Changesets: MantisBT
|
master-1.2.x 7424813f 2009-12-14 15:29 Details Diff |
Localisation updates from translatewiki.net (backported) | ||
| mod - plugins/MantisGraph/lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_slovak.txt | Diff File | ||
| mod - lang/strings_arabicegyptianspoken.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_galician.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_french.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_japanese.txt | Diff File | ||
| mod - lang/strings_bulgarian.txt | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_swissgerman.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_norwegian_bokmal.txt | Diff File | ||
| mod - lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_swedish.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_swissgerman.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_swissgerman.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_finnish.txt | Diff File | ||
| mod - lang/strings_slovene.txt | Diff File | ||
| mod - lang/strings_urdu.txt | Diff File | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_german.txt | Diff File | ||
| mod - lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_portuguese_standard.txt | Diff File | ||
| mod - lang/strings_tagalog.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_estonian.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_galician.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_occitan.txt | Diff File | ||
| mod - lang/strings_romanian.txt | Diff File | ||
| mod - lang/strings_catalan.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
| add - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_serbian.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_occitan.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_danish.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_japanese.txt | Diff File | ||
| mod - lang/strings_swissgerman.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_polish.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_german.txt | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_occitan.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_french.txt | Diff File | ||
| mod - lang/strings_icelandic.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_japanese.txt | Diff File | ||
|
master-1.2.x b6874d81 2009-12-14 15:11 Details Diff |
Backport a few fixes with colons and word separators | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_revert.php | Diff File | ||
| mod - print_bugnote_inc.php | Diff File | ||
|
master 39d36e0d 2009-12-09 18:45 Details Diff |
Add docs for install(), rewrap init() | ||
| mod - core/classes/MantisPlugin.class.php | Diff File | ||
|
master-1.2.x ce2c3272 2009-12-06 09:53 Details Diff |
Fix 0011263: Refactor and cleanup return_dynamic_filters.php This file didn't use already-available API such as error_api and gpc_api. Thus it had poor duplication of existing code, leading to a number of bugs, mostly relating to the display of error messages. The file should be a little bit cleaner and easier to read now. |
Affected Issues 0011263 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - return_dynamic_filters.php | Diff File | ||
|
master f92e62ec 2009-12-06 09:53 Details Diff |
Fix 0011263: Refactor and cleanup return_dynamic_filters.php This file didn't use already-available API such as error_api and gpc_api. Thus it had poor duplication of existing code, leading to a number of bugs, mostly relating to the display of error messages. The file should be a little bit cleaner and easier to read now. |
Affected Issues 0011263 |
|
| mod - return_dynamic_filters.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
master-1.2.x 21299299 2009-12-06 09:49 Details Diff |
Fix 0011262: XSS issues in various print_X_option_list functions In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing. |
Affected Issues 0011262 |
|
| mod - core/print_api.php | Diff File | ||
|
master a2ae2348 2009-12-06 09:49 Details Diff |
Fix 0011262: XSS issues in various print_X_option_list functions In some of the print_X_option_list functions from print_api.php, certain strings (many user definable, others project manager definable) are not sanitised before being used in the dropdown option lists. Examples are the OS, platform, version and some project dropdown option lists. These problems can be reproduced by using return_dynamic_filters.php to output a vulnerable dropdown list of your choosing. |
Affected Issues 0011262 |
|
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x f3d56d77 2009-12-06 07:34 Details Diff |
Disallow admins from changing _page and _url settings The settings ending with _page and _url are fairly sensitive and therefore should only be changed on a global level by someone with access to the server (via config_inc.php). Otherwise it becomes possible for someone with database access to change a _page setting to remotely include/execute unwanted .php files or redirect people to other external websites. |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master 8f95c9e3 2009-12-06 07:34 Details Diff |
Disallow admins from changing _page and _url settings The settings ending with _page and _url are fairly sensitive and therefore should only be changed on a global level by someone with access to the server (via config_inc.php). Otherwise it becomes possible for someone with database access to change a _page setting to remotely include/execute unwanted .php files or redirect people to other external websites. |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master-1.2.x 908a1fb7 2009-12-06 06:57 Details Diff |
