Search Changesets
MantisBT: master-1.2.x 941a82cc 2009-06-30 22:57 Details Diff |
Fix 0010623: typo in $g_reminder_recipents_monitor_bug |
Affected Issues 0010623 |
|
mod - bug_reminder_page.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
mod - bug_reminder.php | Diff File | ||
MantisBT: master 881305a7 2009-06-30 22:45 Details Diff |
Remove offtopic uses of handle_bug_threshold handle_bug_threshold was being used beyond it's scope, in an inconsistent way, to prevent users updating certain bug fields. This change exposes the priority field to the advanced bug report page. Anyone that can report a bug can update this field. In fact, users could always update the priority field by generating their own request to bug_report.php. The only thing that has changed is that the UI has been updated to match what happens behind the scenes. If we want to limit who can read/write to the priority field (and other fields) we really need to create some new thresholds that are checked in bug_api.php within __set, and elsewhere throughout the code as appropriate. |
||
mod - bug_change_status_page.php | Diff File | ||
mod - bug_report_advanced_page.php | Diff File | ||
MantisBT: master-1.2.x 75b4f76a 2009-06-30 22:45 Details Diff |
Remove offtopic uses of handle_bug_threshold handle_bug_threshold was being used beyond it's scope, in an inconsistent way, to prevent users updating certain bug fields. This change exposes the priority field to the advanced bug report page. Anyone that can report a bug can update this field. In fact, users could always update the priority field by generating their own request to bug_report.php. The only thing that has changed is that the UI has been updated to match what happens behind the scenes. If we want to limit who can read/write to the priority field (and other fields) we really need to create some new thresholds that are checked in bug_api.php within __set, and elsewhere throughout the code as appropriate. |
||
mod - bug_change_status_page.php | Diff File | ||
mod - bug_report_advanced_page.php | Diff File | ||
MantisBT: master 0cfb73e9 2009-06-30 22:26 Details Diff |
Don't require access check for fixed_in_version handle_bug_threshold is documented as the threshold at which someone can be assigned to a bug. Therefore we shouldn't be checking this threshold when changing the fixed_in_version field - update_bug_threshold is enough (we use it for every other field). Fixes 0010647 |
Affected Issues 0010647 |
|
mod - core/bug_api.php | Diff File | ||
MantisBT: master-1.2.x 87a5dc26 2009-06-30 22:26 Details Diff |
Don't require access check for fixed_in_version handle_bug_threshold is documented as the threshold at which someone can be assigned to a bug. Therefore we shouldn't be checking this threshold when changing the fixed_in_version field - update_bug_threshold is enough (we use it for every other field). Fixes 0010647 |
Affected Issues 0010647 |
|
mod - core/bug_api.php | Diff File | ||
MantisBT: master c2ef5a6c 2009-06-30 22:17 Details Diff |
Fix 0010647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. |
Affected Issues 0010647 |
|
mod - bug_update.php | Diff File | ||
mod - api/soap/mc_issue_api.php | Diff File | ||
MantisBT: master-1.2.x ad56aaa8 2009-06-30 22:17 Details Diff |
Fix 0010647: check permissions before updating target_version Related to bd5076906d7c8596dc3ba9ce5352c9be9c85f4b3 The new BugData class has access checks built into __set so we can't update a field without permission to do so. We need to ensure that target_version is only updated when the current user has permission to do so. |
Affected Issues 0010647 |
|
mod - bug_update.php | Diff File | ||
mod - api/soap/mc_issue_api.php | Diff File | ||
MantisBT: master ee1ac756 2009-06-30 21:50 Details Diff |
Fixes 0005012: Comments relating to . |
Affected Issues 0005012 |
|
mod - config_defaults_inc.php | Diff File | ||
MantisBT: master-1.2.x 4e031b69 2009-06-30 21:50 Details Diff |
Fixes 0005012: Comments relating to . |
Affected Issues 0005012 |
|
mod - config_defaults_inc.php | Diff File | ||
MantisBT: master 5affdcfc 2009-06-29 11:24 Details Diff |
Fix 0010638: allow 'bytes' to be translated |
Affected Issues 0010638 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - core/print_api.php | Diff File | ||
