Changesets: MantisBT
|
master aa6461e1 2016-05-30 14:16 Carlos Proensa Details Diff |
Rewrite custom fields filter field print functions Move code into filter_api functions to allow reuse. Remove use of some global variables. |
||
| mod - core/filter_api.php | Diff File | ||
|
master b313490f 2016-05-30 11:02 Carlos Proensa Details Diff |
Add comments | ||
| mod - core/filter_api.php | Diff File | ||
|
master 95c78d90 2016-05-30 10:42 Carlos Proensa Details Diff |
Add lang strings | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
|
master 53f7acad 2016-05-30 07:30 Details Diff |
Merge branch 'fontawe' of https://github.com/Kirill/mantisbt into Kirill-fontawe | ||
| mod - account_sponsor_page.php | Diff File | ||
| mod - admin/check/check_attachments_inc.php | Diff File | ||
| rm - admin/test_icons.php | Diff | ||
| mod - bug_monitor_list_view_inc.php | Diff File | ||
| mod - bug_sponsorship_list_view_inc.php | Diff File | ||
| mod - changelog_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/collapse_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - core/icon_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| rm - images/attachment.png | Diff | ||
| rm - images/blank.gif | Diff | ||
| rm - images/calendar-img.gif | Diff | ||
| rm - images/clock.png | Diff | ||
| rm - images/delete.png | Diff | ||
| rm - images/dollars.gif | Diff | ||
| rm - images/down.gif | Diff | ||
| rm - images/fileicons/chm.gif | Diff | ||
| rm - images/fileicons/cpp.gif | Diff | ||
| rm - images/fileicons/css.gif | Diff | ||
| rm - images/fileicons/csv.gif | Diff | ||
| rm - images/fileicons/doc.gif | Diff | ||
| rm - images/fileicons/eml.gif | Diff | ||
| rm - images/fileicons/generic.gif | Diff | ||
| rm - images/fileicons/gif.gif | Diff | ||
| rm - images/fileicons/html.gif | Diff | ||
| rm - images/fileicons/jpg.gif | Diff | ||
| rm - images/fileicons/mhtml.gif | Diff | ||
| rm - images/fileicons/mid.gif | Diff | ||
| rm - images/fileicons/mov.gif | Diff | ||
| rm - images/fileicons/one.gif | Diff | ||
| rm - images/fileicons/pcx.gif | Diff | ||
| rm - images/fileicons/pdf.gif | Diff | ||
| rm - images/fileicons/png.gif | Diff | ||
| rm - images/fileicons/pot.gif | Diff | ||
| rm - images/fileicons/pps.gif | Diff | ||
| rm - images/fileicons/ppt.gif | Diff | ||
| rm - images/fileicons/pub.gif | Diff | ||
| rm - images/fileicons/reg.gif | Diff | ||
| rm - images/fileicons/text.gif | Diff | ||
| rm - images/fileicons/unknown.gif | Diff | ||
| rm - images/fileicons/vsd.gif | Diff | ||
| rm - images/fileicons/vsl.gif | Diff | ||
| rm - images/fileicons/vst.gif | Diff | ||
| rm - images/fileicons/wav.gif | Diff | ||
| rm - images/fileicons/wbk.gif | Diff | ||
| rm - images/fileicons/wri.gif | Diff | ||
| rm - images/fileicons/xls.gif | Diff | ||
| rm - images/fileicons/xlt.gif | Diff | ||
| rm - images/fileicons/xml.gif | Diff | ||
| rm - images/fileicons/zip.gif | Diff | ||
| rm - images/ie.gif | Diff | ||
| rm - images/mantis_space.gif | Diff | ||
| rm - images/minus.png | Diff | ||
| rm - images/notice.gif | Diff | ||
| rm - images/ok.gif | Diff | ||
| rm - images/overdue.png | Diff | ||
| rm - images/plus.png | Diff | ||
| rm - images/priority_1.gif | Diff | ||
| rm - images/priority_2.gif | Diff | ||
| rm - images/priority_3.gif | Diff | ||
| rm - images/priority_low_1.gif | Diff | ||
| rm - images/priority_low_2.gif | Diff | ||
| rm - images/priority_low_3.gif | Diff | ||
| rm - images/priority_normal.gif | Diff | ||
| rm - images/protected.gif | Diff | ||
| rm - images/rss.png | Diff | ||
| rm - images/synthese.gif | Diff | ||
| rm - images/synthgraph.gif | Diff | ||
| rm - images/unread.gif | Diff | ||
| rm - images/up.gif | Diff | ||
| rm - images/update.png | Diff | ||
| mod - js/common.js | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
| mod - print_all_bug_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
|
master 6d11d2f3 2016-05-30 07:13 Carlos Proensa Details Diff |
clean up custom fields code for filter form Move inside filter_api the needed code to draw the custom fields in the filter form. (Still, the code is ugly using globals, wil need to clean up at some time) |
||
| mod - core/filter_api.php | Diff File | ||
| mod - view_filters_page.php | Diff File | ||
|
master 69512ab9 2016-05-30 05:56 Carlos Proensa Details Diff |
Fix fallback url of filter dynamic form Improve the method of using a fallback url to use when the dynamic filter form cannot be used. Remove obsolete url parameter 'target_field' |
||
| mod - core/filter_api.php | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - view_filters_page.php | Diff File | ||
|
