Search Changesets

MantisBT: master 99deb817

2010-12-15 02:36:15

dhx

Details Diff
Move admin access check to top of test_langs script

The administrator access check was being performed a little too late in
the test_langs.php script. This could reveal potentially sensitive
information via error messages that are encountered before the admin
check.
Attach Issues:
mod - admin/test_langs.php Diff File

MantisBT: master-1.2.x 51d41644

2010-12-15 02:36:15

dhx

Details Diff
Move admin access check to top of test_langs script

The administrator access check was being performed a little too late in
the test_langs.php script. This could reveal potentially sensitive
information via error messages that are encountered before the admin
check.
Attach Issues:
mod - admin/test_langs.php Diff File

MantisBT: master-1.2.x d066f095

2010-12-15 00:36:56

dhx

Details Diff
Prepare for MantisBT 1.2.4 release
Attach Issues:
mod - core/constant_inc.php Diff File
mod - doc/RELEASE Diff File

MantisBT: master 970630aa

2010-12-15 00:16:40

dhx

Details Diff
Fix 0012607: Improve admin directory check on login_page

The warning on login_page.php for the /admin/ directory would sometimes
not appear even if files within the /admin/ directory were accessible.

This check has been improved to be more pedantic and better suited to
cross-platform environments.
Affected Issues
0012607
mod - login_page.php Diff File

MantisBT: master-1.2.x 77de6770

2010-12-15 00:16:40

dhx

Details Diff
Fix 0012607: Improve admin directory check on login_page

The warning on login_page.php for the /admin/ directory would sometimes
not appear even if files within the /admin/ directory were accessible.

This check has been improved to be more pedantic and better suited to
cross-platform environments.
Affected Issues
0012607
mod - login_page.php Diff File

MantisBT: master 065c99c3

2010-12-14 23:56:46

dhx

Details Diff
Fix 0012607: Update installation instructions regarding admin directory

The /admin/ directory should be removed after installation or upgrading
of MantisBT. The installation instructions did not state this
requirement and therefore it was quite easy for users to leave this
potentially dangerous directory in place on live installations of
MantisBT connected to the Internet.
Affected Issues
0012607
mod - doc/INSTALL Diff File

MantisBT: master-1.2.x 54aace93

2010-12-14 23:56:46

dhx

Details Diff
Fix 0012607: Update installation instructions regarding admin directory

The /admin/ directory should be removed after installation or upgrading
of MantisBT. The installation instructions did not state this
requirement and therefore it was quite easy for users to leave this
potentially dangerous directory in place on live installations of
MantisBT connected to the Internet.
Affected Issues
0012607
mod - doc/INSTALL Diff File

MantisBT: master 974e6da4

2010-12-14 23:40:32

dhx

Details Diff
Fix 0012607: LFI/PD/XSS in upgrade_unattended.php

Gjoko Krstic of Zero Science Lab has kindly reported in detail a number
of vulnerabilities in the admin/upgrade_unattended.php script.

Earlier patches by Victor Boctor (MantisBT developer) resolved the
issue. This patch enhances those changes to strengthen the security of
this script even further.

Please note that the "admin" directory SHOULD BE DELETED AFTER
INSTALLATION on all live instances of MantisBT.
Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master-1.2.x d67c4deb

2010-12-14 23:40:32

dhx

Details Diff
Fix 0012607: LFI/PD/XSS in upgrade_unattended.php

Gjoko Krstic of Zero Science Lab has kindly reported in detail a number
of vulnerabilities in the admin/upgrade_unattended.php script.

Earlier patches by Victor Boctor (MantisBT developer) resolved the
issue. This patch enhances those changes to strengthen the security of
this script even further.

Please note that the "admin" directory SHOULD BE DELETED AFTER
INSTALLATION on all live instances of MantisBT.
Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master-1.1.x 2641fdc6

2010-12-14 23:40:32

dhx

Details Diff
Fix 0012607: LFI/PD/XSS in upgrade_unattended.php

This is a backport of the fix applied to the 1.2.x and 1.3.x branches.

Gjoko Krstic of Zero Science Lab has kindly reported in detail a number
of vulnerabilities in the admin/upgrade_unattended.php script.

Earlier patches by Victor Boctor (MantisBT developer) resolved the
issue. This patch enhances those changes to strengthen the security of
this script even further.

