Changesets: MantisBT
|
master 6eff1a4e 2024-09-29 12:55 Details Diff |
Bump version to 2.27.0 | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
|
master 834ea837 2024-09-29 12:48 Details Diff |
Update Credits | ||
| mod - doc/CREDITS | Diff File | ||
|
master 67f3a80d 2024-09-29 12:45 Details Diff |
Manual: reference 2.x in title instead of 2.0 2.0 could be confusing since we're on 2.27... |
||
| mod - docbook/Admin_Guide/en-US/Book_Info.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Book_Info.xml | Diff File | ||
|
master fa953cc3 2024-09-29 12:44 Details Diff |
Composer update - Upgrading nikic/php-parser (v5.1.0 => v5.3.0) - Upgrading phpunit/php-code-coverage (9.2.31 => 9.2.32) - Upgrading phpunit/phpunit (9.6.20 => 9.6.21) |
||
| mod - composer.lock | Diff File | ||
|
master ed2133c0 2024-09-28 11:36 Details Diff |
Merge tag 'release-2.26.4' Conflicts: api/soap/mc_api.php -> new ERROR constant added in error_api.php config_defaults_inc.php core/constant_inc.php |
||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
| mod - core/error_api.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - tests/rest/RestIssueTest.php | Diff File | ||
| mod - tests/soap/AttachmentTest.php | Diff File | ||
|
master-2.26 ef89eb7f 2024-09-28 11:18 Details Diff |
Bump version to 2.26.4 | ||
| mod - core/constant_inc.php | Diff File | ||
|
master-2.26 3b1caab1 2024-09-28 11:01 Details Diff |
Fix REST & SOAP API issues PR https://github.com/mantisbt/mantisbt/pull/2030 |
||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
| mod - tests/rest/RestIssueTest.php | Diff File | ||
| mod - tests/soap/AttachmentTest.php | Diff File | ||
|
master-2.26 ef0f8202 2024-09-28 10:54 Details Diff |
Prevent unauthorized access to other users Profiles Create 2 new Profile API functions: profile_can_update() and profile_ensure_can_update(). Use them in account_prof_update.php and account_prof_edit_page.php to ensure that users can only view and update their own Profiles (or the global ones if they are authorized to). Fixes 0034640, CVE-2024-45792 (cherry picked from commit 56bbd02dc1fb33a8de5898fd17dc3d698c847f55) |
Affected Issues 0034640 |
|
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
|
master 901f74fe 2024-09-28 10:49 Details Diff |
GHSA-h5q3-fjp4-2x7r The automated commit generated by GitHub when merging the pull request from the security advisory's private fork was somewhat messed up (the commit message's 1st line was changed from "Prevent unauthorized access to other users Profiles" to "Merge commit from fork"). This somewhat artificial merge commit's purpose is to allow easy identification of the security advisory from Git history. |
||
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
|
master 56bbd02d 2024-09-28 10:47 Committer: community Details Diff |
Merge commit from fork Create 2 new Profile API functions: profile_can_update() and profile_ensure_can_update(). Use them in account_prof_update.php and account_prof_edit_page.php to ensure that users can only view and update their own Profiles (or the global ones if they are authorized to). Fixes 0034640, CVE-2024-45792 |
Affected Issues 0034640 |
|
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
|
master e5494b6b 2024-09-26 08:09 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_arabic.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_arabic.txt | Diff File | ||
|
master b1fe6a00 2024-09-25 19:00 Details Diff |
Refactor Profile API - new ProfileData class Using an object to handle Profiles avoids repeated SQL queries to retrieve the same Profile information from the database. This initial implementation only supports read-only operations for now; add, update and delete are still managed with legacy functions. These 3 functions have been replaced by ProfileData methods, which they are now simple proxies for. They have been marked as deprecated, and will be removed in a future release. - profile_get_row() - profile_get_name() - profile_is_global() Fixes 0034824 |
Affected Issues 0034824 |
|
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
|
