Changesets: MantisBT
|
master 5a72e41c 2017-03-25 12:39 Details Diff |
Update ‘cookie_time_length’ docs and default value | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/time.xml | Diff File | ||
|
master 3c98827b 2017-03-25 11:19 Details Diff |
Explicitly disable html from being rendered inline | ||
| mod - file_download.php | Diff File | ||
|
master aa40d4df 2017-03-25 11:10 Details Diff |
Open PDFs in the browser rather than downloading Fixes 0022583 |
Affected Issues 0022583 |
|
| mod - file_download.php | Diff File | ||
|
master f6229fbe 2017-03-25 10:15 Romain CABASSOT Committer: vboctor Details Diff |
Avatars should respect aspect ratio Fixes 0022473 |
Affected Issues 0022473 |
|
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/classes/TimelineEvent.class.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/prepare_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - css/ace-mantis.css | Diff File | ||
|
master dbe7be70 2017-03-25 09:44 Details Diff |
Relationship box layout fixes Fixes 0022582 |
Affected Issues 0022582 |
|
| mod - core/relationship_api.php | Diff File | ||
|
master 2d4668c4 2017-03-25 06:52 Committer: vboctor Details Diff |
Change icon for project assignment widgets | ||
| mod - account_page.php | Diff File | ||
| mod - manage_user_edit_page.php | Diff File | ||
|
master-2.2 e881dd79 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae. Fixes 0022579 |
Affected Issues 0022579 |
|
| mod - adm_config_report.php | Diff File | ||
|
master-2.1 0243375e 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae. Fixes 0022579 |
Affected Issues 0022579 |
|
| mod - adm_config_report.php | Diff File | ||
|
master-1.3.x c9e5b1d0 2017-03-25 06:23 Details Diff |
Fix XSS in adm_config_report.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'config_option' parameter. Sanitize the parameter prior to output, to ensure HTML special characters are properly escaped. Fixes 0022579 |
Affected Issues 0022579 |
|
| mod - adm_config_report.php | Diff File | ||
|
master 665f665f 2017-03-25 04:29 Committer: vboctor Details Diff |
Move assigned projects outside of form Move the list of assigned projects outside of the form in account_page. This list is not editable, so it must not be part of the form. Fixes: 0021552 |
Affected Issues 0021552 |
|
| mod - account_page.php | Diff File | ||
|
master-2.2 ecef0e9b 2017-03-24 08:02 Details Diff |
Fix XSS in move_attachments_page.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes 0022568 |
Affected Issues 0022568 |
|
| mod - admin/move_attachments_page.php | Diff File | ||
|
master-2.1 2d55c647 2017-03-24 08:02 Details Diff |
Fix XSS in move_attachments_page.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes 0022568 |
Affected Issues 0022568 |
|
| mod - admin/move_attachments_page.php | Diff File | ||
|
master-1.3.x d31841c8 2017-03-24 08:02 Details Diff |
Fix XSS in move_attachments_page.php Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Move Attachments admin page, allowing an attacker to inject arbitrary code through a crafted 'type' parameter. Sanitize the 'type' parameter prior to output, to ensure HTML special characters are properly escaped. Fixes 0022568 Backported from 2.2.x ecef0e9b523a460709e8feedfce72f05bb30b992 Conflicts: admin/move_attachments_page.php |
Affected Issues 0022568 |
|
| mod - admin/move_attachments_page.php | Diff File | ||
|
master 7a5c0377 2017-03-23 23:49 Details Diff |
Correct documentation of option show_version Fixes 0022572 |
Affected Issues 0022572 |
|
| mod - docbook/Admin_Guide/en-US/config/version.xml | Diff File | ||
|
master 4d6f58a4 2017-03-23 05:47 Committer: dregad Details Diff |
Add ID attribute to bugnote_text textareas Fixes 0022571 |
Affected Issues 0022571 |
|
| mod - bug_actiongroup_add_note_inc.php | Diff File | ||
| mod - bug_actiongroup_page.php | Diff File | ||
| mod - bug_change_status_page.php | Diff File | ||
|
master a9abb280 2017-03-22 23:38 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_asturian.txt | Diff File | ||
| mod - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_polish.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
|
master-2.2 449f4d51 2017-03-22 18:18 Committer: vboctor Details Diff |
Validate filter values that must not be arrays Add validation for values that must be a single value. Clean up type validation for both single and multiple values. Fixes: 0022566 |
Affected Issues 0022566 |
|
| mod - core/filter_api.php | Diff File | ||
| mod - view_all_set.php | Diff File | ||
|
