mod - core/csv_api.php	Diff File
	mod - core/custom_field_api.php	Diff File
	mod - core/excel_api.php	Diff File
	mod - csv_export.php	Diff File
	mod - excel_xml_export.php	Diff File
master 241ff4eb 2017-05-13 14:53 dregad Details Diff	Add test for '\' encoding in in string_sanitize_url() Issue 0022702	Affected Issues 0022702
	mod - tests/Mantis/StringTest.php	Diff File
master f6644090 2017-05-13 14:47 dregad Details Diff	Encode '\' in string_sanitize_url() As an extra safety measure following up on the fix for CVE-2017-7620, we encode the backslashes in the 'script' part of the URL to ensure that the sanitized URL is treated as a path relative to MantisBT root and not a link to an external site if the URL begins with an escaped `/`. This reduces the risk of someone being able to use the same attack vector in another page. Fixes 0022702, 0022816	Affected Issues 0022702, 0022816
	mod - core/string_api.php	Diff File
master f21b56fa 2017-05-13 14:45 dregad Details Diff	Add form security token to permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). The security token prevents such injection. Fixes 0022702	Affected Issues 0022702
	mod - core/filter_api.php	Diff File
	mod - permalink_page.php	Diff File
master b0b56c82 2017-05-13 14:11 dregad Details Diff	Fix system notice on login page with BASIC_AUTH Undefined index: REMOTE_USER in authentication_api.php line 337 Fixes 0022865	Affected Issues 0022865
	mod - core/authentication_api.php	Diff File
master cbdf5661 2017-05-13 13:59 dregad Details Diff	Fix .mailmap for Carlos
	mod - .mailmap	Diff File
master 0316eb9b 2017-05-13 04:38 cproensa Committer: dregad Details Diff	Fix PHPDoc for print_link_button() Fix order of parameters Fixes 0022864	Affected Issues 0022864
	mod - core/print_api.php	Diff File
master 3b21c7c6 2017-05-10 22:43 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net.
	mod - lang/strings_greek.txt	Diff File
	mod - lang/strings_polish.txt	Diff File
	mod - lang/strings_russian.txt	Diff File
	mod - lang/strings_spanish.txt	Diff File
	mod - lang/strings_swedish.txt	Diff File
	mod - plugins/MantisCoreFormatting/lang/strings_japanese.txt	Diff File
	mod - plugins/MantisCoreFormatting/lang/strings_swedish.txt	Diff File
	mod - plugins/MantisGraph/lang/strings_swedish.txt	Diff File
	mod - plugins/XmlImportExport/lang/strings_serbian.txt	Diff File
master db1996c0 2017-05-10 15:19 cproensa Committer: dregad Details Diff	Improve phpdoc for db_result() Rename parameters and improve phpdoc comments to better explain the usage of this function.
	mod - core/database_api.php	Diff File
master 2dcb5559 2017-05-10 14:55 cproensa Committer: dregad Details Diff	Transform values fetched by db_result() db_result() was bypassing transformations that must be made for some databases (postgres and oracle), to transform some of the data returned by the raw result set.
	mod - core/database_api.php	Diff File
master b2207408 2017-05-10 04:48 dregad Details Diff	Display indentifier size limit warning for Oracle Issue 0022851	Affected Issues 0022851
	mod - admin/install.php	Diff File
	mod - js/install.js	Diff File
master 624f9057 2017-05-10 02:59 dregad Details Diff	Install: fix layout of check and options sections Incorrect closing of tables and divs within the various conditional blocks caused the title of the 'Installation Options' section to be displayed as a "sub-table" under the 'Checking Installation' section, followed by the actual install checks and finally the list of installation options. This commit moves the closing tags as appropriate, so that - checks are listed as a table under 'Checking Installation' section - 'Installation Options' is displayed as an independent section below the checks Fixes 0022850	Affected Issues 0022850, 0022985
	mod - admin/install.php	Diff File
master cf89c0fa 2017-05-10 02:38 dregad Details Diff	Use proper input type 'text' instead of 'textbox' This allows the correct Modern UI style to be applied. Fixes 0022850	Affected Issues 0022850
	mod - admin/install.php	Diff File

Changesets: MantisBT