Changesets: MantisBT
|
i27768-proj-del-bug-count 6c94c808 2020-12-17 05:06 Details Diff |
Improve Project delete confirmation message The 'project_delete_msg' string now includes the bug count in addition to the Project's name. New Project API function project_get_bug_count() returns the number of issues associated to the given project. Fixes 0027768 |
||
| mod - core/project_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_proj_delete.php | Diff File | ||
|
master acb9593c 2020-12-17 05:06 Details Diff |
Remove unused language string 'category_delete_sure_msg' was replaced by 'category_delete_confirm_msg' in commit 8379a94f8cfe43136c922838449d412ad0674648. Issue 0020198 |
Affected Issues 0020198 |
|
| mod - lang/strings_arabic.txt | Diff File | ||
| mod - lang/strings_arabicegyptianspoken.txt | Diff File | ||
| mod - lang/strings_asturian.txt | Diff File | ||
| mod - lang/strings_basque.txt | Diff File | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_breton.txt | Diff File | ||
| mod - lang/strings_bulgarian.txt | Diff File | ||
| mod - lang/strings_catalan.txt | Diff File | ||
| mod - lang/strings_chinese_simplified.txt | Diff File | ||
| mod - lang/strings_chinese_traditional.txt | Diff File | ||
| mod - lang/strings_croatian.txt | Diff File | ||
| mod - lang/strings_czech.txt | Diff File | ||
| mod - lang/strings_danish.txt | Diff File | ||
| mod - lang/strings_dutch.txt | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - lang/strings_estonian.txt | Diff File | ||
| mod - lang/strings_finnish.txt | Diff File | ||
| mod - lang/strings_french.txt | Diff File | ||
| mod - lang/strings_galician.txt | Diff File | ||
| mod - lang/strings_georgian.txt | Diff File | ||
| mod - lang/strings_german.txt | Diff File | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_hebrew.txt | Diff File | ||
| mod - lang/strings_hungarian.txt | Diff File | ||
| mod - lang/strings_icelandic.txt | Diff File | ||
| mod - lang/strings_interlingua.txt | Diff File | ||
| mod - lang/strings_italian.txt | Diff File | ||
| mod - lang/strings_japanese.txt | Diff File | ||
| mod - lang/strings_korean.txt | Diff File | ||
| mod - lang/strings_latvian.txt | Diff File | ||
| mod - lang/strings_lithuanian.txt | Diff File | ||
| mod - lang/strings_macedonian.txt | Diff File | ||
| mod - lang/strings_norwegian_bokmal.txt | Diff File | ||
| mod - lang/strings_occitan.txt | Diff File | ||
| mod - lang/strings_persian.txt | Diff File | ||
| mod - lang/strings_polish.txt | Diff File | ||
| mod - lang/strings_portuguese_brazil.txt | Diff File | ||
| mod - lang/strings_portuguese_standard.txt | Diff File | ||
| mod - lang/strings_ripoarisch.txt | Diff File | ||
| mod - lang/strings_romanian.txt | Diff File | ||
| mod - lang/strings_russian.txt | Diff File | ||
| mod - lang/strings_serbian.txt | Diff File | ||
| mod - lang/strings_serbian_latin.txt | Diff File | ||
| mod - lang/strings_slovak.txt | Diff File | ||
| mod - lang/strings_slovene.txt | Diff File | ||
| mod - lang/strings_spanish.txt | Diff File | ||
| mod - lang/strings_swedish.txt | Diff File | ||
| mod - lang/strings_swissgerman.txt | Diff File | ||
| mod - lang/strings_tagalog.txt | Diff File | ||
| mod - lang/strings_turkish.txt | Diff File | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - lang/strings_urdu.txt | Diff File | ||
| mod - lang/strings_vietnamese.txt | Diff File | ||
| mod - lang/strings_volapuk.txt | Diff File | ||
|
master 5a92a393 2020-12-17 04:16 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_belarusian_tarask.txt | Diff File | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
|
master 2485659b 2020-12-15 19:39 dependabot-preview[bot] Committer: dregad Details Diff |
Bump adodb/adodb-php from 5.20.18 to 5.20.19 Bumps [adodb/adodb-php](https://github.com/ADOdb/ADOdb) from 5.20.18 to 5.20.19. - [Release notes](https://github.com/ADOdb/ADOdb/releases) - [Changelog](https://github.com/ADOdb/ADOdb/blob/v5.20.19/docs/changelog.md) - [Commits](https://github.com/ADOdb/ADOdb/compare/v5.20.18...v5.20.19) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Fixes 0026837, PR https://github.com/mantisbt/mantisbt/pull/1717 |
