Changesets: MantisBT
|
master acb89edc 2009-12-03 14:26 Details Diff |
Documented plugin events and hooks. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
|
master-1.2.x 455606c8 2009-12-03 14:25 Details Diff |
Documented plugin pages and files. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
|
master 7414c5b8 2009-12-03 14:25 Details Diff |
Documented plugin pages and files. | ||
| mod - docbook/developers/en/plugins-building.sgml | Diff File | ||
|
master-1.2.x 52b3a40a 2009-12-03 12:02 Details Diff |
Fix 0011065: Fix internal admin guide links |
Affected Issues 0011065 |
|
| mod - docbook/adminguide/en/installation.sgml | Diff File | ||
| mod - docbook/adminguide/en/page_descriptions.sgml | Diff File | ||
| mod - docbook/adminguide/en/authentication.sgml | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
|
master bb5e03c5 2009-12-03 12:02 Details Diff |
Fix 0011065: Fix internal admin guide links |
Affected Issues 0011065 |
|
| mod - docbook/adminguide/en/installation.sgml | Diff File | ||
| mod - docbook/adminguide/en/page_descriptions.sgml | Diff File | ||
| mod - docbook/adminguide/en/authentication.sgml | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
|
master-1.2.x 0fff6e7e 2009-12-03 11:48 Details Diff |
Issue 0011065: Add admin guide chapter/section ids |
Affected Issues 0011065 |
|
| mod - docbook/adminguide/en/workflow.sgml | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - docbook/adminguide/en/authentication.sgml | Diff File | ||
| mod - docbook/adminguide/en/page_descriptions.sgml | Diff File | ||
| mod - docbook/adminguide/en/contributing.sgml | Diff File | ||
| mod - docbook/adminguide/en/about.sgml | Diff File | ||
| mod - docbook/adminguide/en/installation.sgml | Diff File | ||
| mod - docbook/adminguide/en/customizing_mantis.sgml | Diff File | ||
| mod - docbook/adminguide/en/project_management.sgml | Diff File | ||
| mod - docbook/adminguide/en/user_management.sgml | Diff File | ||
|
master 28e4cbb5 2009-12-03 11:48 Details Diff |
Issue 0011065: Add admin guide chapter/section ids |
Affected Issues 0011065 |
|
| mod - docbook/adminguide/en/workflow.sgml | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - docbook/adminguide/en/authentication.sgml | Diff File | ||
| mod - docbook/adminguide/en/page_descriptions.sgml | Diff File | ||
| mod - docbook/adminguide/en/contributing.sgml | Diff File | ||
| mod - docbook/adminguide/en/about.sgml | Diff File | ||
| mod - docbook/adminguide/en/installation.sgml | Diff File | ||
| mod - docbook/adminguide/en/customizing_mantis.sgml | Diff File | ||
| mod - docbook/adminguide/en/project_management.sgml | Diff File | ||
| mod - docbook/adminguide/en/user_management.sgml | Diff File | ||
|
master-1.2.x 0085bcd7 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
| mod - verify.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
|
master aa042ae6 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
| mod - verify.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
|
master-1.2.x 53428442 2009-12-03 08:57 Details Diff |
Fix 0011253: Projection column not shown correctly |
Affected Issues 0011253 |
|
| mod - core/columns_api.php | Diff File | ||
|
master 09b1691c 2009-12-03 08:57 Details Diff |
Fix 0011253: Projection column not shown correctly |
Affected Issues 0011253 |
|
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x 5c05c074 2009-12-01 22:13 Details Diff |
Fixes 0011099: Signup email notifications are not encoded correctly. |
Affected Issues 0011099 |
|
| mod - core/email_api.php | Diff File | ||
|
master 0dc5580d 2009-12-01 22:13 Details Diff |
Fixes 0011099: Signup email notifications are not encoded correctly. |
Affected Issues 0011099 |
|
| mod - core/email_api.php | Diff File | ||
|
master-1.2.x 2515b365 2009-12-01 06:44 Details Diff |
Fix 0011223: RSS image has execute permission bits set /images/rss.png has the execute permission bits set incorrectly. Thanks to cor3huis for reporting this bug. |
Affected Issues 0011223 |
|
|
master e95b87a3 2009-12-01 06:44 Details Diff |
Fix 0011223: RSS image has execute permission bits set /images/rss.png has the execute permission bits set incorrectly. Thanks to cor3huis for reporting this bug. |
Affected Issues 0011223 |
|
|
master-1.2.x d55a7f24 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
| mod - core/print_api.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
|
master 403cd6c1 2009-12-01 04:49 Details Diff |
Fix 0011247: XSS in various management pages (project names) A project name containing "<script>alert(42);</script>" would result in XSS vulnerabilities in adm_config_report.php and manage_custom_field_edit_page.php due to unsanitised project names being printed directly to HTML output. |
Affected Issues 0011247 |
|
| mod - adm_config_report.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x ccae795a 2009-12-01 04:32 Details Diff |
Fix 0011246: XSS bug in category dropdown selector If a category name contains "<script>alert(42);</script>" then it would result in a XSS vulnerability whenever a category dropdown list was printed. This applies to pages such as bug reporting, updating a bug, etc. |
Affected Issues 0011246 |
|
| mod - core/print_api.php | Diff File | ||
|
master 98f63cf5 2009-12-01 04:32 Details Diff |
Fix 0011246: XSS bug in category dropdown selector If a category name contains "<script>alert(42);</script>" then it would result in a XSS vulnerability whenever a category dropdown list was printed. This applies to pages such as bug reporting, updating a bug, etc. |
Affected Issues 0011246 |
|
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x b4b275a5 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
| mod - core/columns_api.php | Diff File | ||
|
master 141cbe6e 2009-12-01 03:24 Details Diff |
Fix 0011245: Sanitise project name in print_column_category_id() If a project name contains "<script>alert(42);</script>" then due to lack of sanitisation, a XSS vulnerability existed whenever the category column was printed with the bad project name included. |
Affected Issues 0011245 |
|
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x df0a5af4 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
| mod - changelog_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
|
master 96ab63b6 2009-12-01 02:45 Details Diff |
Fix 0011244: XSS on change log and roadmap pages (project names) If a project name is changed to contain "<script>alert(42);</script>" then viewing the road map or change log pages will result in a Javascript alert message appearing. This shows that an XSS flaw exists due to a lack of sanitisation of the project name. |
Affected Issues 0011244 |
|
| mod - changelog_page.php | Diff File | ||
| mod - roadmap_page.php | Diff File | ||
| mod - core/custom_function_api.php | Diff File | ||
|
master-1.2.x b66d1b04 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
|
master be4dbbf8 2009-12-01 02:28 Details Diff |
Fix 0011243: XSS on view_all_bug_page.php due to bad sanitising defaults Columns on view_all_bug_page.php are not sanitised by default when there is no special function defined for formatting and printing the column value. This leads to a problem where a column such as 'version' can introduce an XSS flaw when a malicious user has the ability to create their own versions containing Javascript. For columns with existing printing/formatting functions, these have been improved with the use of string sanitisation where applicable. |
Affected Issues 0011243 |
|
| mod - core/custom_function_api.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
