Search Changesets

MantisBT: master 5a72e41c

2017-03-25 16:39:13

vboctor

Details Diff
Update ‘cookie_time_length’ docs and default value
Attach Issues:
mod - config_defaults_inc.php Diff File
mod - docbook/Admin_Guide/en-US/config/time.xml Diff File

MantisBT: master 3c98827b

2017-03-25 15:19:53

vboctor

Details Diff
Explicitly disable html from being rendered inline
Attach Issues:
mod - file_download.php Diff File

MantisBT: master aa40d4df

2017-03-25 15:10:38

vboctor

Details Diff
Open PDFs in the browser rather than downloading

Fixes 0022583
Affected Issues
0022583
mod - file_download.php Diff File

MantisBT: master f6229fbe

2017-03-25 14:15:53

Romain CABASSOT

Details Diff
Avatars should respect aspect ratio

Fixes 0022473
Affected Issues
0022473
mod - bugnote_view_inc.php Diff File
mod - core/classes/TimelineEvent.class.php Diff File
mod - core/layout_api.php Diff File
mod - core/prepare_api.php Diff File
mod - core/print_api.php Diff File
mod - css/ace-mantis.css Diff File

MantisBT: master dbe7be70

2017-03-25 13:44:59

vboctor

Details Diff
Relationship box layout fixes

Fixes 0022582
Affected Issues
0022582
mod - core/relationship_api.php Diff File

MantisBT: master 2d4668c4

2017-03-25 10:52:13

cproensa

Details Diff
Change icon for project assignment widgets
Attach Issues:
mod - account_page.php Diff File
mod - manage_user_edit_page.php Diff File

MantisBT: master-1.3.x c9e5b1d0

2017-03-25 10:23:51

dregad

Details Diff
Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022579
Affected Issues
0022579
mod - adm_config_report.php Diff File

MantisBT: master-2.1 0243375e

2017-03-25 10:23:51

dregad

Details Diff
Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae.

Fixes 0022579
Affected Issues
0022579
mod - adm_config_report.php Diff File

MantisBT: master-2.2 e881dd79

2017-03-25 10:23:51

dregad

Details Diff
Fix XSS in adm_config_report.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Configuration Report page, allowing an
attacker to inject arbitrary code through a crafted 'config_option'
parameter.

Sanitize the parameter prior to output, to ensure HTML special
characters are properly escaped.

Ported from 1.3.x commit c9e5b1d0404503022605459552faeaf610bf15ae.

Fixes 0022579
Affected Issues
0022579
mod - adm_config_report.php Diff File

MantisBT: master 665f665f

2017-03-25 08:29:32

cproensa

Details Diff
Move assigned projects outside of form

Move the list of assigned projects outside of the form in account_page.
This list is not editable, so it must not be part of the form.

Fixes: 0021552
Affected Issues
0021552
mod - account_page.php Diff File

MantisBT: master-1.3.x d31841c8

2017-03-24 12:02:07

dregad

Details Diff
Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Move Attachments admin page, allowing
an attacker to inject arbitrary code through a crafted 'type'
parameter.

Sanitize the 'type' parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022568

Backported from 2.2.x ecef0e9b523a460709e8feedfce72f05bb30b992
Conflicts:
admin/move_attachments_page.php
Affected Issues
0022568
mod - admin/move_attachments_page.php Diff File

MantisBT: master-2.1 2d55c647

2017-03-24 12:02:07

dregad

Details Diff
Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Move Attachments admin page, allowing
an attacker to inject arbitrary code through a crafted 'type'
parameter.

Sanitize the 'type' parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022568
Affected Issues
0022568
mod - admin/move_attachments_page.php Diff File

MantisBT: master-2.2 ecef0e9b

2017-03-24 12:02:07

dregad

Details Diff
Fix XSS in move_attachments_page.php

Yelin and Zhangdongsheng from VenusTech http://www.venustech.com.cn/
reported a vulnerability in the Move Attachments admin page, allowing
an attacker to inject arbitrary code through a crafted 'type'
parameter.

Sanitize the 'type' parameter prior to output, to ensure HTML special
characters are properly escaped.

Fixes 0022568
Affected Issues
0022568
mod - admin/move_attachments_page.php Diff File

MantisBT: master 7a5c0377

2017-03-24 03:49:56

atrol

Details Diff
Correct documentation of option show_version

Fixes 0022572
Affected Issues
0022572
mod - docbook/Admin_Guide/en-US/config/version.xml Diff File

MantisBT: master 4d6f58a4

2017-03-23 09:47:59

libregeek

Details Diff
Add ID attribute to bugnote_text textareas

Fixes 0022571
Affected Issues
0022571
mod - bug_actiongroup_add_note_inc.php Diff File
mod - bug_actiongroup_page.php Diff File
mod - bug_change_status_page.php Diff File

MantisBT: master a9abb280

2017-03-23 03:38:25

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_asturian.txt Diff File
mod - lang/strings_breton.txt Diff File
mod - lang/strings_chinese_simplified.txt Diff File
mod - lang/strings_chinese_traditional.txt Diff File
mod - lang/strings_czech.txt Diff File
mod - lang/strings_dutch.txt Diff File
mod - lang/strings_french.txt Diff File
mod - lang/strings_german.txt Diff File
mod - lang/strings_hungarian.txt Diff File
mod - lang/strings_italian.txt Diff File
mod - lang/strings_korean.txt Diff File
mod - lang/strings_lithuanian.txt Diff File
mod - lang/strings_macedonian.txt Diff File
mod - lang/strings_polish.txt Diff File
mod - lang/strings_spanish.txt Diff File

MantisBT: master-2.2 449f4d51

2017-03-22 22:18:28

cproensa

Details Diff
Validate filter values that must not be arrays

Add validation for values that must be a single value.
Clean up type validation for both single and multiple values.