Add extra sanitisation to html_title() This is required just in case html_title() is called with a page title that contains a string/value that could contain unsafe characters that could trigger an XSS bug. |
||
| mod - core/html_api.php | Diff File | ||
|
master 538717ff 2009-12-06 06:57 Details Diff |
Add extra sanitisation to html_title() This is required just in case html_title() is called with a page title that contains a string/value that could contain unsafe characters that could trigger an XSS bug. |
||
| mod - core/html_api.php | Diff File | ||
|
master-1.2.x ca638c79 2009-12-06 06:42 Details Diff |
Fix 0011261: XSS in error output as MantisCoreFormatting isn't loaded print_project_menu_bar() is called when an error occurs in MantisBT (to produce the HTML output for the error page). At this point of time, MantisCoreFormatting may not be loaded by MantisBT and therefore the string_display_* sanitisation functions won't be executed. Thus we must force the use of a the string_html_specialchars() function to ensure that these strings are safely sanitised even when MantisCoreFormatting isn't loaded (yet). |
Affected Issues 0011261 |
|
| mod - core/html_api.php | Diff File | ||
|
master 26e2d3b6 2009-12-06 06:42 Details Diff |
Fix 0011261: XSS in error output as MantisCoreFormatting isn't loaded print_project_menu_bar() is called when an error occurs in MantisBT (to produce the HTML output for the error page). At this point of time, MantisCoreFormatting may not be loaded by MantisBT and therefore the string_display_* sanitisation functions won't be executed. Thus we must force the use of a the string_html_specialchars() function to ensure that these strings are safely sanitised even when MantisCoreFormatting isn't loaded (yet). |
Affected Issues 0011261 |
|
| mod - core/html_api.php | Diff File | ||
|
master 964915c9 2009-12-05 15:18 Details Diff |
Localisation updates from translatewiki.net (2009-12-05) | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
|
master-1.2.x 1740b99c 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
| mod - permalink_page.php | Diff File | ||
|
master 3363f907 2009-12-05 09:09 Details Diff |
Fix 0011260: Attribute injection/XSS in permalink_page.php HTML attribute injection via: permalink_page.php?url=%22%20style=%22display:none%22 This is a possible XSS issue, although <script> tags don't have any direct effect. It's still possible to use CSS to do naughty things. |
Affected Issues 0011260 |
|
| mod - permalink_page.php | Diff File | ||
|
master-1.2.x ef0b66b4 2009-12-04 15:54 Details Diff |
Added indexes to tag tables | ||
| mod - admin/schema.php | Diff File | ||
|
master 5763eb7e 2009-12-04 15:54 Details Diff |
Added indexes to tag tables | ||
| mod - admin/schema.php | Diff File | ||
|
master-1.2.x 03d54d98 2009-12-03 17:49 Details Diff |
Implemented multi-part plugin dependency checks Plugins can now declare multi-part version dependencies, separating parts with commas. This allows plugins to declare both a minimum and maximum version dependency at the same time, or potentially multiple minimum and maximum parts. Also, for consistency with other plugin dependency systems (such as Mozilla's), the plugin manager has moved from a less-than to a less-than-or-equal dependency measure, to easily specify the highest known-compatible version in a dependency declaration. As part of this, dependencies can use either the existing "< XYZ" or a more-correct "<= XYZ" string, and both will be interpreted as lte. |
||
| mod - core/plugin_api.php | Diff File | ||
|
master 3991a0a7 2009-12-03 17:49 Details Diff |
Implemented multi-part plugin dependency checks Plugins can now declare multi-part version dependencies, separating parts with commas. This allows plugins to declare both a minimum and maximum version dependency at the same time, or potentially multiple minimum and maximum parts. Also, for consistency with other plugin dependency systems (such as Mozilla's), the plugin manager has moved from a less-than to a less-than-or-equal dependency measure, to easily specify the highest known-compatible version in a dependency declaration. As part of this, dependencies can use either the existing "< XYZ" or a more-correct "<= XYZ" string, and both will be interpreted as lte. |
||
| mod - core/plugin_api.php | Diff File | ||
|
master-1.2.x c0f84e15 2009-12-03 17:17 Details Diff |
Fixes 0011215: tns:AttachmentData download_url does not encode ampersands |
Affected Issues 0011215 |
|
| mod - api/soap/mc_project_api.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master 1690847b 2009-12-03 17:17 Details Diff |
Fixes 0011215: tns:AttachmentData download_url does not encode ampersands |
Affected Issues 0011215 |
|
| mod - api/soap/mc_issue_api.php | Diff File | ||
| mod - api/soap/mc_project_api.php | Diff File | ||
|
master-1.2.x 8ee16840 2009-12-03 15:23 Details Diff |
Documented plugin configuration. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
|
master b0f99a7b 2009-12-03 15:23 Details Diff |
Documented plugin configuration. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
|
master-1.2.x edcc93f8 2009-12-03 14:26 Details Diff |
Documented plugin events and hooks. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