Affected Issues 0026837 |
|
| mod - composer.lock | Diff File | ||
|
dependabot/composer/adodb/adodb-php-5.20.19 bd48d289 2020-12-15 19:39 dependabot-preview[bot] Committer: community Details Diff |
Bump adodb/adodb-php from 5.20.18 to 5.20.19 Bumps [adodb/adodb-php](https://github.com/ADOdb/ADOdb) from 5.20.18 to 5.20.19. - [Release notes](https://github.com/ADOdb/ADOdb/releases) - [Changelog](https://github.com/ADOdb/ADOdb/blob/v5.20.19/docs/changelog.md) - [Commits](https://github.com/ADOdb/ADOdb/compare/v5.20.18...v5.20.19) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> |
||
| mod - composer.lock | Diff File | ||
|
master e6365041 2020-12-14 07:38 Details Diff |
Documentation for bug revisions Added new $g_bug_revision_view_threshold config to Admin Guide's Bug History section, as well as $g_bug_revision_drop_threshold which was previously not documented. Issue 0020690 |
Affected Issues 0020690 |
|
| mod - config_defaults_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/config/bughistory.xml | Diff File | ||
|
master a16bb249 2020-12-14 04:09 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_ukrainian.txt | Diff File | ||
| mod - lang/strings_zazaki.txt | Diff File | ||
|
master 5376d2a2 2020-12-13 07:08 Details Diff |
Prevent setting category not belonging to project When retrieving a category for a given project, make sure that it is available in the project's hierarchy, taking inheritance into account. This is a follow-up on commit b77859901050b558bfcd28050cff1599d60e45fa which only covered bug_report.php, when in fact the same problem was also present in bug_update.php. Fixes 0027361 |
Affected Issues 0027361 |
|
| mod - bug_update.php | Diff File | ||
|
master 889c8d24 2020-12-13 07:06 Details Diff |
New API to check category existence within project Added 2 new functions in Category API: category_exists_in_project() and category_ensure_exists_in_project. Improve PHPDoc for category_exists() and category_ensure_exists() to clearly indicate that they check for a category's existence globally, unlike the new functions. Issue 0027361 |
Affected Issues 0027361, 0027826 |
|
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/category_api.php | Diff File | ||
|
master 7a3a0de1 2020-12-10 02:50 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_french.txt | Diff File | ||
|
master 3a06f948 2020-12-07 04:47 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_greek.txt | Diff File | ||
| mod - lang/strings_turkish.txt | Diff File | ||
| mod - plugins/Gravatar/lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisCoreFormatting/lang/strings_greek.txt | Diff File | ||
| mod - plugins/MantisGraph/lang/strings_greek.txt | Diff File | ||
| mod - plugins/XmlImportExport/lang/strings_greek.txt | Diff File | ||
|
master 35568185 2020-12-06 14:03 Details Diff |
Fix Javascript error in View Issue page When there are no saved filters, 'source_query_id' is not defined, so check for that and return to avoid the error. Fixes 0027704 |
Affected Issues 0027704 |
|
| mod - js/bugFilter.js | Diff File | ||
|
master b2da7352 2020-12-06 13:43 Details Diff |
Prevent full private issue disclosure Missing access check in bug_actiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone of any private issue (including all bugnotes and attachments), thus gaining full access to potentially confidential information. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027728, 0027357, CVE-2020-29604 |
Affected Issues 0027357, 0027728 |
|
| mod - bug_actiongroup.php | Diff File | ||
|
master 12a9dcbb 2020-12-06 13:08 Details Diff |
Prevent disclosure of private issue summary Insufficient access level checks allowed an attacker to display private issues' summary via Group Actions (bug_actiongroup_page.php). Going through the provided list of issue IDs (bug_arr[]) and removing any issues the user does not have access to, fixes the vulnerability. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027727, 0027357, CVE-2020-29605 |
Affected Issues 0027357, 0027727 |
|
| mod - bug_actiongroup_page.php | Diff File | ||
|
