Search Changesets

MantisBT: master 7e4b9486

2019-08-25 12:42:27

vboctor

Details Diff
Change version to 2.23.0-dev
Attach Issues:
mod - core/constant_inc.php Diff File

MantisBT: master 8cf6eb5e

2019-08-25 12:28:47

vboctor

Details Diff
Update release to 2.22.0
Attach Issues:
mod - core/constant_inc.php Diff File
mod - doc/CREDITS Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master 5f28f001

2019-08-25 07:28:30

dregad

Details Diff
Merge branch 'master-2.21'

# Conflicts:
# core/constant_inc.php
Attach Issues:
mod - core/constant_inc.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File
mod - proj_doc_edit_page.php Diff File

MantisBT: master-2.21 bd094ded

2019-08-25 05:52:41

atrol

Details Diff
Fix XSS on project documentation

Vulnerability in deprecated project documentation functionality
($g_enable_project_documentation), allowing execution of arbitrary
code (if CSP settings permit it) after uploading an attachment with a
crafted filename.

Prevent the attack by sanitizing the filename before display.

Fixes #26078
Affected Issues
0026078
mod - proj_doc_edit_page.php Diff File

MantisBT: master-1.3.x 796a327f

2019-08-25 05:52:41

atrol

Details Diff
Fix XSS on project documentation

Vulnerability in deprecated project documentation functionality
($g_enable_project_documentation), allowing execution of arbitrary
code (if CSP settings permit it) after uploading an attachment with a
crafted filename.

Prevent the attack by sanitizing the filename before display.

Fixes #26079 (clone of issue #26078)

(cherry picked from commit bd094dede74ff6e313e286e949e2387233a96eea)
Affected Issues
0026078, 0026079
mod - proj_doc_edit_page.php Diff File

MantisBT: master cb2343b4

2019-08-24 22:13:58

dregad

Details Diff
Add missing PHPUnit tests to Travis CI

This also fixes and improves RestIssueAddTest, which were not correct
but nobody noticed since they were never executed.

Merge PR https://github.com/mantisbt/mantisbt/pull/1540
Attach Issues:
mod - core/api_token_api.php Diff File
mod - core/tag_api.php Diff File
mod - scripts/travis_before_script.sh Diff File
mod - tests/AllTests.php Diff File
mod - tests/rest/RestBase.php Diff File
mod - tests/rest/RestIssueAddTest.php Diff File
mod - tests/soap/AllTests.php Diff File
mod - tests/soap/IssueHistoryTest.php Diff File
mod - tests/soap/VersionTest.php Diff File
add - tests/travis_create_api_token.php Diff File

MantisBT: master 6b774eac

2019-08-24 21:58:51

dregad

Details Diff
IssueAddCommand fixes

This addresses several issues with the Command and the REST API:

- 0025996 - Missing tag name in error message when creating issue via
REST API
- 0025997 - Invalid JSON response when creating issue with tag by name
via REST API
- 0026076 - Adding issue via REST API should fail if requested tags can't
be attached
- 0026077 - create tag specified by name if they do not exist

Additionally, this also fixes 0024441.

Merge PR https://github.com/mantisbt/mantisbt/pull/1542
Affected Issues
0024441
mod - api/soap/mc_tag_api.php Diff File
mod - bug_report.php Diff File
mod - core/commands/IssueAddCommand.php Diff File

MantisBT: master 1e5e25a8

2019-08-24 21:35:32

dregad

Details Diff
TODO: replace mci_tag_set_for_issue() with TagAttachCommand

As suggested in issue 0024441
Affected Issues
0024441
mod - core/commands/IssueAddCommand.php Diff File

MantisBT: master 38a067f2

2019-08-24 21:32:18

dregad

Details Diff
Print 'separate by' on tag attach form

Issue 0024441
Affected Issues
0024441
mod - core/print_api.php Diff File

MantisBT: master 399f65c3

2019-08-24 20:32:47

dregad

Details Diff
New test to create issue with Existing tag

The tag should be attached to the issue.
Attach Issues:
mod - tests/rest/RestIssueAddTest.php Diff File

MantisBT: master 819a912c

2019-08-24 20:30:50

dregad

Details Diff
New test to create issue with non-existing tag

The tag should be created together with the issue.
Attach Issues:
mod - tests/rest/RestIssueAddTest.php Diff File

MantisBT: master fa726228

2019-08-24 19:28:38

dregad

Details Diff
Improve tag error messages by adding tag name

Fixes 0026075
Affected Issues
0026075
mod - core/commands/IssueAddCommand.php Diff File
mod - core/tag_api.php Diff File
mod - lang/strings_english.txt Diff File

MantisBT: master c6727a81

2019-08-24 17:59:00

dregad

Details Diff
Throw error when attempting to create invalid tag

Fixes 0026074
Affected Issues
0026074
mod - tag_create.php Diff File

MantisBT: master 380fc710

2019-08-23 06:08:56

dregad

Details Diff
Break long lines
Attach Issues:
mod - api/soap/mc_api.php Diff File
mod - core/bug_api.php Diff File

