Changesets: MantisBT
|
master 64c28d4d 2009-07-13 19:13 Paul Richards Details Diff |
Add empty $g_dsn definition to default config file | ||
| mod - core/database_api.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
|
master-1.2.x 83226dad 2009-07-13 16:25 Details Diff |
Allow tags to contain +/- as long as they aren't the first character. | ||
| mod - core/tag_api.php | Diff File | ||
|
master d9c3d637 2009-07-13 16:25 Details Diff |
Allow tags to contain +/- as long as they aren't the first character. | ||
| mod - core/tag_api.php | Diff File | ||
|
master-1.1.x ea368049 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
| mod - account_page.php | Diff File | ||
| mod - verify.php | Diff File | ||
|
master-1.2.x 4f9d3515 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
| mod - account_page.php | Diff File | ||
| mod - verify.php | Diff File | ||
|
master c3a3ffe8 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
| mod - account_page.php | Diff File | ||
| mod - verify.php | Diff File | ||
|
master-1.2.x f1527557 2009-07-13 01:51 Details Diff |
Fixes 0010698: Refactor simple / advanced update pages for consistency. |
Affected Issues 0010698 |
|
| mod - bug_update_page.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
| mod - docbook/adminguide/en/user_management.sgml | Diff File | ||
| mod - account_prefs_inc.php | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - bug_update_advanced_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
|
master 7a805af3 2009-07-13 01:51 Details Diff |
Fixes 0010698: Refactor simple / advanced update pages for consistency. |
Affected Issues 0010698 |
|
| mod - bug_update_page.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
| mod - docbook/adminguide/en/user_management.sgml | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
| mod - account_prefs_inc.php | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - bug_update_advanced_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
|
master 29b13fb8 2009-07-12 18:04 Details Diff |
Issue 0010708: Relationship graphs broken after refactoring of bug_view_inc.php - Fixed the access_denied issue in relationship graphs. - Fixed the access_denied issue in bug reminders. I don't have the relationship graphs setup, so won't mark the issue as resolved yet until dhx verifies it. |
Affected Issues 0010708 |
|
| mod - bug_relationship_graph.php | Diff File | ||
| mod - view.php | Diff File | ||
| mod - bug_reminder_page.php | Diff File | ||
|
master-1.2.x 633799cf 2009-07-12 18:04 Committer: dhx Details Diff |
Issue 0010708: Relationship graphs broken after refactoring of bug_view_inc.php - Fixed the access_denied issue in relationship graphs. - Fixed the access_denied issue in bug reminders. I don't have the relationship graphs setup, so won't mark the issue as resolved yet until dhx verifies it. Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0010708 |
|
| mod - view.php | Diff File | ||
| mod - bug_relationship_graph.php | Diff File | ||
| mod - bug_reminder_page.php | Diff File | ||
|
master 546e72b1 2009-07-11 04:17 Details Diff |
More work relating to issue 0010696: Refactor simple / advanced / change status view for consistency. 1. Use array of fields to specify fields to be displayed on issue view page. 2. Remove the concept of simple vs. advanced view issue pages. 3. Re-add the configuration options that can disable usage of certain fields. The same sort of changes need to be done for report / update / print pages. |
Affected Issues 0010696 |
|
| mod - core/html_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - bug_update_advanced_page.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - print_bug_page.php | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - core/version_api.php | Diff File | ||
| mod - bug_change_status_page.php | Diff File | ||
| mod - view_filters_page.php | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
| mod - bug_report_advanced_page.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - bug_report_page.php | Diff File | ||
| mod - bug_view_advanced_page.php | Diff File | ||
| mod - bug_view_page.php | Diff File | ||
| mod - view.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
|
master-1.2.x 566a4f02 2009-07-11 04:17 Details Diff |
More work relating to issue 0010696: Refactor simple / advanced / change status view for consistency. 1. Use array of fields to specify fields to be displayed on issue view page. 2. Remove the concept of simple vs. advanced view issue pages. 3. Re-add the configuration options that can disable usage of certain fields. The same sort of changes need to be done for report / update / print pages. |
Affected Issues 0010696 |
|
| mod - core/constant_inc.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
| mod - bug_update_advanced_page.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - bug_report_page.php | Diff File | ||
| mod - core/version_api.php | Diff File | ||
| mod - bug_change_status_page.php | Diff File | ||
| mod - docbook/adminguide/en/configuration.sgml | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - view_filters_page.php | Diff File | ||
| mod - bug_report_advanced_page.php | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
| mod - bug_view_advanced_page.php | Diff File | ||
| mod - bug_view_page.php | Diff File | ||
| mod - view.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - print_bug_page.php | Diff File | ||
|
master-1.2.x 2a6892bc 2009-07-11 01:11 Details Diff |
