Changesets: MantisBT
|
master-1.2.x 4ff4ede8 2009-07-01 08:53 Details Diff |
Add CSRF protection for manage_config_columns_set | ||
| mod - manage_columns_inc.php | Diff File | ||
| mod - manage_config_columns_set.php | Diff File | ||
|
master-1.2.x d7c138f1 2009-07-01 08:50 Details Diff |
Add CSRF protection for lost_pwd | ||
| mod - lost_pwd_page.php | Diff File | ||
| mod - lost_pwd.php | Diff File | ||
|
master 0f120c95 2009-07-01 08:43 Committer: dhx Details Diff |
Fix 0009338: CSV export does not escape all characters Changed escaping method (strings could be escaped twice). Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0009338 |
|
| mod - core/csv_api.php | Diff File | ||
|
master-1.2.x 38c5a1c4 2009-07-01 08:43 Committer: dhx Details Diff |
Fix 0009338: CSV export does not escape all characters Changed escaping method (strings could be escaped twice). Signed-off-by: David Hicks <hickseydr@optusnet.com.au> |
Affected Issues 0009338 |
|
| mod - core/csv_api.php | Diff File | ||
|
master-1.2.x c73c89ea 2009-07-01 08:40 Details Diff |
Add CSRF protection for bug_assign | ||
| mod - bug_assign.php | Diff File | ||
| mod - core/html_api.php | Diff File | ||
|
master-1.2.x d9858243 2009-07-01 08:33 Details Diff |
Add CSRF protection for bug_stick | ||
| mod - bug_stick.php | Diff File | ||
|
master-1.2.x 21f37422 2009-07-01 08:31 Details Diff |
Add CSRF protection to html_button function Generally only POST requests to the server need to have CSRF protection as they're the only ones which should be changing data. |
||
| mod - core/html_api.php | Diff File | ||
|
master-1.2.x 440bead2 2009-07-01 06:41 Details Diff |
CSRF protection not needed for jump_to_bug | ||
| mod - core/html_api.php | Diff File | ||
|
master-1.2.x 6a40ac6d 2009-07-01 06:01 Details Diff |
Add CSRF protection for bug_relationship_add | ||
| mod - bug_relationship_add.php | Diff File | ||
| mod - core/relationship_api.php | Diff File | ||
|
master 20b339b6 2009-07-01 04:07 Details Diff |
Update obsolete.php after rename of $g_reminder_recipents_monitor_bug rename Rename was performed in acbfce3bd3aad5df06309d300403764fffdebf7a This commit updates obsolete.php to inform users of the rename. |
Affected Issues 0010623 |
|
| mod - core/obsolete.php | Diff File | ||
|
master-1.2.x 726bf428 2009-07-01 04:07 Details Diff |
Update obsolete.php after rename of $g_reminder_recipents_monitor_bug rename Rename was performed in acbfce3bd3aad5df06309d300403764fffdebf7a This commit updates obsolete.php to inform users of the rename. |
||
| mod - core/obsolete.php | Diff File | ||
|
master c564f4e9 2009-06-30 23:09 Details Diff |
Fix 0010632: cannot update columns global defaults The following error occured when an administrator tried to update the global defaults for column display via manage_config_columns_page: Application error 0000700: Project "0" not found. This was caused by incorrectly validating the project ID for ALL_PROJECTS. |
Affected Issues 0010632 |
|
| mod - manage_config_columns_set.php | Diff File | ||
|
master-1.2.x af990518 2009-06-30 23:09 Details Diff |
Fix 0010632: cannot update columns global defaults The following error occured when an administrator tried to update the global defaults for column display via manage_config_columns_page: Application error 0000700: Project "0" not found. This was caused by incorrectly validating the project ID for ALL_PROJECTS. |
Affected Issues 0010632 |
|
| mod - manage_config_columns_set.php | Diff File | ||
|
master acbfce3b 2009-06-30 22:57 Details Diff |
Fix 0010623: typo in $g_reminder_recipents_monitor_bug |
Affected Issues 0010623 |
|
| mod - bug_reminder_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - bug_reminder.php | Diff File | ||
|
master-1.2.x 941a82cc 2009-06-30 22:57 Details Diff |
Fix 0010623: typo in $g_reminder_recipents_monitor_bug |
Affected Issues 0010623 |
|
| mod - bug_reminder_page.php | Diff File | ||
| mod - config_defaults_inc.php | Diff File | ||
