Source Control Integration

master 28310c2e 2016-06-11 07:59 dregad Details Diff	Merge branch 'token_api-fixes' Fixes https://github.com/mantisbt/mantisbt/pull/700
	mod - admin/schema.php	Diff File
	mod - api_tokens_page.php	Diff File
	mod - core/api_token_api.php	Diff File
master 4be5f228 2016-06-11 07:56 dregad Details Diff	Revert 'name' and 'hash' columns to original definition Following discussion in PR https://github.com/mantisbt/mantisbt/pull/700 Fixes 0020472	Affected Issues 0020472
	mod - admin/schema.php	Diff File
master ab9db31c 2016-06-11 07:36 dregad Details Diff	Doc: replacement of $g_page_title by $g_top_include_page Fixes 0021087	Affected Issues 0021087
	mod - docbook/Admin_Guide/en-US/config/display.xml	Diff File
	mod - docbook/Admin_Guide/en-US/config/html.xml	Diff File
master 416a26ef 2016-06-11 07:36 dregad Details Diff	New html_print_logo() API function This makes it easier for people to add the logo in an include file, since it is not shown anymore when $g_top_include_page is set. The html_top_banner() function was modified to use the new API. Fixes 0021087	Affected Issues 0021087
	mod - core/html_api.php	Diff File
master cacac6ac 2016-06-11 06:44 dregad Details Diff	CSS: restore 'pagetitle' class This reverts commit 24e35d7d106024aa7793bc84ec274fb621d6d2bb. While not used in the code anymore since removal of html_header() function (see 6d6f093ea073681a0d6ccf1611e8789dbc84070e), the class is still referenced in the documentation to be used for custom page title via $g_top_include_page. Fixes 0021087	Affected Issues 0021087
	mod - css/default.css	Diff File
master 4fbfbde9 2016-06-10 15:54 dregad Details Diff	Update ERD diagram to schema 209 - Reflect changes since schema 189 - Update MySQLWorkbench version in README file - Updated image for Developer's guide Fixes 0021082	Affected Issues 0021082
	mod - docbook/Developers_Guide/en-US/images/erd.png	Diff File
	mod - docbook/erd/README.md	Diff File
	mod - docbook/erd/mantisbt.mwb	Diff File
master 68505fa0 2016-06-10 15:53 dregad Details Diff	Convert README to markdown
master 1f678c2a 2016-06-10 14:26 dregad Details Diff	New api_token_is_used() function Move the logic to determine whether a token has been used from api_tokens_page.php to the api_tokens API where it belongs. The check against date_used has been changed from '=== 0' to '<= 1' to reflect the change in schema definition in step 206. Fixes 0020472	Affected Issues 0020472
	mod - api_tokens_page.php	Diff File
	mod - core/api_token_api.php	Diff File
master 80a8a87e 2016-06-10 07:55 atrol Details Diff	Enhance documentation for option max_file_size Fixes 0006282	Affected Issues 0006282
	mod - docbook/Admin_Guide/en-US/config/uploads.xml	Diff File
master 0b8990c4 2016-06-09 16:31 dregad Details Diff	Preparing Developers guide for release
	mod - docbook/Developers_Guide/en-US/Developers_Guide.ent	Diff File
	mod - docbook/Developers_Guide/en-US/Revision_History.xml	Diff File
master e8ad9564 2016-06-09 16:30 dregad Details Diff	Preparing Admin guide for release
	mod - docbook/Admin_Guide/en-US/About.xml	Diff File
	mod - docbook/Admin_Guide/en-US/Admin_Guide.ent	Diff File
	rm - docbook/Admin_Guide/en-US/Chapter.xml	Diff
	mod - docbook/Admin_Guide/en-US/Installation.xml	Diff File
	mod - docbook/Admin_Guide/en-US/Revision_History.xml	Diff File
	mod - docbook/Admin_Guide/publican.cfg	Diff File
master a6b1afd8 2016-06-09 16:29 dregad Details Diff	New makefile to build both manuals at once
	add - docbook/Makefile	Diff File
master 77ce90b4 2016-06-08 12:32 atrol Details Diff	Correct PHPdoc Issue 0020660	Affected Issues 0020660
	mod - core/csv_api.php	Diff File
master 02cf397c 2016-06-08 07:55 atrol Details Diff	Minor corrections
	mod - readme.md	Diff File
master d79e4c7f 2016-06-08 07:42 atrol Details Diff	Align copyright statement to what we have in PHP source
	mod - doc/CREDITS	Diff File