master f4613156 2024-09-23 08:07 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
|
master-2.26 4ef5849d 2024-09-20 20:40 Details Diff |
SOAP: Fix deprecation warning on PHP 8.1+ preg_replace(): Passing null to parameter 3 ($subject) of type array|string is deprecated Fixes 0034684 |
Affected Issues 0034684 |
|
| mod - api/soap/mc_api.php | Diff File | ||
|
master-2.26 91ffc703 2024-09-20 20:39 Details Diff |
PHPDoc, coding guidelines | ||
| mod - api/soap/mc_api.php | Diff File | ||
|
master-2.26 656f93ee 2024-09-20 20:38 Details Diff |
REST: error when creating issue with invalid category When calling the POST /issues endpiont with a payload including an invalid Category and $g_allow_no_category = ON, the Issue was created successfully (HTTP 201) with an empty category. Changing the logic in mci_get_category_id() so that a ClientException is thrown in this case. Fixes 0034683 |
Affected Issues 0034683 |
|
| mod - api/soap/mc_api.php | Diff File | ||
|
master-2.26 64eca96d 2024-09-20 20:24 Details Diff |
Fix PHP warning in IssueAddCommand When given an invalid Category, or an empty Category when $g_allow_no_category = OFF, mci_get_category_id() returned a SoapFault object instead of throwing a ClientException, resulting in a PHP Warning "Object of class SoapFault could not be converted to int". This affects mc_issue_add() Fixes 0026672 |
Affected Issues 0026672 |
|
| mod - api/soap/mc_api.php | Diff File | ||
|
master-2.26 bcc7cab2 2024-09-20 19:52 Details Diff |
Tests: creating an issue with invalid category Issue 0026672 |
Affected Issues 0026672 |
|
| mod - tests/rest/RestIssueTest.php | Diff File | ||
|
master-2.26 30ad2567 2024-09-20 19:50 Details Diff |
Fix static analysis warnings | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
master-2.26 bb7b10d5 2024-09-20 19:29 Details Diff |
Tests: Fix testProjectAttachmentIsAdded() When there are "global" project files (i.e. attached to ALL_PROJECTS), the test case fails as the test attachment created is not the last one in the list returned by mc_project_get_attachments(). Adapting the test case to perform a proper search on attachment id. |
||
| mod - tests/soap/AttachmentTest.php | Diff File | ||
|
master-2.26 952cbc28 2024-09-20 12:55 Details Diff |
Fix broken absolute URL on proj_doc_page.php Introduce 'absolute' flag in print_menu() items, allowing caller to decide whether helper_mantis_url() needs to be called on the given url or not. Fixes 0032557 |
Affected Issues 0032557 |
|
| mod - core/html_api.php | Diff File | ||
|
master-2.26 4cd3b396 2024-09-20 12:18 Details Diff |
Use canonical mantisbt.org URL with https | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
|
master-2.26 904f9235 2024-09-20 12:17 Details Diff |
Use helper_mantis_url(), not lang_get_defaulted() The incorrect usage is a regression introduced many years ago by commit b8e0279f7c1026bb27aaa5a1f3f09e5b9d8b08fc. It never caused any noticeable harm, because with lang_get_defaulted() the param is returned as-is when not found, and since it was used as URL it would be relative to current directory. Fixes 0034682 |
Affected Issues 0034682 |
|
| mod - core/html_api.php | Diff File | ||
|
master-2.26 6cb11276 2024-09-16 13:45 Details Diff |
Return HTTP response code when error occurs Until now, our error handler displayed an error page, but actually returned HTTP status code 200 (success), which was causing problems in certain usage scenarios. The REST and SOAP APIs do define a mapping from Mantis error to the corresponding HTTP response code ApiObjectFactory::faultFromException(). This moves the mapping logic to a new Error API function error_map_mantis_error_to_http_code(), and the error handler calls http_response_code() with its return value so a proper HTTP status code is returned to the user agent. faultFromException() method was modified to use the new API function to avoid code duplication. Fixes 0034634 |
Affected Issues 0034634 |
|
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/error_api.php | Diff File | ||
|
master-2.26 16efe782 2024-09-16 13:37 Details Diff |
Fix static analysis warnings | ||
| mod - core/error_api.php | Diff File | ||
