Source Control Integration

master 251d4788 2026-04-08 18:32 dregad Details Diff	Merge branch 'master-2.28'
	mod - core/commands/ProjectUsersDeleteCommand.php	Diff File
	mod - core/http_api.php	Diff File
	mod - core/user_api.php	Diff File
	mod - verify.php	Diff File
master 33562d44 2026-04-08 18:25 dregad Details Diff	Composer update - Removing sebastian/resource-operations (3.0.4) - Removing doctrine/instantiator (1.5.0) - Upgrading symfony/deprecation-contracts (v2.5.4 => v3.6.0): Extracting archive - Upgrading guzzlehttp/psr7 (2.8.0 => 2.9.0): Extracting archive - Upgrading sebastian/version (3.0.2 => 4.0.1): Extracting archive - Upgrading sebastian/type (3.2.1 => 4.0.0): Extracting archive - Upgrading sebastian/recursion-context (4.0.6 => 5.0.1): Extracting archive - Upgrading sebastian/object-reflector (2.0.4 => 3.0.0): Extracting archive - Upgrading sebastian/object-enumerator (4.0.4 => 5.0.0): Extracting archive - Upgrading sebastian/global-state (5.0.8 => 6.0.2): Extracting archive - Upgrading sebastian/exporter (4.0.8 => 5.1.4): Extracting archive - Upgrading sebastian/environment (5.1.5 => 6.1.0): Extracting archive - Upgrading sebastian/diff (4.0.6 => 5.1.1): Extracting archive - Upgrading sebastian/comparator (4.0.10 => 5.0.5): Extracting archive - Upgrading sebastian/code-unit (1.0.8 => 2.0.0): Extracting archive - Upgrading sebastian/cli-parser (1.0.2 => 2.0.1): Extracting archive - Upgrading phpunit/php-timer (5.0.3 => 6.0.0): Extracting archive - Upgrading phpunit/php-text-template (2.0.4 => 3.0.1): Extracting archive - Upgrading phpunit/php-invoker (3.1.1 => 4.0.0): Extracting archive - Upgrading phpunit/php-file-iterator (3.0.6 => 4.1.0): Extracting archive - Upgrading sebastian/lines-of-code (1.0.4 => 2.0.2): Extracting archive - Upgrading sebastian/complexity (2.0.3 => 3.2.0): Extracting archive - Upgrading sebastian/code-unit-reverse-lookup (2.0.3 => 3.0.0): Extracting archive - Upgrading phpunit/php-code-coverage (9.2.32 => 10.1.16): Extracting archive - Upgrading phpunit/phpunit (9.6.34 => 10.5.63): Extracting archive - Upgrading pimple/pimple (v3.6.0 => v3.6.2): Extracting archive Issue 0036914	Affected Issues 0036914
	mod - composer.lock	Diff File
master 6b49c1e3 2026-04-08 18:22 dregad Details Diff	Composer: remove PHPUnit 9.x Fixes 0036914	Affected Issues 0036914
	mod - composer.json	Diff File
master-2.28 5fec0f44 2026-04-08 04:49 dregad Details Diff	Escape textarea custom field for display Prevents HTML injection / XSS in bug_update_page.php. Fixes 0037003, GHSA-qj6w-v29q-4rgx Co-authored-by: Nozomu Sasaki <nzm117ssk@gmail.com>	Affected Issues 0037003
	mod - core/cfdefs/cfdef_standard.php	Diff File
master-2.28 2ec1b106 2026-04-07 12:02 dregad Details Diff	Revert use of string_url() in http_api.php Requiring string_api.php was causing a circular inclusion pattern of the core APIs, resulting in rejection of Secure Cookies by the browser. Partial revert of commit 5393a5663d33a0060d13ee0d4517bb701ddac40d. Fixes 0036819	Affected Issues 0036819
	mod - core/http_api.php	Diff File
master-2.28 e6be7c24 2026-04-06 08:26 dregad Details Diff	Check user id validity early in verify.php It makes no sense to attempt login if the user does not exist. Minor optimization: make use of extracted $u_username variable instead of calling user_get_username(). Fixes 0037006	Affected Issues 0037006
	mod - verify.php	Diff File
master-2.28 e2d7dcda 2026-04-06 08:19 dregad Details Diff	Fix record not found check in user_cache_row() Using empty() instead of !isset(), so both false and null trigger the exception. Regression from 2cee661cbdf9bf607a75586b8376f74675c924af. Fixes 0037005	Affected Issues 0037005
	mod - core/user_api.php	Diff File
master f4795e18 2026-04-06 08:08 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net. [skip ci]
	mod - lang/strings_ukrainian.txt	Diff File
	mod - plugins/MantisCoreFormatting/lang/strings_ukrainian.txt	Diff File
master 70bfd6ae 2026-04-06 07:45 dregad Details Diff	PHPDoc