master-1.2.x 5068df2d 2016-06-06 14:25 dregad Details Diff	Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS vulnerability in Custom fields management pages, caused by unescaped output of 'return URL' GPC parameter. His report describes two ways to exploit this issue: 1. using 'accesskey' inside hidden input field (see [1]) reflects XSS to the administrator in manage_custom_field_edit_page.php when the keyboard shortcut is actioned 2. using 'javascript:' URI scheme executes the code when the user clicks the [Proceed] link on manage_custom_field_update.php after updating a custom field This commit fixes both attack vectors: - properly escape the return URL prior to printing it on the hidden form field - let html_operation_successful() sanitize the URL before displaying it, just like html_meta_redirect() does. In this case, if the string contains an URI scheme, it will be replaced by 'index.php' [1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes 0020956 This is a backport from master 3f2779b4c6dc8d465fb73c08cfa1d806184d2e79.	Affected Issues 0020956
	mod - account_prefs_update.php	Diff File
	mod - manage_config_revert.php	Diff File
	mod - manage_custom_field_delete.php	Diff File
	mod - manage_custom_field_update.php	Diff File
	mod - print_all_bug_options_update.php	Diff File
	mod - set_project.php	Diff File
master d3e3f4e5 2016-06-05 15:13 dregad Details Diff	Update disposable_email_checker library to 2.1.1 Fixes 0021058	Affected Issues 0021058
	mod - library/README.md	Diff File
	mod - library/disposable	Diff File
master 0bb3cfb1 2016-06-05 14:49 dregad Details Diff	Enhance logging to show debug email when used Prior to this, when using an invalid address, user would not see a clear indication in the log file that the debug email was being used, resulting in confusion caused by the error message generated by email_send(). This commit adds a LOG_EMAIL_VERBOSE entry clearly showing when the debug email address is used. Fixes 0020679	Affected Issues 0020679, 0020684
	mod - core/email_api.php	Diff File
master 8684dfea 2016-06-04 15:31 vboctor Details Diff	Update documentation of 'debug_email' Fixes 0020684	Affected Issues 0020684
	mod - docbook/Admin_Guide/en-US/config/logging.xml	Diff File
master 3bb88170 2016-06-03 18:39 syncguru Details Diff	Replace uses of print_bracket_link() with print_button()
	mod - bug_actiongroup.php	Diff File
	mod - bug_actiongroup_ext.php	Diff File
	mod - bug_relationship_graph.php	Diff File
	mod - bug_view_inc.php	Diff File
	mod - core/access_api.php	Diff File
	mod - core/authentication_api.php	Diff File
	mod - core/print_api.php	Diff File
	mod - lost_pwd.php	Diff File
	mod - manage_user_update.php	Diff File
	mod - news_update.php	Diff File
	mod - print_all_bug_options_reset.php	Diff File
	mod - print_all_bug_options_update.php	Diff File
	mod - print_all_bug_page.php	Diff File
	mod - project_page.php	Diff File
master f9d5907b 2016-06-01 18:07 syncguru Details Diff	Improve how field description text show in plugin pages
	mod - css/default.css	Diff File
master 751e0e37 2016-06-01 05:13 dregad Details Diff	Replace nested ifs by &&-ed expressions
	mod - bug_change_status_page.php	Diff File
master c72b5c28 2016-06-01 00:13 Carlos Proensa Details Diff	Bug fixes for this branch Fix some bugs and typos detected by @atrol
	mod - core/filter_api.php	Diff File
	mod - lang/strings_english.txt	Diff File
	mod - return_dynamic_filters.php	Diff File
	mod - view_all_set.php	Diff File
master 1183b4aa 2016-05-31 19:16 syncguru Details Diff	Tweaks for icons look and feel following Kirill PR switching all icons to fontawesome
	mod - config_defaults_inc.php	Diff File
	mod - core/columns_api.php	Diff File
	mod - my_view_inc.php	Diff File
master b2a731e2 2016-05-31 15:14 Carlos Proensa Details Diff	Remove use of global variable $g_select_modifier
	mod - core/filter_api.php	Diff File
	mod - manage_filter_edit_page.php	Diff File
	mod - return_dynamic_filters.php	Diff File
	mod - view_filters_page.php	Diff File

Changesets: MantisBT