master 815af159 2017-03-22 18:08 Details Diff |
Fix typos in filter_api.php | ||
| mod - core/filter_api.php | Diff File | ||
|
master-2.2 c612d8da 2017-03-22 16:45 Committer: vboctor Details Diff |
Fix lowercase custom field column names Fix column names for custom field columns that may be stored as lowercase in configuration. See issue 0017367 If the system was working fine with lowercase names, then database is case-insensitive, eg: mysql. Fix by forcing a search with current name to get the id, then get the actual name by looking up this id. Fixes: 0022555 |
Affected Issues 0017367, 0022555, 0029413 |
|
| mod - core/bug_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
|
master-2.2 98a31d53 2017-03-22 07:15 Committer: dregad Details Diff |
Modify schema to get install/upgrade work with db-mssql. Although the problem appears in step 209, the real cause is the combination of steps 200 and 201. The Index ('user_id','name') created in step 201 (with a nullable 'user_id' as of step 200) forbids the alteration of 'user_id' to NOTNULL in step 209, at least with mssql. So fix this in step 200 and set 'user_id' NOTNULL right from start. While this is a 'post release' change, it is justifiable as it happens in the same install/upgrade sequence and the final db (schema) is identical. Fixes 0022063 |
Affected Issues 0022063 |
|
| mod - admin/schema.php | Diff File | ||
|
master-2.1 5fec5fb9 2017-03-22 07:15 Committer: dregad Details Diff |
Modify schema to get install/upgrade work with db-mssql. Although the problem appears in step 209, the real cause is the combination of steps 200 and 201. The Index ('user_id','name') created in step 201 (with a nullable 'user_id' as of step 200) forbids the alteration of 'user_id' to NOTNULL in step 209, at least with mssql. So fix this in step 200 and set 'user_id' NOTNULL right from start. While this is a 'post release' change, it is justifiable as it happens in the same install/upgrade sequence and the final db (schema) is identical. Fixes 0022063 |
Affected Issues 0022063 |
|
| mod - admin/schema.php | Diff File | ||
|
master-1.3.x 8decd714 2017-03-22 07:15 Committer: dregad Details Diff |
Modify schema to get install/upgrade work with db-mssql. Although the problem appears in step 209, the real cause is the combination of steps 200 and 201. The Index ('user_id','name') created in step 201 (with a nullable 'user_id' as of step 200) forbids the alteration of 'user_id' to NOTNULL in step 209, at least with mssql. So fix this in step 200 and set 'user_id' NOTNULL right from start. While this is a 'post release' change, it is justifiable as it happens in the same install/upgrade sequence and the final db (schema) is identical. Fixes 0022063 Signed-off-by: Damien Regad <dregad@mantisbt.org> Backported from master 3a0706a1bc291be6ee684bd30199bd6544f0cc6b |
Affected Issues 0022063 |
|
| mod - admin/schema.php | Diff File | ||
|
master 3a0706a1 2017-03-22 07:15 Committer: dregad Details Diff |
Modify schema to get install/upgrade work with db-mssql. Although the problem appears in step 209, the real cause is the combination of steps 200 and 201. The Index ('user_id','name') created in step 201 (with a nullable 'user_id' as of step 200) forbids the alteration of 'user_id' to NOTNULL in step 209, at least with mssql. So fix this in step 200 and set 'user_id' NOTNULL right from start. While this is a 'post release' change, it is justifiable as it happens in the same install/upgrade sequence and the final db (schema) is identical. Fixes 0022063 |
Affected Issues 0022063 |
|
| mod - admin/schema.php | Diff File | ||
|
master-2.2 4a06c6e8 2017-03-22 06:32 Committer: dregad Details Diff |
mssql: don't encode contents when uploading attachments Downloads are broken and inline preview doesn't work. Move "case 'mssqlnative':" down next to 'oci8' in db_prepare_binary_string (database_api) to effectively return the string unchanged via 'default:'. Adjust comment. Fixes 0022208 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0022208 |
|
| mod - core/database_api.php | Diff File | ||
|
master-2.1 b9fccabf 2017-03-22 06:32 Committer: dregad Details Diff |
mssql: don't encode contents when uploading attachments Downloads are broken and inline preview doesn't work. Move "case 'mssqlnative':" down next to 'oci8' in db_prepare_binary_string (database_api) to effectively return the string unchanged via 'default:'. Adjust comment. Fixes 0022208 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0022208 |
|
| mod - core/database_api.php | Diff File | ||
