Changesets: MantisBT
|
master 0b8990c4 2016-06-09 16:31 Details Diff |
Preparing Developers guide for release | ||
| mod - docbook/Developers_Guide/en-US/Developers_Guide.ent | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
|
master e8ad9564 2016-06-09 16:30 Details Diff |
Preparing Admin guide for release | ||
| mod - docbook/Admin_Guide/en-US/About.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Admin_Guide.ent | Diff File | ||
| rm - docbook/Admin_Guide/en-US/Chapter.xml | Diff | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Admin_Guide/publican.cfg | Diff File | ||
|
master a6b1afd8 2016-06-09 16:29 Details Diff |
New makefile to build both manuals at once | ||
| add - docbook/Makefile | Diff File | ||
|
master 77ce90b4 2016-06-08 12:32 Details Diff |
Correct PHPdoc Issue 0020660 |
Affected Issues 0020660 |
|
| mod - core/csv_api.php | Diff File | ||
|
master 02cf397c 2016-06-08 07:55 Details Diff |
Minor corrections | ||
| mod - readme.md | Diff File | ||
|
master d79e4c7f 2016-06-08 07:42 Details Diff |
Align copyright statement to what we have in PHP source | ||
| mod - doc/CREDITS | Diff File | ||
|
master-1.2.x 5068df2d 2016-06-06 14:25 Details Diff |
Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS vulnerability in Custom fields management pages, caused by unescaped output of 'return URL' GPC parameter. His report describes two ways to exploit this issue: 1. using 'accesskey' inside hidden input field (see [1]) reflects XSS to the administrator in manage_custom_field_edit_page.php when the keyboard shortcut is actioned 2. using 'javascript:' URI scheme executes the code when the user clicks the [Proceed] link on manage_custom_field_update.php after updating a custom field This commit fixes both attack vectors: - properly escape the return URL prior to printing it on the hidden form field - let html_operation_successful() sanitize the URL before displaying it, just like html_meta_redirect() does. In this case, if the string contains an URI scheme, it will be replaced by 'index.php' [1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes 0020956 This is a backport from master 3f2779b4c6dc8d465fb73c08cfa1d806184d2e79. |
Affected Issues 0020956 |
|
| mod - account_prefs_update.php | Diff File | ||
| mod - manage_config_revert.php | Diff File | ||
| mod - manage_custom_field_delete.php | Diff File | ||
| mod - manage_custom_field_update.php | Diff File | ||
| mod - print_all_bug_options_update.php | Diff File | ||
| mod - set_project.php | Diff File | ||
|
master d3e3f4e5 2016-06-05 15:13 Details Diff |
Update disposable_email_checker library to 2.1.1 Fixes 0021058 |
Affected Issues 0021058 |
|
| mod - library/README.md | Diff File | ||
| mod - library/disposable | Diff File | ||
|
master 0bb3cfb1 2016-06-05 14:49 Details Diff |
Enhance logging to show debug email when used Prior to this, when using an invalid address, user would not see a clear indication in the log file that the debug email was being used, resulting in confusion caused by the error message generated by email_send(). This commit adds a LOG_EMAIL_VERBOSE entry clearly showing when the debug email address is used. Fixes 0020679 |
Affected Issues 0020679, 0020684 |
|
| mod - core/email_api.php | Diff File | ||
|
master 8684dfea 2016-06-04 15:31 Details Diff |
Update documentation of 'debug_email' Fixes 0020684 |
Affected Issues 0020684 |
|
| mod - docbook/Admin_Guide/en-US/config/logging.xml | Diff File | ||
|
master 3bb88170 2016-06-03 18:39 Details Diff |
Replace uses of print_bracket_link() with print_button() | ||
| mod - bug_actiongroup.php | Diff File | ||
| mod - bug_actiongroup_ext.php | Diff File | ||
| mod - bug_relationship_graph.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - lost_pwd.php | Diff File | ||
| mod - manage_user_update.php | Diff File | ||
| mod - news_update.php | Diff File | ||
| mod - print_all_bug_options_reset.php | Diff File | ||
| mod - print_all_bug_options_update.php | Diff File | ||
| mod - print_all_bug_page.php | Diff File | ||
| mod - project_page.php | Diff File | ||
|
master f9d5907b 2016-06-01 18:07 Details Diff |
Improve how field description text show in plugin pages | ||
| mod - css/default.css | Diff File | ||
|
master 751e0e37 2016-06-01 05:13 Details Diff |
Replace nested ifs by &&-ed expressions | ||
| mod - bug_change_status_page.php | Diff File | ||
|
master c72b5c28 2016-06-01 00:13 Carlos Proensa Details Diff |
Bug fixes for this branch Fix some bugs and typos detected by @atrol |
||
| mod - core/filter_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
| mod - view_all_set.php | Diff File | ||
|
master 1183b4aa 2016-05-31 19:16 Details Diff |
Tweaks for icons look and feel following Kirill PR switching all icons to fontawesome | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
|
master b2a731e2 2016-05-31 15:14 Carlos Proensa Details Diff |
Remove use of global variable $g_select_modifier | ||
| mod - core/filter_api.php | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
| mod - view_filters_page.php | Diff File | ||
|
master 9f1e9c5a 2016-05-31 14:09 Carlos Proensa Details Diff |
Dynamic filters, check permissions for custom field Add a check for custom field existence, and user permissions to read and filter by this field id. |
||
| mod - return_dynamic_filters.php | Diff File | ||
