Changesets: MantisBT
|
master febb203a 2025-10-24 12:02 Details Diff |
PHP 8.5: non-canonical cast deprecations (integer => int) Fixes 0036615 |
Affected Issues 0036615 |
|
| mod - api/soap/mc_issue_api.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - core/classes/BugFilterQuery.class.php | Diff File | ||
| mod - core/commands/IssueNoteDeleteCommand.php | Diff File | ||
| mod - core/commands/ProjectDeleteCommand.php | Diff File | ||
| mod - core/commands/ProjectHierarchyAddCommand.php | Diff File | ||
| mod - core/commands/ProjectHierarchyDeleteCommand.php | Diff File | ||
| mod - core/commands/ProjectHierarchyUpdateCommand.php | Diff File | ||
| mod - core/commands/ProjectUpdateCommand.php | Diff File | ||
| mod - core/commands/VersionAddCommand.php | Diff File | ||
| mod - core/commands/VersionDeleteCommand.php | Diff File | ||
| mod - core/commands/VersionGetCommand.php | Diff File | ||
| mod - core/commands/VersionUpdateCommand.php | Diff File | ||
| mod - core/config_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/rss_api.php | Diff File | ||
| mod - core/sponsorship_api.php | Diff File | ||
| mod - core/user_api.php | Diff File | ||
| mod - file_download.php | Diff File | ||
| mod - tests/soap/LoginTest.php | Diff File | ||
|
master 7e194e78 2025-10-24 12:00 Details Diff |
PHP 8.5: non-canonical cast deprecations (boolean => bool) Fixes 0036615 |
Affected Issues 0036615 |
|
| mod - core/classes/BugFilterQuery.class.php | Diff File | ||
| mod - core/commands/ProjectHierarchyAddCommand.php | Diff File | ||
| mod - core/commands/ProjectHierarchyUpdateCommand.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
| mod - manage_proj_ver_edit_page.php | Diff File | ||
|
master b91a0fbd 2025-10-24 12:00 Details Diff |
PHP 8.5: non-canonical cast deprecations (double => float) Fixes 0036615 |
Affected Issues 0036615 |
|
| mod - billing_inc.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
|
master 496d3a38 2025-10-23 08:10 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_persian.txt | Diff File | ||
|
master 48dd82c1 2025-10-22 12:32 Details Diff |
PHPDoc [skip ci] | ||
| mod - core/custom_field_api.php | Diff File | ||
|
master-2.27 5b09a801 2025-10-22 12:25 Details Diff |
Check CF default value against max_textearea length | ||
| mod - core/custom_field_api.php | Diff File | ||
|
master-2.27 e8914711 2025-10-22 11:50 Details Diff |
Add max_textarea_length to $g_public_config_names Allows other clients to implement input validation in UI before sending a request to the server. |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master-2.27 1602c96e 2025-10-22 11:45 Details Diff |
Localize field name in validation function helper_ensure_longtext_length_valid() now expects the actual field name instead of the localized one, and takes care of calling lang_get() to produce the error message. Include field name in Exception message. Add missing info for $p_field parameter in PHPDoc block. Addresses @vboctor's review comments. |
||
| mod - core/bug_api.php | Diff File | ||
| mod - core/bugnote_api.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
|
master 3529b8ef 2025-10-21 06:04 Details Diff |
Merge branch 'master-2.27' | ||
| mod - core/access_api.php | Diff File | ||
|
master 3d7741fe 2025-10-21 04:13 Details Diff |
Bump ezyang/htmlpurifier from 4.18.0 to 4.19.0 Bumps [ezyang/htmlpurifier](https://github.com/ezyang/htmlpurifier) from 4.18.0 to 4.19.0. - [Release notes](https://github.com/ezyang/htmlpurifier/releases) - [Changelog](https://github.com/ezyang/htmlpurifier/blob/master/NEWS) - [Commits](https://github.com/ezyang/htmlpurifier/compare/v4.18.0...v4.19.0) --- updated-dependencies: - dependency-name: ezyang/htmlpurifier dependency-version: 4.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Fixes 0034938, PR https://github.com/mantisbt/mantisbt/pull/2155 Signed-off-by: dependabot[bot] <support@github.com> |
Affected Issues 0034938 |
|
| mod - composer.lock | Diff File | ||
|
master-2.27 25256886 2025-10-20 11:05 Details Diff |
Check user access before setting default project Using crafted query parameters, it was possible to call set_project.php with a project_id that the user does not have access to, resulting in an invalid default project stored in the user's preferences. This caused an ERR_TOO_MANY_REDIRECTS error when accessing bug_report_page.php while the current project is ALL_PROJECTS. We now check that the user has access to the project before setting it as default, and throw an access denied if not. Fixes 0036503 |