master 0bd8c5d5 2016-05-30 02:47 Carlos Proensa Details Diff |
Fix 'deprecated' error call trace lookup When the error is triggered from the page body, this is, not executing any function, the trace block [2] does not exist. In that case, use the trace block [1] Fixes 0021029 |
||
| mod - core/error_api.php | Diff File | ||
|
master f1bc29ea 2016-05-30 02:38 Carlos Proensa Details Diff |
Replace old query management pages Use the new functionality for filter management Deprecated the old pages which has been replaced: - query_view_page.php - query_delete_page.php - query_delete.php |
||
| mod - core/filter_api.php | Diff File | ||
| mod - query_delete.php | Diff File | ||
| mod - query_delete_page.php | Diff File | ||
| mod - query_view_page.php | Diff File | ||
|
master c2e86a72 2016-05-30 01:46 Carlos Proensa Details Diff |
Manage filter pages for deleting filters | ||
| add - manage_filter_delete.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
|
master 4d7e0d7c 2016-05-30 00:33 Carlos Proensa Details Diff |
Draw filter fields linked to its stored project If the filter is stored as a project specific filter, use that project id to draw availabe fields. |
||
| mod - core/filter_api.php | Diff File | ||
|
master 3cf2646e 2016-05-29 16:33 Carlos Proensa Details Diff |
Enable dynamic filter for stored filter ids Instead of using current filter, enable retrieving values for arbitrary filters identified by id. |
||
| mod - core/filter_api.php | Diff File | ||
| mod - js/common.js | Diff File | ||
| mod - manage_filter_edit_page.php | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
|
master 67ac17a7 2016-05-29 09:50 Carlos Proensa Details Diff |
Feature to edit existing filters Creation of manage pages to edit existing filters Move some code excisting code to filter api to allow reusing. Create new filter update function for a specific filter id. Related: 0003803 |
||
| mod - core/filter_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| add - manage_filter_edit_page.php | Diff File | ||
| add - manage_filter_edit_update.php | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - view_all_set.php | Diff File | ||
|
master 679d9245 2016-05-27 16:58 Carlos Proensa Details Diff |
Reorganize filter_api operations Move some code around filter_api and related code, to clean up, and remove duplicated logic. The code is now organized in three separated main functions: - filter_get default(), filter_get_default_array() This creates an initial filter array, with all properties needed, initialized to its default values - filter_ensure_valid_filter() This validates a filter array, changes types, adds missing properties. Missing properties are filled with defaults, instead of reading values from post/get parameters - filter_gpc_get() New function to perform the reading of parameters from get/post. A filter array can be passed as parameter, then the read parameters will be appended, or everride existing ones. If no filter array is used as parameter, a default one will be used. The gpc read of parameters has been removed from view_all_set.php, and now it can be used from the filter_api. |
||
| mod - core/filter_api.php | Diff File | ||
| mod - view_all_set.php | Diff File | ||
|
master 1d3af0c5 2016-05-27 06:26 Committer: dregad Details Diff |
Do not wrap inline items for custom field value lists Avoid wrapping of each individual item that is part of a custom fields value list, displayed as inline inputs. Fixes 0020964 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0020964 |
|
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
|
master 3c54ace9 2016-05-27 05:48 Details Diff |
String Test: 'javascript:' uri scheme Should redirect to index.php |
||
| mod - tests/Mantis/StringTest.php | Diff File | ||
|
master 11ab3d6c 2016-05-27 01:39 Details Diff |
Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS vulnerability in Custom fields management pages, caused by unescaped output of 'return URL' GPC parameter. His report describes two ways to exploit this issue: 1. using 'accesskey' inside hidden input field (see [1]) reflects XSS to the administrator in manage_custom_field_edit_page.php when the keyboard shortcut is actioned 2. using 'javascript:' URI scheme executes the code when the user clicks the [Proceed] link on manage_custom_field_update.php after updating a custom field This commit fixes both attack vectors: - properly escape the return URL prior to printing it on the hidden form field - let html_operation_successful() sanitize the URL before displaying it, just like html_meta_redirect() does. In this case, if the string contains an URI scheme, it will be replaced by 'index.php' [1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes 0020956 |