|
master 973405ee 2016-05-31 13:20 Carlos Proensa Details Diff |
Clean up filter api old code The code removed is not needed now |
||
| mod - core/filter_api.php | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
|
master 31254177 2016-05-31 12:53 Carlos Proensa Details Diff |
Rewrite plugin filter field print functions Move code into filter_api functions to allow reuse. |
||
| mod - core/filter_api.php | Diff File | ||
|
master c089cdfc 2016-05-31 10:38 Carlos Proensa Details Diff |
Fix custom fields date type resetting its value Fix the bug where the filter form is updated, a custom field of type date, was being resetted, not keeping its value. Fixes 0014709 |
||
| mod - core/filter_api.php | Diff File | ||
|
master 59b3126c 2016-05-31 08:00 Carlos Proensa Details Diff |
Rewrite custom field table generation for filter box Rewrite the code that generates the table cells for custom fields in the filter box form. This is a cleaner implementation than previous one. |
||
| mod - core/filter_api.php | Diff File | ||
|
master 1a4ecfcb 2016-05-31 07:09 Details Diff |
Do not enforce related thresholds when sponsorship is OFF When $g_enable_sponsorship = OFF, we should not enforce related thresholds ($g_handle_sponsored_bugs_threshold and $g_assign_sponsored_bugs_threshold) when updating issues. Fixes 0021030 |
Affected Issues 0021030 |
|
| mod - bug_change_status_page.php | Diff File | ||
| mod - bug_update.php | Diff File | ||
|
master a4e7cbf4 2016-05-30 16:26 Committer: syncguru Details Diff |
Replace all images to [FontAwesome icons](http://fontawesome.io/) (0000002) Replace all icons with [FontAwesome icons](http://fontawesome.io/) |
||
| mod - account_sponsor_page.php | Diff File | ||
| mod - admin/check/check_attachments_inc.php | Diff File | ||
| rm - admin/test_icons.php | Diff | ||
| mod - bug_monitor_list_view_inc.php | Diff File | ||
| mod - bug_sponsorship_list_view_inc.php | Diff File | ||
| mod - changelog_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/collapse_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - core/icon_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| rm - images/attachment.png | Diff | ||
| rm - images/blank.gif | Diff | ||
| rm - images/calendar-img.gif | Diff | ||
| rm - images/clock.png | Diff | ||
| rm - images/delete.png | Diff | ||
| rm - images/dollars.gif | Diff | ||
| rm - images/down.gif | Diff | ||
| rm - images/fileicons/chm.gif | Diff | ||
| rm - images/fileicons/cpp.gif | Diff | ||
| rm - images/fileicons/css.gif | Diff | ||
| rm - images/fileicons/csv.gif | Diff | ||
| rm - images/fileicons/doc.gif | Diff | ||
| rm - images/fileicons/eml.gif | Diff | ||
| rm - images/fileicons/generic.gif | Diff | ||
| rm - images/fileicons/gif.gif | Diff | ||
| rm - images/fileicons/html.gif | Diff | ||
| rm - images/fileicons/jpg.gif | Diff | ||
| rm - images/fileicons/mhtml.gif | Diff | ||
| rm - images/fileicons/mid.gif | Diff | ||
| rm - images/fileicons/mov.gif | Diff | ||
| rm - images/fileicons/one.gif | Diff | ||
| rm - images/fileicons/pcx.gif | Diff | ||
| rm - images/fileicons/pdf.gif | Diff | ||
| rm - images/fileicons/png.gif | Diff | ||
| rm - images/fileicons/pot.gif | Diff | ||
| rm - images/fileicons/pps.gif | Diff | ||
| rm - images/fileicons/ppt.gif | Diff | ||
| rm - images/fileicons/pub.gif | Diff | ||
| rm - images/fileicons/reg.gif | Diff | ||
| rm - images/fileicons/text.gif | Diff | ||
| rm - images/fileicons/unknown.gif | Diff | ||
| rm - images/fileicons/vsd.gif | Diff | ||
| rm - images/fileicons/vsl.gif | Diff | ||
| rm - images/fileicons/vst.gif | Diff | ||
| rm - images/fileicons/wav.gif | Diff | ||
| rm - images/fileicons/wbk.gif | Diff | ||
| rm - images/fileicons/wri.gif | Diff | ||
| rm - images/fileicons/xls.gif | Diff | ||
| rm - images/fileicons/xlt.gif | Diff | ||
| rm - images/fileicons/xml.gif | Diff | ||
| rm - images/fileicons/zip.gif | Diff | ||
| rm - images/ie.gif | Diff | ||
| rm - images/mantis_space.gif | Diff | ||
| rm - images/minus.png | Diff | ||
| rm - images/notice.gif | Diff | ||
| rm - images/ok.gif | Diff | ||
| rm - images/overdue.png | Diff | ||
| rm - images/plus.png | Diff | ||
| rm - images/priority_1.gif | Diff | ||
| rm - images/priority_2.gif | Diff | ||
| rm - images/priority_3.gif | Diff | ||
| rm - images/priority_low_1.gif | Diff | ||
| rm - images/priority_low_2.gif | Diff | ||
| rm - images/priority_low_3.gif | Diff | ||
| rm - images/priority_normal.gif | Diff | ||
| rm - images/protected.gif | Diff | ||
| rm - images/rss.png | Diff | ||
| rm - images/synthese.gif | Diff | ||
| rm - images/synthgraph.gif | Diff | ||
| rm - images/unread.gif | Diff | ||
| rm - images/up.gif | Diff | ||
| rm - images/update.png | Diff | ||
| mod - js/common.js | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
| mod - print_all_bug_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
|
master 3d1bfd77 2016-05-30 16:05 Details Diff |
Improve look and feel of fontawesome icons in my view and view all pages | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
|
master aa6461e1 2016-05-30 14:16 Carlos Proensa Details Diff |
Rewrite custom fields filter field print functions Move code into filter_api functions to allow reuse. Remove use of some global variables. |
||
| mod - core/filter_api.php | Diff File | ||