MantisBT: master-1.2.x aa047fe3 2009-06-29 11:24 Details Diff |
Fix 0010638: allow 'bytes' to be translated |
Affected Issues 0010638 |
|
mod - lang/strings_english.txt | Diff File | ||
mod - core/print_api.php | Diff File | ||
MantisBT: master 37171c8c 2009-06-29 10:14 Details Diff |
Fix 0010646: description printed as single line Commit 97b67e4bbb2f2df5f6fb24eea5b4bb37e1c28acd introduced two little bugs into the simple bug view page (bug_view_page.php) where multi-line text fields (description, additional information) were shown to the user as only a single line of text. |
Affected Issues 0010646 |
|
mod - bug_view_page.php | Diff File | ||
MantisBT: master-1.2.x f7888198 2009-06-29 10:14 Details Diff |
Fix 0010646: description printed as single line Commit 97b67e4bbb2f2df5f6fb24eea5b4bb37e1c28acd introduced two little bugs into the simple bug view page (bug_view_page.php) where multi-line text fields (description, additional information) were shown to the user as only a single line of text. |
Affected Issues 0010646 |
|
mod - bug_view_page.php | Diff File | ||
MantisBT: master-1.1.x 3fc6ef8d 2009-06-28 07:42 Details Diff |
Fix 0010264: any user could reset prefs for others This is a backport of f004926674c3fb64402e7606fa204c4adb235093. There were no access checks done when resetting the preferences on an account. Thus it was possible for any logged in user (including anonymous users, if enabled) to reset the preferences for any Mantis user. |
Affected Issues 0010264 |
|
mod - account_prefs_reset.php | Diff File | ||
MantisBT: master 473395a3 2009-06-28 06:18 Paul Richards Details Diff |
Fix 0010635: assigned to column missing after upgrade from 1.2.0a3 to 1.2.1rc1 |
Affected Issues 0010635 |
|
mod - core/columns_api.php | Diff File | ||
MantisBT: master-1.2.x 77da679e 2009-06-28 06:18 Paul Richards Details Diff |
Fix 0010635: assigned to column missing after upgrade from 1.2.0a3 to 1.2.1rc1 |
Affected Issues 0010635 |
|
mod - core/columns_api.php | Diff File | ||
MantisBT: master 938f67c1 2009-06-27 18:49 Paul Richards Details Diff |
Fix Issue 0010634: Fixed In Version in View Issues reads @fixed_in_version@ After 1.2.0rc1 Upgrade Fix Issue 0010633: Product Version in View Issues Trashed After 1.2.0rc1 Upgrade |
Affected Issues 0010633, 0010634 |
|
mod - core/bug_api.php | Diff File | ||
MantisBT: master-1.2.x a6a800d5 2009-06-27 18:49 Paul Richards Details Diff |
Fix Issue 0010634: Fixed In Version in View Issues reads @fixed_in_version@ After 1.2.0rc1 Upgrade Fix Issue 0010633: Product Version in View Issues Trashed After 1.2.0rc1 Upgrade |
Affected Issues 0010633, 0010634 |
|
mod - core/bug_api.php | Diff File | ||
MantisBT: master-1.2.x 21d74621 2009-06-27 11:19 Details Diff |
Add CSRF protection for bug_set_sponsorship | ||
mod - bug_sponsorship_list_view_inc.php | Diff File | ||
mod - bug_set_sponsorship.php | Diff File | ||
MantisBT: master-1.2.x 9c9e749f 2009-06-27 11:15 Details Diff |
CSRF protection not needed for bug_report form bug_report.php has a redirect form that sends a copy of details from the last bug reported to a new bug report form. This makes it easy to create a bunch of similar issues in a row. CSRF is not required here because it doesn't result in changes being made to Mantis. |
||
mod - bug_report.php | Diff File | ||
MantisBT: master-1.2.x 162f0a0a 2009-06-27 10:41 Details Diff |
Add CSRF protection for bug_reminder | ||
mod - bug_reminder.php | Diff File | ||
mod - bug_reminder_page.php | Diff File | ||
MantisBT: master-1.2.x b59bfe4d 2009-06-27 10:39 Details Diff |
CSRF protection not needed for bugnote_stats_inc | ||
mod - bugnote_stats_inc.php | Diff File | ||
MantisBT: master-1.2.x d43b14db 2009-06-27 10:36 Details Diff |
Add CSRF protection for bugnote_update | ||
mod - bugnote_edit_page.php | Diff File | ||
mod - bugnote_update.php | Diff File | ||
MantisBT: master-1.2.x 7b686322 2009-06-27 10:34 Details Diff |
Add CSRF protection for bugnote_add | ||
mod - bugnote_add_inc.php | Diff File | ||
mod - bugnote_add.php | Diff File | ||
MantisBT: master-1.2.x 1e192e9c 2009-06-27 10:30 Details Diff |
Add CSRF protection for bug_monitor | ||
mod - bug_monitor.php | Diff File | ||
mod - bug_monitor_list_view_inc.php | Diff File |