master cff10f26 2020-12-06 07:39 Details Diff |
Avoid private project name disclosure When an unprivileged user tries to access a private project via manage_proj_edit_page.php, they receive an Access Denied as expected, but the project's name is leaked via the navbar's project selector. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting and providing an initial patch for this bug. Fixes 0027726, 0027357, CVE-2020-29603 |
Affected Issues 0027357, 0027726 |
|
| mod - core/layout_api.php | Diff File | ||
|
master 2d1c5389 2020-12-06 05:53 Details Diff |
Remove deprecated width attribute Instead of displaying the Drop button in an extra column at the right, we use print_link_button() and give it the 'pull-right' class. This allows us to get rid of the colspan too. |
||
| mod - bug_revision_view_page.php | Diff File | ||
|
master 68000e4b 2020-12-06 05:51 Details Diff |
Remove useless return value from show_revision() | ||
| mod - bug_revision_view_page.php | Diff File | ||
|
master 24d4c74f 2020-12-06 05:42 Details Diff |
HTML indentation | ||
| mod - bug_revision_view_page.php | Diff File | ||
|
master e9fd168c 2020-12-06 05:32 Details Diff |
Deny access to revisions if not authorized If user is not allowed to view a revisions' parent bug or bugnote, bug_revision_view_page.php now shows an Access Denied error, instead of showing the bug Id and Summary (information disclosure). Fixes 0027370 |
Affected Issues 0027370 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master 57e9b01a 2020-12-06 02:59 Details Diff |
Hide 'View Revisions' if user has no access Do not display the 'View Revisions' link to the user if they are not allowed to see it, both when displaying bugnotes and in bug history. Added $p_bug_id parameter to history_localize_item() function, it is needed to call access_can_view_revisions(). Adapted mci_issue_get_history() and email_format_bug_message() to use the new function signature. Fixes 0020690 |
Affected Issues 0020690 |
|
| mod - api/soap/mc_issue_api.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/email_api.php | Diff File | ||
| mod - core/history_api.php | Diff File | ||
|
master c9a8aca2 2020-12-06 02:27 Details Diff |
New config $g_bug_revision_view_threshold Access level required to view bug history revisions. Note that users can always see the revisions for issues and bugnotes they reported, regardless of the new config's value. Two new Access API functions, access_can_view_bug_revisions() and access_can_view_bugnote_revisions(), can be used to check whether user has required access level. Fixes 0020690 |
Affected Issues 0020690 |
|
| mod - config_defaults_inc.php | Diff File | ||
| mod - core/access_api.php | Diff File | ||
|
master 4e2d67cf 2020-12-06 01:20 Details Diff |
Remove deprecated parameter from error handlers errcontext parameter for error handlers has been deprecated as of PHP 7.2.0 [1] [1] https://www.php.net/manual/en/function.set-error-handler.php Fixes 0027703 |
Affected Issues 0027703 |
|
| mod - admin/check/check_api.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/json_api.php | Diff File | ||
|
master 33dc1c7d 2020-12-06 00:00 Details Diff |
Fix PHP Notice in admin/test_langs.php Did not fix the issue (deal with the errcontext array), but removed the errcontext parameter as it has been deprecated as of PHP 7.2.0 [1] [1] https://www.php.net/manual/en/function.set-error-handler.php Fixes 0027701 |
Affected Issues 0027701 |
|
| mod - admin/test_langs.php | Diff File | ||
|
master 1dbef621 2020-12-05 16:39 Details Diff |
Remove array_reverse to display bug revisions The same change was previously applied to bugnotes and revisions (see Issue 0014273, commit ce6d92de07fc370c5e69dce4794f8a60d180e6a2), but not to bugs. This causes the revisions to be listed in a different order when viewing a bugs by bug_id vs by rev_id, even though it is the same data. For consistency, the change needs to be applied everywhere. |
Affected Issues 0014273 |
|
| mod - bug_revision_view_page.php | Diff File | ||
|
master 8c6e46b3 2020-12-05 16:34 Details Diff |
Fix indentation | ||
| mod - core/history_api.php | Diff File | ||