Affected Issues 0020956, 0021090 |
|
| mod - core/html_api.php | Diff File | ||
| mod - manage_custom_field_edit_page.php | Diff File | ||
|
master ef2628e1 2016-05-24 02:27 Details Diff |
Let Timeline handle non-existing bugs If an history entry refers to a bug that does not exist in the database, history_get_event_from_row() throws application error 1100. Even though it is not a normal situation to find orphan records in the history table, the overhead of verifying a bug's existence at the beginning of the loop is negligible, so it doesn't hurt to add the extra bug_exists() check. Fixes 0020727 |
Affected Issues 0020727 |
|
| mod - core/history_api.php | Diff File | ||
|
master 4d46f8e3 2016-05-24 02:27 Details Diff |
PHPDoc: fix incorrect param type | ||
| mod - core/history_api.php | Diff File | ||
|
master 7795b302 2016-05-23 12:04 Details Diff |
Upgrade jQuery from v1.11.3 to v1.12.4 Fixes 0021059 |
Affected Issues 0021059 |
|
| mod - core/constant_inc.php | Diff File | ||
| rm - js/jquery-1.11.3.min.js | Diff | ||
| add - js/jquery-1.12.4.min.js | Diff File | ||
|
master e753cca6 2016-05-23 11:54 Details Diff |
Use JQUERY_VERSION constant in install.php Commit fc9a3320815f8341236cb7bf0c41855227a3c8c3 missed one occurence of jQuery version number. Issue 0019932 |
Affected Issues 0019932, 0021059 |
|
| mod - admin/install.php | Diff File | ||
|
master f3ab14c5 2016-05-23 01:54 Details Diff |
Use correct function name db_param_push() Commit fbc379faaf27e6b853c8b08ac380834836b81032 referenced the wrong name db_push_param(). Issue 0020479 |
Affected Issues 0020479 |
|
| mod - core/user_api.php | Diff File | ||
|
master fa4f7950 2016-05-22 23:57 Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_asturian.txt | Diff File | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_serbian.txt | Diff File | ||
| mod - lang/strings_serbian_latin.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - lang/strings_swedish.txt | Diff File | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_arabic.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_korean.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_spanish.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_arabic.txt | Diff File | ||
|
master bf7f07ff 2016-05-21 23:52 Peter Dave Hello Committer: dregad Details Diff |
optimize png images losslessly using zopflipng | ||
| mod - docbook/Admin_Guide/en-US/images/mantis_logo.png | Diff File | ||
| mod - docbook/Developers_Guide/en-US/images/erd.png | Diff File | ||
| mod - docbook/Developers_Guide/en-US/images/mantis_logo.png | Diff File | ||
| mod - images/mantis_logo.png | Diff File | ||
| mod - images/mantis_logo_notext.png | Diff File | ||
| mod - images/rel_dependant.png | Diff File | ||
| mod - images/rel_duplicate.png | Diff File | ||
| mod - images/rel_related.png | Diff File | ||
|
master b6f81949 2016-05-21 00:19 Details Diff |
Consistently push query params in all APIs Fixes 0020479, https://github.com/mantisbt/mantisbt/pull/705 |
Affected Issues 0020479 |
|
| mod - core/access_api.php | Diff File | ||
| mod - core/api_token_api.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
| mod - core/billing_api.php | Diff File | ||
| mod - core/bug_api.php | Diff File | ||
| mod - core/bug_revision_api.php | Diff File | ||
| mod - core/bugnote_api.php | Diff File | ||
| mod - core/category_api.php | Diff File | ||
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
| mod - core/config_api.php | Diff File | ||
| mod - core/custom_field_api.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - core/email_api.php | Diff File | ||
| mod - core/email_queue_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/history_api.php | Diff File | ||
| mod - core/install_helper_functions_api.php | Diff File | ||
| mod - core/news_api.php | Diff File | ||
| mod - core/plugin_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
| mod - core/project_api.php | Diff File | ||
| mod - core/project_hierarchy_api.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
| mod - core/sponsorship_api.php | Diff File | ||
| mod - core/summary_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - core/tokens_api.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
| mod - core/user_pref_api.php | Diff File | ||
| mod - core/version_api.php | Diff File | ||
|
master c8da8877 2016-05-21 00:12 Details Diff |
Update securimage captcha library to 3.6.4 Fixes 0021057 |
Affected Issues 0021057 |
|
| mod - library/README.md | Diff File | ||
| mod - library/securimage | Diff File | ||
