Search Changesets
|
MantisBT: master 7e4b9486 2019-08-25 12:42:27 Details Diff |
Change version to 2.23.0-dev | ||
| mod - core/constant_inc.php | Diff File | ||
|
MantisBT: master 8cf6eb5e 2019-08-25 12:28:47 Details Diff |
Update release to 2.22.0 | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - doc/CREDITS | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
|
MantisBT: master 5f28f001 2019-08-25 07:28:30 Details Diff |
Merge branch 'master-2.21' # Conflicts: # core/constant_inc.php |
||
| mod - core/constant_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - proj_doc_edit_page.php | Diff File | ||
|
MantisBT: master-2.21 bd094ded 2019-08-25 05:52:41 Details Diff |
Fix XSS on project documentation Vulnerability in deprecated project documentation functionality ($g_enable_project_documentation), allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. Prevent the attack by sanitizing the filename before display. Fixes #26078 |
Affected Issues 0026078 |
|
| mod - proj_doc_edit_page.php | Diff File | ||
|
MantisBT: master-1.3.x 796a327f 2019-08-25 05:52:41 Details Diff |
Fix XSS on project documentation Vulnerability in deprecated project documentation functionality ($g_enable_project_documentation), allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. Prevent the attack by sanitizing the filename before display. Fixes #26079 (clone of issue #26078) (cherry picked from commit bd094dede74ff6e313e286e949e2387233a96eea) |
Affected Issues 0026078, 0026079 |
|
| mod - proj_doc_edit_page.php | Diff File | ||
|
MantisBT: master cb2343b4 2019-08-24 22:13:58 Details Diff |
Add missing PHPUnit tests to Travis CI This also fixes and improves RestIssueAddTest, which were not correct but nobody noticed since they were never executed. Merge PR https://github.com/mantisbt/mantisbt/pull/1540 |
||
| mod - core/api_token_api.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - scripts/travis_before_script.sh | Diff File | ||
| mod - tests/AllTests.php | Diff File | ||
| mod - tests/rest/RestBase.php | Diff File | ||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
| mod - tests/soap/AllTests.php | Diff File | ||
| mod - tests/soap/IssueHistoryTest.php | Diff File | ||
| mod - tests/soap/VersionTest.php | Diff File | ||
| add - tests/travis_create_api_token.php | Diff File | ||
|
MantisBT: master 6b774eac 2019-08-24 21:58:51 Details Diff |
IssueAddCommand fixes This addresses several issues with the Command and the REST API: - 0025996 - Missing tag name in error message when creating issue via REST API - 0025997 - Invalid JSON response when creating issue with tag by name via REST API - 0026076 - Adding issue via REST API should fail if requested tags can't be attached - 0026077 - create tag specified by name if they do not exist Additionally, this also fixes 0024441. Merge PR https://github.com/mantisbt/mantisbt/pull/1542 |
Affected Issues 0024441 |
|
| mod - api/soap/mc_tag_api.php | Diff File | ||
| mod - bug_report.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
MantisBT: master 1e5e25a8 2019-08-24 21:35:32 Details Diff |
TODO: replace mci_tag_set_for_issue() with TagAttachCommand As suggested in issue 0024441 |
Affected Issues 0024441 |
|
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
MantisBT: master 38a067f2 2019-08-24 21:32:18 Details Diff |
Print 'separate by' on tag attach form Issue 0024441 |
Affected Issues 0024441 |
|
| mod - core/print_api.php | Diff File | ||
|
MantisBT: master 399f65c3 2019-08-24 20:32:47 Details Diff |
New test to create issue with Existing tag The tag should be attached to the issue. |
||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
|
MantisBT: master 819a912c 2019-08-24 20:30:50 Details Diff |
New test to create issue with non-existing tag The tag should be created together with the issue. |
||
| mod - tests/rest/RestIssueAddTest.php | Diff File | ||
|
MantisBT: master fa726228 2019-08-24 19:28:38 Details Diff |
Improve tag error messages by adding tag name Fixes 0026075 |
Affected Issues 0026075 |
|
| mod - core/commands/IssueAddCommand.php | Diff File | ||
| mod - core/tag_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master c6727a81 2019-08-24 17:59:00 Details Diff |
Throw error when attempting to create invalid tag Fixes 0026074 |
Affected Issues 0026074 |
|
| mod - tag_create.php | Diff File | ||
|
MantisBT: master 380fc710 2019-08-23 06:08:56 Details Diff |
Break long lines | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/bug_api.php | Diff File | ||
|
MantisBT: master 7ab90f60 2019-08-23 06:07:55 Details Diff |
PHP 7.4: remove deprecated usage of implode() Passing parameters to implode() in reverse order is deprecated Fixes 0026063 |