Affected Issues 0036503 |
|
| mod - set_project.php | Diff File | ||
|
master-2.27 917b1497 2025-10-20 09:06 Details Diff |
Fix static analysis warnings | ||
| mod - manage_columns_copy.php | Diff File | ||
|
master-2.27 7befcfd9 2025-10-20 09:06 Details Diff |
Use config threshold instead of hardcoded value The access level checks to determine whether the user is allowed to copy columns were done against a hardcoded value of MANAGER, instead of using the `manage_project_threshold` configuration option. Fixes 0036515 |
Affected Issues 0036515 |
|
| mod - manage_columns_copy.php | Diff File | ||
|
master-2.27 433ba1cc 2025-10-20 04:41 Details Diff |
Return HTTP 403 from access_denied() Fixes 0036512 |
Affected Issues 0036512 |
|
| mod - core/access_api.php | Diff File | ||
|
master ac36e46d 2025-10-20 01:12 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. [skip ci] | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_persian.txt | Diff File | ||
|
dependabot/composer/ezyang/htmlpurifier-4.19.0 7e28118d 2025-10-19 21:02 dependabot[bot] Committer: community Details Diff |
Bump ezyang/htmlpurifier from 4.18.0 to 4.19.0 Bumps [ezyang/htmlpurifier](https://github.com/ezyang/htmlpurifier) from 4.18.0 to 4.19.0. - [Release notes](https://github.com/ezyang/htmlpurifier/releases) - [Changelog](https://github.com/ezyang/htmlpurifier/blob/master/NEWS) - [Commits](https://github.com/ezyang/htmlpurifier/compare/v4.18.0...v4.19.0) --- updated-dependencies: - dependency-name: ezyang/htmlpurifier dependency-version: 4.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> |
||
| mod - composer.lock | Diff File | ||
|
master 1226a6b4 2025-10-19 12:55 Details Diff |
Fix static analysis warnings | ||
| mod - api/soap/mc_api.php | Diff File | ||
|
master c864f4f7 2025-10-19 12:51 Details Diff |
PHPDoc | ||
| mod - api/soap/mc_account_api.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
|
master-2.27 2b3e63e1 2025-10-19 11:13 Details Diff |
Get pending email address from REST API Adding `email_pending` to the list of fields in the select parameter from /users endpoints will return the new email address pending user validation, if there is one. Field is not selected by default. Issue 0036005 |
Affected Issues 0036005 |
|
| mod - api/soap/mc_account_api.php | Diff File | ||
|
master-2.27 e4ffb379 2025-10-19 11:00 Details Diff |
Handle email change in UserUpdateCommand The update_user() method now triggers the email validation process via TOKEN_ACCOUNT_CHANGE_EMAIL when it is changed by the user, replicating the behavior in account_page.php. This ensures consistent behavior between REST API and GUI. Fixes 0036005 |
Affected Issues 0036005 |
|
| mod - core/commands/UserUpdateCommand.php | Diff File | ||
|
master-2.27 28946439 2025-10-19 10:59 Details Diff |
Refactor update_user() method to use DbQuery | ||
| mod - core/commands/UserUpdateCommand.php | Diff File | ||
|
master-2.27 0033f11c 2025-10-19 10:01 Details Diff |
Use 'realname' instead of 'real_name' for internal - `real_name` is used for end-user facing APIs (typically in REST and SOAP payloads or returned data). - `realname` is used internally in MantisBT core, because this is the actual column name in the user table. When updating a user, the Command is talking to the core api, so the data structure should use the internal name. Issue 0036005 |
Affected Issues 0036005 |
|
| mod - core/commands/UserUpdateCommand.php | Diff File | ||
| mod - core/email_api.php | Diff File | ||
|
master-2.27 bb8dd10b 2025-10-19 09:37 Details Diff |
Remove pending email when resetting password Issue 0036005 |
Affected Issues 0036005 |
|
| mod - lost_pwd.php | Diff File | ||
|
master-2.27 765fbd2a 2025-10-19 09:37 Details Diff |
Email validation hash not usable to reset password Since we use the same token to store the confirmation hash for all validation emails, we need to make sure that if it was generated for an email confirmation it cannot be used for a password reset, and vice versa. Fixes 0036005 |
Affected Issues 0036005 |
|
| mod - core/user_api.php | Diff File | ||
| mod - verify.php | Diff File | ||
|
master 04b94141 2025-10-19 06:03 Details Diff |
Increase spacing before lock icon on relationships Icon was showing too close to the target issue's summary. Adding a <span> with a spacing class. Fixes 0036510 |
Affected Issues 0036510 |
|
| mod - bug_view_inc.php | Diff File | ||