Fixes: 0022566
Affected Issues
0022566
mod - core/filter_api.php Diff File
mod - view_all_set.php Diff File

MantisBT: master 815af159

2017-03-22 22:08:03

vboctor

Details Diff
Fix typos in filter_api.php
Attach Issues:
mod - core/filter_api.php Diff File

MantisBT: master-2.2 c612d8da

2017-03-22 20:45:46

cproensa

Details Diff
Fix lowercase custom field column names

Fix column names for custom field columns that may be stored as
lowercase in configuration. See issue 0017367
If the system was working fine with lowercase names, then database is
case-insensitive, eg: mysql.
Fix by forcing a search with current name to get the id, then get the
actual name by looking up this id.

Fixes: 0022555
Affected Issues
0017367, 0022555
mod - core/bug_api.php Diff File
mod - core/columns_api.php Diff File
mod - core/helper_api.php Diff File

MantisBT: master 3a0706a1

2017-03-22 11:15:01

obmsch

Details Diff
Modify schema to get install/upgrade work with db-mssql.

Although the problem appears in step 209, the real cause is the
combination of steps 200 and 201. The Index ('user_id','name')
created in step 201 (with a nullable 'user_id' as of step 200)
forbids the alteration of 'user_id' to NOTNULL in step 209, at
least with mssql. So fix this in step 200 and set 'user_id'
NOTNULL right from start.

While this is a 'post release' change, it is justifiable as it
happens in the same install/upgrade sequence and the final
db (schema) is identical.

Fixes 0022063
Affected Issues
0022063
mod - admin/schema.php Diff File

MantisBT: master-1.3.x 8decd714

2017-03-22 11:15:01

obmsch

Details Diff
Modify schema to get install/upgrade work with db-mssql.

Although the problem appears in step 209, the real cause is the
combination of steps 200 and 201. The Index ('user_id','name')
created in step 201 (with a nullable 'user_id' as of step 200)
forbids the alteration of 'user_id' to NOTNULL in step 209, at
least with mssql. So fix this in step 200 and set 'user_id'
NOTNULL right from start.

While this is a 'post release' change, it is justifiable as it
happens in the same install/upgrade sequence and the final
db (schema) is identical.

Fixes 0022063

Signed-off-by: Damien Regad <dregad@mantisbt.org>

Backported from master 3a0706a1bc291be6ee684bd30199bd6544f0cc6b
Affected Issues
0022063
mod - admin/schema.php Diff File

MantisBT: master-2.1 5fec5fb9

2017-03-22 11:15:01

obmsch

Details Diff
Modify schema to get install/upgrade work with db-mssql.

Although the problem appears in step 209, the real cause is the
combination of steps 200 and 201. The Index ('user_id','name')
created in step 201 (with a nullable 'user_id' as of step 200)
forbids the alteration of 'user_id' to NOTNULL in step 209, at
least with mssql. So fix this in step 200 and set 'user_id'
NOTNULL right from start.

While this is a 'post release' change, it is justifiable as it
happens in the same install/upgrade sequence and the final
db (schema) is identical.

Fixes 0022063
Affected Issues
0022063
mod - admin/schema.php Diff File

MantisBT: master-2.2 98a31d53

2017-03-22 11:15:01

obmsch

Details Diff
Modify schema to get install/upgrade work with db-mssql.

Although the problem appears in step 209, the real cause is the
combination of steps 200 and 201. The Index ('user_id','name')
created in step 201 (with a nullable 'user_id' as of step 200)
forbids the alteration of 'user_id' to NOTNULL in step 209, at
least with mssql. So fix this in step 200 and set 'user_id'
NOTNULL right from start.

While this is a 'post release' change, it is justifiable as it
happens in the same install/upgrade sequence and the final
db (schema) is identical.

Fixes 0022063
Affected Issues
0022063
mod - admin/schema.php Diff File

MantisBT: master-1.3.x 43c4b6fb

2017-03-22 10:32:30

obmsch

Details Diff
mssql: don't encode contents when uploading attachments

Downloads are broken and inline preview doesn't work.

Move "case 'mssqlnative':" down next to 'oci8' in
db_prepare_binary_string (database_api) to effectively
return the string unchanged via 'default:'. Adjust comment.

Fixes 0022208

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0022208
mod - core/database_api.php Diff File

MantisBT: master-2.1 b9fccabf

2017-03-22 10:32:30

obmsch

Details Diff
mssql: don't encode contents when uploading attachments

Downloads are broken and inline preview doesn't work.

Move "case 'mssqlnative':" down next to 'oci8' in
db_prepare_binary_string (database_api) to effectively
return the string unchanged via 'default:'. Adjust comment.

Fixes 0022208

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0022208
mod - core/database_api.php Diff File
 First  Prev  1 2 3 ... 57 58 59 60 61 62 63 ... 120 ... 180 ... 240 ... 300 ... 360 ... 420 ... 480 ... 540 ... 600 ... 646 647 648  Next  Last