Changesets: MantisBT
|
master 47f6cb8a 2017-03-17 20:04 Details Diff |
Support for API calls from the Web UI 1. Remove support for cookie auth on authorization header and just use cookies. 2. Even if the API is disabled, it should still work for calls via cookie auth to serve the UI. 3. Add internal route for private APIs and use it for autocomplete functionality. 4. Remove xmlhttprequest.php / xmlhttprequest_api.php. 5. Add constants for headers, login methods and middleware attributes. |
||
| mod - api/rest/index.php | Diff File | ||
| mod - api/rest/restcore/ApiEnabledMiddleware.php | Diff File | ||
| mod - api/rest/restcore/AuthMiddleware.php | Diff File | ||
| add - api/rest/restcore/OfflineMiddleware.php | Diff File | ||
| mod - api/rest/restcore/VersionMiddleware.php | Diff File | ||
| add - api/rest/restcore/internal_rest.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| rm - core/xmlhttprequest_api.php | Diff | ||
| mod - docbook/Admin_Guide/en-US/config/api.xml | Diff File | ||
| mod - js/common.js | Diff File | ||
| rm - xmlhttprequest.php | Diff | ||
|
master-2.1 15e52e84 2017-03-17 06:09 Details Diff |
Fix XSS in adm_config_report.php's action parameter Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'action' parameter. Define a new set of constants (MANAGE_CONFIG_ACTION_*) replacing the hardcoded strings used in adm_config_report.php and adm_config_set.php. Sanitize the 'action' parameter to ensure it is only set to one of the allowed values Fixes 0022537 |
Affected Issues 0022537 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - adm_config_set.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master-2.2 da74c5aa 2017-03-17 06:09 Details Diff |
Fix XSS in adm_config_report.php's action parameter Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'action' parameter. Define a new set of constants (MANAGE_CONFIG_ACTION_*) replacing the hardcoded strings used in adm_config_report.php and adm_config_set.php. Sanitize the 'action' parameter to ensure it is only set to one of the allowed values Fixes 0022537 |
Affected Issues 0022537 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - adm_config_set.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master 18ead4c8 2017-03-17 05:41 Details Diff |
Only retrieve language string once Code optimization |
||
| mod - adm_config_report.php | Diff File | ||
|
master-1.3.x 034cd07b 2017-03-17 05:20 Details Diff |
Fix XSS in adm_config_report.php's action parameter Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/ reported a vulnerability in the Configuration Report page, allowing an attacker to inject arbitrary code through a crafted 'action' parameter. Define a new set of constants (MANAGE_CONFIG_ACTION_*) replacing the hardcoded strings used in adm_config_report.php and adm_config_set.php. Sanitize the 'action' parameter to ensure it is only set to one of the allowed values Fixes 0022537 |
Affected Issues 0022537 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - adm_config_set.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master 61d790f8 2017-03-16 19:00 Committer: vboctor Details Diff |
Fix datetime text box max size | ||
| mod - bug_actiongroup_page.php | Diff File | ||
| mod - bug_change_status_page.php | Diff File | ||
|
master 12c1eeba 2017-03-16 14:37 Committer: vboctor Details Diff |
Increase the width of datetime picker text box | ||
| mod - bug_actiongroup_page.php | Diff File | ||
| mod - bug_change_status_page.php | Diff File | ||
| mod - bug_report_page.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - core/date_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - js/common.js | Diff File | ||
| mod - manage_proj_ver_edit_page.php | Diff File | ||
| mod - plugins/MantisGraph/core/Period.php | Diff File | ||
|
master 01f582b7 2017-03-15 23:13 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_portuguese_brazil.txt | Diff File | ||
|
master 4cbb086a 2017-03-14 21:36 Details Diff |
Move plugin routes after core routes Slim Framework will reject conflicting route anyways, but didn’t to make it clear that core runs first, then plugins. Also if someone debugs the code, it is clear that the error is in the plugins rather than core. |
||
| mod - api/rest/index.php | Diff File | ||
|
master 09548adb 2017-03-14 21:23 Details Diff |