| mod - bug_reminder.php | Diff File | ||
|
master 881305a7 2009-06-30 22:45 Details Diff |
Remove offtopic uses of handle_bug_threshold handle_bug_threshold was being used beyond it's scope, in an inconsistent way, to prevent users updating certain bug fields. This change exposes the priority field to the advanced bug report page. Anyone that can report a bug can update this field. In fact, users could always update the priority field by generating their own request to bug_report.php. The only thing that has changed is that the UI has been updated to match what happens behind the scenes. If we want to limit who can read/write to the priority field (and other fields) we really need to create some new thresholds that are checked in bug_api.php within __set, and elsewhere throughout the code as appropriate. |
||
| mod - bug_change_status_page.php | Diff File | ||
| mod - bug_report_advanced_page.php | Diff File | ||
|
master-1.2.x 75b4f76a 2009-06-30 22:45 Details Diff |
Remove offtopic uses of handle_bug_threshold handle_bug_threshold was being used beyond it's scope, in an inconsistent way, to prevent users updating certain bug fields. This change exposes the priority field to the advanced bug report page. Anyone that can report a bug can update this field. In fact, users could always update the priority field by generating their own request to bug_report.php. The only thing that has changed is that the UI has been updated to match what happens behind the scenes. If we want to limit who can read/write to the priority field (and other fields) we really need to create some new thresholds that are checked in bug_api.php within __set, and elsewhere throughout the code as appropriate. |
||
| mod - bug_change_status_page.php | Diff File | ||
| mod - bug_report_advanced_page.php | Diff File | ||
|
master 0cfb73e9 2009-06-30 22:26 Details Diff |
Don't require access check for fixed_in_version handle_bug_threshold is documented as the threshold at which someone can be assigned to a bug. Therefore we shouldn't be checking this threshold when changing the fixed_in_version field - update_bug_threshold is enough (we use it for every other field). Fixes 0010647 |
Affected Issues 0010647 |
|
| mod - core/bug_api.php | Diff File | ||
|
master-1.2.x 87a5dc26 2009-06-30 22:26 Details Diff |
Don't require access check for fixed_in_version handle_bug_threshold is documented as the threshold at which someone can be assigned to a bug. Therefore we shouldn't be checking this threshold when changing the fixed_in_version field - update_bug_threshold is enough (we use it for every other field). Fixes 0010647 |
Affected Issues 0010647 |
|
| mod - core/bug_api.php | Diff File | ||
|
master c2ef5a6c 2009-06-30 22:17 Details Diff |
Fix 0010647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. |
Affected Issues 0010647 |
|
| mod - bug_update.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master-1.2.x ad56aaa8 2009-06-30 22:17 Details Diff |
Fix 0010647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. |
Affected Issues 0010647 |
|
| mod - bug_update.php | Diff File | ||
| mod - api/soap/mc_issue_api.php | Diff File | ||
|
master ee1ac756 2009-06-30 21:50 Details Diff |
Fixes 0005012: Comments relating to . |
Affected Issues 0005012 |
|
| mod - config_defaults_inc.php | Diff File | ||
|
master-1.2.x 4e031b69 2009-06-30 21:50 Details Diff |
Fixes 0005012: Comments relating to . |
Affected Issues 0005012 |
|
| mod - config_defaults_inc.php | Diff File | ||
|
master 5affdcfc 2009-06-29 11:24 Details Diff |
Fix 0010638: allow 'bytes' to be translated |
Affected Issues 0010638 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - core/print_api.php | Diff File | ||
|
master-1.2.x aa047fe3 2009-06-29 11:24 Details Diff |
Fix 0010638: allow 'bytes' to be translated |
Affected Issues 0010638 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - core/print_api.php | Diff File | ||