	mod - core/access_api.php	Diff File
master bf3b3641 2026-04-04 06:02 vboctor Committer: dregad Details Diff	Deleting a user now deletes its filters Fixes 0037004	Affected Issues 0037004
	mod - core/filter_api.php	Diff File
	mod - core/user_api.php	Diff File
master-2.28 b8d84f3c 2026-04-04 05:40 vboctor Committer: dregad Details Diff	Fix intermittent error when deleting user from project Fixes 0032998, PR https://github.com/mantisbt/mantisbt/pull/2199	Affected Issues 0032998
	mod - core/commands/ProjectUsersDeleteCommand.php	Diff File
master 9fc59f7e 2026-03-31 13:38 dregad Details Diff	Fix static analysis warnings
	mod - bug_revision_view_page.php	Diff File
	mod - core/access_api.php	Diff File
master-2.28 b262b4d2 2026-03-30 13:32 dregad Details Diff	Prevent unauthorized attachment upload via REST file_allow_project_upload() has been modified to check access for upload_bug_file_threshold against - project for new issues - bug for existing issues Fixes 0036976, GHSA-h4x5-gvx6-3rwc	Affected Issues 0036976
	mod - core/file_api.php	Diff File
master 09671193 2026-03-30 12:05 dregad Details Diff	Fix static analysis warnings, whitespace, PHPDoc
	mod - core/commands/IssueFileAddCommand.php	Diff File
master-2.28 de7bdeec 2026-03-30 11:42 dregad Details Diff	Prevent access to private issues' file attachments Adding access checks ensuring that the user is allowed to view the attachments' parent issue, before listing or downloading them: - file_can_view_or_download() function - IssueFileGetCommand::validate() method Fixes 0036977, GHSA-rmp5-5jj7-gmvf	Affected Issues 0036977
	mod - core/commands/IssueFileGetCommand.php	Diff File
	mod - core/file_api.php	Diff File
master 965df5ed 2026-03-30 10:48 dregad Details Diff	Fix static analysis warnings
	mod - api/rest/restcore/issues_rest.php	Diff File
	mod - core/commands/IssueFileGetCommand.php	Diff File
	mod - file_download.php	Diff File
master d400614c 2026-03-30 10:46 dregad Details Diff	Code cleanup: merge if statement The following switch is based on the exact same condition.
	mod - file_download.php	Diff File
master 209f5d33 2026-03-30 10:43 dregad Details Diff	Code cleanup: remove unnecessary variables
	mod - core/file_api.php	Diff File
master 12a20c13 2026-03-30 08:10 translatewiki.net Details Diff	Localisation updates from https://translatewiki.net. [skip ci]
	mod - lang/strings_ukrainian.txt	Diff File
master-2.28 0a93267d 2026-03-28 14:16 dregad Details Diff	Only let users monitor private issues they can access Fixes an information disclosure vulnerability, which was introduced by the fix for issue 0033404. MonitorAddCommand now checks for monitor_bug_threshold differently, depending on whether the user is adding themselves (bug-level check) or someone lese (project-level check). Fixes 0036975	Affected Issues 0033404, 0036975
	mod - core/commands/MonitorAddCommand.php	Diff File
master 6754a8b2 2026-03-28 12:59 dregad Details Diff	Fix static analysis warnings Refactoring the label for profile_id as PHPStorm's inspection does not detect it when it is injected via echo statements.
	mod - bug_report_page.php	Diff File
master-2.28 df22697a 2026-03-28 12:46 dregad Details Diff	Escape Project name in bug_report_page.php Prevents XSS in Clone context (i.e. if m_id parameter is provided) when the current project is different from the master issue's. Fixes 0036986, GHSA-fvjf-68wh-rwp2	Affected Issues 0036986
	mod - bug_report_page.php	Diff File
master-2.28 69e0180f 2026-03-27 13:53 dregad Details Diff	Fix privilege escalation in ProjectUsersAddCommand Prevents MANAGER users from upgrading themselves or other users to project-level ADMINISTRATOR. Fixes 0036995	Affected Issues 0036995
	mod - core/commands/ProjectUsersAddCommand.php	Diff File
master 6468c95d 2026-03-27 13:49 dregad Details Diff	Fix spelling [skip ci]
	mod - manage_proj_user_update.php	Diff File
master 1b1a3133 2026-03-23 08:47 dregad Details Diff	Merge branch 'master-2.28'
	mod - core/csv_api.php	Diff File

Changesets: MantisBT