Teach MantisBT to bake tough cookies The Secure cookie flag is now set for all cookies when the user is browsing via a TLS protected connection. Originally this flag was only set for the PHP session ID cookie. MantisBT now supports the HttpOnly cookie flag and will use it when possible (PHP 5.2.0 is required). This flag tells the client browser to deny Javascript access to the cookie (both reading and writing). As such, this flag is very useful in providing another layer of protection against XSS attacks. The gpc_set_cookie function has an additional parameter to disable the HttpOnly flag on a per-cookie basis. This parameter should be set to false when sending a cookie to the client that client-side Javascript needs to read or write. Fixes 0010709,0010712 |
Affected Issues 0010709, 0010712 |
|
| mod - core/session_api.php | Diff File | ||
| mod - core/gpc_api.php | Diff File | ||
|
master 58a67eef 2009-07-11 01:11 Details Diff |
Teach MantisBT to bake tough cookies The Secure cookie flag is now set for all cookies when the user is browsing via a TLS protected connection. Originally this flag was only set for the PHP session ID cookie. MantisBT now supports the HttpOnly cookie flag and will use it when possible (PHP 5.2.0 is required). This flag tells the client browser to deny Javascript access to the cookie (both reading and writing). As such, this flag is very useful in providing another layer of protection against XSS attacks. The gpc_set_cookie function has an additional parameter to disable the HttpOnly flag on a per-cookie basis. This parameter should be set to false when sending a cookie to the client that client-side Javascript needs to read or write. Fixes 0010709,0010712 |
Affected Issues 0010709, 0010712 |
|
| mod - core/session_api.php | Diff File | ||
| mod - core/gpc_api.php | Diff File | ||
|
master 641b3a69 2009-07-10 20:57 Details Diff |
Bump version to 1.3.0dev | ||
| mod - doc/RELEASE | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
| mod - core/constant_inc.php | Diff File | ||
|
master-1.2.x 7d334bd6 2009-07-10 20:20 Details Diff |
Bump release notes for 1.2.0rc2 | ||
| mod - doc/RELEASE | Diff File | ||
| mod - core/obsolete.php | Diff File | ||
|
master ce27f552 2009-07-10 19:39 Details Diff |
Use SCRIPT_NAME instead of PHP_SELF $_SERVER['SCRIPT_NAME'] does a similar thing to $_SERVER['PHP_SELF'] except it is defined in the CGI standard. Many web servers, by defualt, don't expose PHP_SELF when using CGI/FastCGI. They do expose SCRIPT_NAME, so this is a better choice to use. See: http://hoohoo.ncsa.illinois.edu/cgi/env.html http://www.php.net/manual/en/reserved.variables.server.php http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm |
Affected Issues 0005753 |
|
| mod - core/html_api.php | Diff File | ||
| mod - core.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - admin/test_email.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - api/soap/mantisconnect.php | Diff File | ||
| mod - core/utility_api.php | Diff File | ||
|
master-1.2.x 2fe55fdd 2009-07-10 19:39 Details Diff |
Use SCRIPT_NAME instead of PHP_SELF $_SERVER['SCRIPT_NAME'] does a similar thing to $_SERVER['PHP_SELF'] except it is defined in the CGI standard. Many web servers, by defualt, don't expose PHP_SELF when using CGI/FastCGI. They do expose SCRIPT_NAME, so this is a better choice to use. See: http://hoohoo.ncsa.illinois.edu/cgi/env.html http://www.php.net/manual/en/reserved.variables.server.php http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm |
Affected Issues 0005753 |
|
| mod - core/html_api.php | Diff File | ||
| mod - core.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
| mod - core/authentication_api.php | Diff File | ||
| mod - manage_config_email_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - manage_config_workflow_page.php | Diff File | ||
| mod - core/database_api.php | Diff File | ||
| mod - admin/test_email.php | Diff File | ||
| mod - manage_config_work_threshold_page.php | Diff File | ||
| mod - api/soap/mantisconnect.php | Diff File | ||
| mod - core/utility_api.php | Diff File | ||
|
master 55e48e0e 2009-07-10 19:24 Details Diff |
Revert "Add additional settings to g_global_settings" This reverts commit 5d6b5259db666e61cd6476b382129d5fe8f42ce5. Instead of banning these additional settings from being locatable in the database, we really need a new array of settings that cannot be set on a per-project basis. |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master 949b4809 2009-07-10 18:50 Details Diff |
Allow deletion of all per-project config options When upgrading incorrect configuration stored in the database, administrators need the ability to remove per-project configuration options that must only be set globally (via $g_global_configuration). |
||
| mod - adm_config_delete.php | Diff File | ||
|
master-1.2.x 392ccb1f 2009-07-10 18:50 Details Diff |
Allow deletion of all per-project config options When upgrading incorrect configuration stored in the database, administrators need the ability to remove per-project configuration options that must only be set globally (via $g_global_configuration). |
||
| mod - adm_config_delete.php | Diff File | ||
|
master 5d6b5259 2009-07-10 18:46 Details Diff |
Add additional settings to g_global_settings These configuration options also cannot be set on a per-project basis as they affect the entire Mantis installation when set. |
||
| mod - config_defaults_inc.php | Diff File | ||
|
master-1.2.x 3593ed97 2009-07-10 16:30 Details Diff |
When creating users, store the hashed password | ||
| mod - core/user_api.php | Diff File | ||
|
master a888575c 2009-07-10 16:30 Details Diff |
When creating users, store the hashed password | ||
| mod - core/user_api.php | Diff File | ||
|
master-1.2.x 59f7a129 2009-07-10 10:00 Details Diff |
Version bump | ||
| mod - core/constant_inc.php | Diff File | ||