Please note that the "admin" directory SHOULD BE DELETED AFTER
INSTALLATION on all live instances of MantisBT.
Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master-1.2.x 1efe5be6

2010-12-14 08:24:58

vboctor

Details Diff
Fix 0012607: LFI/FD and XSS in the upgrade_unattended.php - part 2 Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master 184a0f4a

2010-12-14 08:24:58

vboctor

Details Diff
Fix 0012607: LFI/FD and XSS in the upgrade_unattended.php - part 2 Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master-1.2.x c6295994

2010-12-14 08:00:48

vboctor

Details Diff
Fix 0012607: LFI/FD and XSS in the upgrade_unattended.php Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master 2af6e8dd

2010-12-14 08:00:48

vboctor

Details Diff
Fix 0012607: LFI/FD and XSS in the upgrade_unattended.php Affected Issues
0012607
mod - admin/upgrade_unattended.php Diff File

MantisBT: master 2a7fe6dd

2010-12-10 20:56:19

vboctor

Details Diff
Fixes 0012601: Upgrading scripts sometimes fails with a server error in case of large databases Affected Issues
0012601
mod - core/install_helper_functions_api.php Diff File

MantisBT: master-1.2.x 93b32ea2

2010-12-10 20:48:10

vboctor

Details Diff
Fix 0012601: Upgrading scripts sometimes fails with a server error in case of large databases. Affected Issues
0012601
mod - admin/install_functions.php Diff File

MantisBT: master-1.2.x 7ab54d22

2010-11-30 17:45:17

siebrand

Details Diff
Localisation updates from translatewiki.net.
Attach Issues:
mod - lang/strings_portuguese_standard.txt Diff File
mod - lang/strings_hebrew.txt Diff File
mod - lang/strings_russian.txt Diff File
mod - lang/strings_slovene.txt Diff File
mod - lang/strings_macedonian.txt Diff File
mod - lang/strings_turkish.txt Diff File
mod - lang/strings_chinese_simplified.txt Diff File
mod - lang/strings_french.txt Diff File
mod - lang/strings_dutch.txt Diff File
mod - lang/strings_belarusian_tarask.txt Diff File
mod - lang/strings_korean.txt Diff File

MantisBT: master dd455351

2010-11-30 15:33:14

daryn

Details Diff
Fix Bug 0012489: resolution is not updated on re-open
The reopen resolution must be set for everyone with permission to
reopen an issue. Not just the reporter.
Affected Issues
0012489
mod - bug_update.php Diff File

MantisBT: master 48a898c2

2010-11-30 12:03:37

Damien Regad

Details Diff
Fix 0012568: Enforce bug monitoring visibility in history

Only users with access level above show_monitor_list_threshold should be
allowed to see monitoring-related events in the bug history.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
Affected Issues
0012568
mod - core/history_api.php Diff File

MantisBT: master-1.2.x 4db660f5

2010-11-30 12:03:37

Damien Regad

Details Diff
Fix 0012568: Enforce bug monitoring visibility in history

Only users with access level above show_monitor_list_threshold should be
allowed to see monitoring-related events in the bug history.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
Affected Issues
0012568
mod - core/history_api.php Diff File

MantisBT: master 6baa6016

2010-11-29 21:52:56

giallu

Details Diff
Minimal build instructions for Publican based documentation
Attach Issues:
add - docbook/README Diff File

MantisBT: master 8a6228ca

2010-11-29 21:51:31

giallu

Details Diff
Fix bug 0012566: Time Tracking: copy wiki note in administration_guide

Provided patch was adapted to new xml manual based on Publican
Affected Issues
0012566
mod - docbook/Admin_Guide/en-US/Project_Management.xml Diff File
mod - docbook/Admin_Guide/en-US/Configuration.xml Diff File

MantisBT: master-1.2.x ec291be6

2010-11-26 16:36:57

Cyrille Giquello

Details Diff
Fix bug 0012566: Time Tracking: copy wiki note in administration_guide

Add documentation about Time Tracking in sections 'admin.config.timetracking' and 'admin.project.timetracking'. It's a simple copy/paste from the Wiki.
Affected Issues
0012566
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - docbook/adminguide/en/project_management.sgml Diff File

MantisBT: master 0e2335cf

2010-11-25 22:07:03

sveyret

Details Diff
Normalize the attachment path when using the SOAP API

Fixes: 0012540: mc_issue_attachment_get does not use the path for the
file

Signed-off-by: Robert Munteanu <robert.munteanu@gmail.com>
Attach Issues:
mod - api/soap/mc_file_api.php Diff File

MantisBT: master-1.2.x 6f7d05e5

2010-11-25 22:07:03

sveyret

Details Diff
Normalize the attachment path when using the SOAP API

Fixes: 0012540: mc_issue_attachment_get does not use the path for the
file

Signed-off-by: Robert Munteanu <robert.munteanu@gmail.com>
Attach Issues:
mod - api/soap/mc_file_api.php Diff File
 First  Prev  1 2 3 ... 70 ... 140 ... 210 ... 280 ... 347 348 349 350 351 352 353 ... 420 ... 490 ... 560 ... 630 ... 659 660 661  Next  Last