MantisBT: master 7ab90f60

2019-08-23 06:07:55

dregad

Details Diff
PHP 7.4: remove deprecated usage of implode()

Passing parameters to implode() in reverse order is deprecated

Fixes 0026063
Affected Issues
0026063
mod - api/soap/mc_api.php Diff File
mod - api/soap/mc_file_api.php Diff File
mod - core/error_api.php Diff File
mod - core/file_api.php Diff File
mod - core/filter_api.php Diff File
mod - core/install_helper_functions_api.php Diff File
mod - core/layout_api.php Diff File
mod - core/news_api.php Diff File
mod - core/print_api.php Diff File
mod - manage_plugin_page.php Diff File

MantisBT: master 9f9852ca

2019-08-23 05:34:07

dregad

Details Diff
Replace join() by implode()
Attach Issues:
mod - core/category_api.php Diff File
mod - core/graphviz_api.php Diff File
mod - core/helper_api.php Diff File
mod - core/layout_api.php Diff File
mod - core/news_api.php Diff File
mod - core/print_api.php Diff File
mod - core/string_api.php Diff File

MantisBT: master ea33699b

2019-08-23 04:40:32

dregad

Details Diff
EVENT_BUGNOTE_DATA: document bug_id param and return value

Follow-up on 7ad44858570d598e9c64ca03817e3fa89d46d019.

Fixes 0025914
Affected Issues
0025914
mod - docbook/Developers_Guide/en-US/Events_Reference_Bug.xml Diff File

MantisBT: master f1c84e19

2019-08-22 15:42:53

atrol

Details Diff
Use plugin_lang_get() to get description of Gravatar plugin

Fixes 0026066
Affected Issues
0026066
mod - plugins/Gravatar/Gravatar.php Diff File

MantisBT: dependabot/composer/slim/slim-3.12.2 34c4b3a4

2019-08-21 01:45:13

dependabot-preview[bot]

Details Diff
Bump slim/slim from 3.12.1 to 3.12.2

Bumps [slim/slim](https://github.com/slimphp/Slim) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/slimphp/Slim/releases)
- [Changelog](https://github.com/slimphp/Slim/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/slimphp/Slim/compare/3.12.1...3.12.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Attach Issues:
mod - composer.lock Diff File

MantisBT: master 1ad7975a

2019-08-21 01:45:13

dependabot-preview[bot]

Details Diff
Bump slim/slim from 3.12.1 to 3.12.2

Bumps [slim/slim](https://github.com/slimphp/Slim) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/slimphp/Slim/releases)
- [Changelog](https://github.com/slimphp/Slim/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/slimphp/Slim/compare/3.12.1...3.12.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Attach Issues:
mod - composer.lock Diff File

MantisBT: master 41222b36

2019-08-20 12:06:50

dregad

Details Diff
PHPDoc: more accurate return type
Attach Issues:
mod - core/tag_api.php Diff File

MantisBT: master ef00dc18

2019-08-20 06:31:50

dregad

Details Diff
Remove special handling of '-1'

As discussed with @vboctor on Gitter [1], the Command should create the
tag if specified by name and it does not exist (and user is allowed to
do so).

IssueAddCommand now processes each provided tag as follows:

- if *ID* (or ID + name) is provided, check for existing tag and attach
it to the issue, return 404 (ERROR_TAG_NOT_FOUND) if not found.
- if *name* is provided, check its validity (tag_name_is_valid()) and
return 400 bad request (ERROR_TAG_NAME_INVALID) if not.
- if neither *ID* nor *name* are given, return 400 bad request
(ERROR_TAG_NAME_INVALID).
- if the provided name does not exist, create the tag; return 404
(ERROR_TAG_NOT_FOUND) if user is not allowed to.

If all tags pass the above checks, create the issue and attach the tags
to it.

Fixes 0026077

This commits includes an adjustment to bug_report.php: the payload for
the issue's tags no longer includes the id, as negative values would
now cause the Command to throw an exception.

[1]: https://gitter.im/mantisbt?at=5d5bad020eff7d2dfee2ce73
Affected Issues
0026077
mod - bug_report.php Diff File
mod - core/commands/IssueAddCommand.php Diff File

MantisBT: master-2.21 b39d8720

2019-08-19 21:53:53

vboctor

Details Diff
Update release to 2.21.2
Attach Issues:
mod - core/constant_inc.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master b3a10d8b

2019-08-19 12:00:54

dregad

Details Diff
New method IssueAddCommand::get_tag_id()

The new method throws ClientException if the given Tag element is
invalid, thus preventing issue creation via REST API in this case.

Previously the issue would be created even though the API call was
failing with a 404 error caused by the invalid tag.

Fixes 0026076
Affected Issues
0026076
mod - core/commands/IssueAddCommand.php Diff File

MantisBT: master 8364f6e0

2019-08-19 11:18:22

dregad

Details Diff
RestBase::post() fix PHPDoc type for $p_payload

In addition to string (json), it can also be array or object.
Attach Issues:
mod - tests/rest/RestBase.php Diff File
1 2 3 4 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 653 654 655  Next  Last