Update ApiEnabled/Auth middleware - Move MantisOffline check for API enabled rather than Auth middleware. - Auth middleware checks that read-only threshold is matched after authentication. - Use http status code constants |
||
| mod - api/rest/restcore/ApiEnabledMiddleware.php | Diff File | ||
| mod - api/rest/restcore/AuthMiddleware.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master bf5d3401 2017-03-14 20:50 Details Diff |
Plugin routes under /api/rest/plugins/Example - Add an API to provide the name for the route group. - Update MantisGraph to use the new API. - Update documentation to be reference new API, new pattern, and reference Slim Framework Router documentation. |
||
| mod - core/plugin_api.php | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Events_Reference.xml | Diff File | ||
| mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
|
master 54026ed1 2017-03-14 20:35 Details Diff |
Reference Slim Framework doc page from .htaccess | ||
| mod - api/rest/.htaccess | Diff File | ||
|
master 32bffdf9 2017-03-14 19:46 Details Diff |
Improve http status code handling - Add constants to constant_inc.php - Create a fault method per error status code. |
||
| mod - api/rest/restcore/config_rest.php | Diff File | ||
| mod - api/rest/restcore/issues_rest.php | Diff File | ||
| mod - api/rest/restcore/lang_rest.php | Diff File | ||
| mod - api/rest/restcore/users_rest.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - api/soap/mc_config_api.php | Diff File | ||
| mod - api/soap/mc_file_api.php | Diff File | ||
| mod - api/soap/mc_filter_api.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
| mod - api/soap/mc_project_api.php | Diff File | ||
| mod - api/soap/mc_project_attachment_api.php | Diff File | ||
| mod - api/soap/mc_tag_api.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master 5e4112ed 2017-03-14 17:57 Details Diff |
Rename $app to $g_app | ||
| mod - api/rest/index.php | Diff File | ||
| mod - api/rest/restcore/config_rest.php | Diff File | ||
| mod - api/rest/restcore/issues_rest.php | Diff File | ||
| mod - api/rest/restcore/lang_rest.php | Diff File | ||
| mod - api/rest/restcore/users_rest.php | Diff File | ||
|
master 424480d8 2017-03-14 17:07 Details Diff |
Fix author in composer.json | ||
| mod - composer.json | Diff File | ||
|
master 45008cc8 2017-03-14 09:05 Committer: dregad Details Diff |
Add ID attribute to 'add note' textarea in bug_view page Fixes 0022423 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0022423 |
|
| mod - bugnote_add_inc.php | Diff File | ||
|
master-2.2 5e1dffb4 2017-03-13 11:38 Committer: dregad Details Diff |
Correct resolution comparison when changing issue status Fixes 0022468 Ported from d4c9d7f935f88dc67f0793e1e495b51bf0cf87c4 Conflicts: bug_change_status_page.php |
Affected Issues 0022468 |
|
| mod - bug_change_status_page.php | Diff File | ||
|
master-2.1 5458e544 2017-03-13 11:38 Committer: dregad Details Diff |
Correct resolution comparison when changing issue status Fixes 0022468 |
Affected Issues 0022468 |
|
| mod - bug_change_status_page.php | Diff File | ||
|
master 62bc3cd7 2017-03-13 11:38 Details Diff |
Correct resolution comparison when changing issue status Fixes 0022468 |
Affected Issues 0022468 |
|
| mod - bug_change_status_page.php | Diff File | ||
|
master-1.3.x d4c9d7f9 2017-03-13 11:38 Details Diff |
Correct resolution comparison when changing issue status Fixes 0022468 |
Affected Issues 0022468 |
|
| mod - bug_change_status_page.php | Diff File | ||
|
master 6a90fc83 2017-03-13 07:03 Details Diff |
Enhance layout of "Updating Issue Information" Fixes 0022505 |
Affected Issues 0022505 |
|
| mod - bug_update_page.php | Diff File | ||
|
master e3158524 2017-03-13 06:17 Details Diff |
Fix access of undefined variable when editing project documentation Fixes 0022506 |
Affected Issues 0022506 |
|
| mod - proj_doc_edit_page.php | Diff File | ||
|
master c628e09e 2017-03-12 23:15 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_russian.txt | Diff File | ||
|
master-2.2 1abcbc10 2017-03-12 15:10 Details Diff |
Update version to 2.2.1 | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
|
master-1.3.x c1d3abba 2017-03-12 14:56 Details Diff |
Update release to 1.3.7 | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