Affected Issues 0026063 |
|
| mod - api/soap/mc_api.php | Diff File | ||
| mod - api/soap/mc_file_api.php | Diff File | ||
| mod - core/error_api.php | Diff File | ||
| mod - core/file_api.php | Diff File | ||
| mod - core/filter_api.php | Diff File | ||
| mod - core/install_helper_functions_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/news_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - manage_plugin_page.php | Diff File | ||
|
MantisBT: master 9f9852ca 2019-08-23 05:34:07 Details Diff |
Replace join() by implode() | ||
| mod - core/category_api.php | Diff File | ||
| mod - core/graphviz_api.php | Diff File | ||
| mod - core/helper_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/news_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - core/string_api.php | Diff File | ||
|
MantisBT: master ea33699b 2019-08-23 04:40:32 Details Diff |
EVENT_BUGNOTE_DATA: document bug_id param and return value Follow-up on 7ad44858570d598e9c64ca03817e3fa89d46d019. Fixes 0025914 |
Affected Issues 0025914 |
|
| mod - docbook/Developers_Guide/en-US/Events_Reference_Bug.xml | Diff File | ||
|
MantisBT: master f1c84e19 2019-08-22 15:42:53 Details Diff |
Use plugin_lang_get() to get description of Gravatar plugin Fixes 0026066 |
Affected Issues 0026066 |
|
| mod - plugins/Gravatar/Gravatar.php | Diff File | ||
|
MantisBT: dependabot/composer/slim/slim-3.12.2 34c4b3a4 2019-08-21 01:45:13 dependabot-preview[bot] Details Diff |
Bump slim/slim from 3.12.1 to 3.12.2 Bumps [slim/slim](https://github.com/slimphp/Slim) from 3.12.1 to 3.12.2. - [Release notes](https://github.com/slimphp/Slim/releases) - [Changelog](https://github.com/slimphp/Slim/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/slimphp/Slim/compare/3.12.1...3.12.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> |
||
| mod - composer.lock | Diff File | ||
|
MantisBT: master 1ad7975a 2019-08-21 01:45:13 dependabot-preview[bot] Details Diff |
Bump slim/slim from 3.12.1 to 3.12.2 Bumps [slim/slim](https://github.com/slimphp/Slim) from 3.12.1 to 3.12.2. - [Release notes](https://github.com/slimphp/Slim/releases) - [Changelog](https://github.com/slimphp/Slim/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/slimphp/Slim/compare/3.12.1...3.12.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> |
||
| mod - composer.lock | Diff File | ||
|
MantisBT: master 41222b36 2019-08-20 12:06:50 Details Diff |
PHPDoc: more accurate return type | ||
| mod - core/tag_api.php | Diff File | ||
|
MantisBT: master ef00dc18 2019-08-20 06:31:50 Details Diff |
Remove special handling of '-1' As discussed with @vboctor on Gitter [1], the Command should create the tag if specified by name and it does not exist (and user is allowed to do so). IssueAddCommand now processes each provided tag as follows: - if *ID* (or ID + name) is provided, check for existing tag and attach it to the issue, return 404 (ERROR_TAG_NOT_FOUND) if not found. - if *name* is provided, check its validity (tag_name_is_valid()) and return 400 bad request (ERROR_TAG_NAME_INVALID) if not. - if neither *ID* nor *name* are given, return 400 bad request (ERROR_TAG_NAME_INVALID). - if the provided name does not exist, create the tag; return 404 (ERROR_TAG_NOT_FOUND) if user is not allowed to. If all tags pass the above checks, create the issue and attach the tags to it. Fixes 0026077 This commits includes an adjustment to bug_report.php: the payload for the issue's tags no longer includes the id, as negative values would now cause the Command to throw an exception. [1]: https://gitter.im/mantisbt?at=5d5bad020eff7d2dfee2ce73 |
Affected Issues 0026077 |
|
| mod - bug_report.php | Diff File | ||
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
MantisBT: master-2.21 b39d8720 2019-08-19 21:53:53 Details Diff |
Update release to 2.21.2 | ||
| mod - core/constant_inc.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Revision_History.xml | Diff File | ||
| mod - docbook/Developers_Guide/en-US/Revision_History.xml | Diff File | ||
|
MantisBT: master b3a10d8b 2019-08-19 12:00:54 Details Diff |
New method IssueAddCommand::get_tag_id() The new method throws ClientException if the given Tag element is invalid, thus preventing issue creation via REST API in this case. Previously the issue would be created even though the API call was failing with a 404 error caused by the invalid tag. Fixes 0026076 |
Affected Issues 0026076 |
|
| mod - core/commands/IssueAddCommand.php | Diff File | ||
|
MantisBT: master 8364f6e0 2019-08-19 11:18:22 Details Diff |
RestBase::post() fix PHPDoc type for $p_payload In addition to string (json), it can also be array or object. |
||
| mod - tests/rest/RestBase.php | Diff File | ||
