Search Changesets

MantisBT: master-1.3.x 21a15b88

2017-08-03 16:54:04

dregad

Details Diff
Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173

Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409
Affected Issues
0023173, 0023179, 0023186
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master 5dea34c9

2017-08-02 11:04:24

dregad

Details Diff
Update PHPMailer to 5.2.24

Fixes 0022940
Affected Issues
0022940
mod - composer.lock Diff File

MantisBT: master 7cf4f0df

2017-08-02 11:03:35

dregad

Details Diff
Composer: minimum PHPMailer version is 5.2.22

Older versions have security issues.

Issue 0022940
Affected Issues
0022940
mod - composer.json Diff File

MantisBT: master e7d5e46a

2017-08-02 10:50:37

dregad

Details Diff
Add former Submodules to .gitignore

Following the move of libraries from Git Submodules to Composer and
removal of the former, their respective directories need to be ignored
to avoid risk of inadvertant updates when switching back and forth
between 2.6+ and older branches.

Issues 0022913, 0022939, 0022940
Affected Issues
0022913, 0022939, 0022940
mod - .gitignore Diff File

MantisBT: master 54929f3b

2017-08-02 08:18:18

dregad

Details Diff
Fix inline viewing of image attachments

The code extracting the MIME type from the content was incorrect,
assuming that a semi-colon would always be present but it's not always
the case.

This resulted in MIME type being empty, which in turn made the browser
download the file instead of displaying the image inline when the web
server's content disposition header is set to "attachment".

Jan Müller's original patch [1] was replaced by more efficient code.

Fixes 0012313

[1] https://github.com/mantisbt/mantisbt/pull/1125
Affected Issues
0012313
mod - file_download.php Diff File

MantisBT: master 5884ba47

2017-08-01 09:16:04

dregad

Details Diff
Merge remote-tracking branch 'origin/master-2.5'

# Conflicts:
# core/constant_inc.php
Attach Issues:
mod - admin/install.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File
mod - manage_user_page.php Diff File

MantisBT: master-2.5 c73ae3d3

2017-08-01 07:00:04

dregad

Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC (https://twitter.com/IamSecurity) reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the
attack.

Fixes 0023146
Affected Issues
0023146
mod - admin/install.php Diff File

MantisBT: master-1.3.x 17f9b94f

2017-08-01 07:00:04

dregad

Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC (https://twitter.com/IamSecurity) reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the
attack.

Fixes 0023146

Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5
Affected Issues
0023146, 0023175
mod - admin/install.php Diff File

MantisBT: master-2.5 9b5b71da

2017-07-27 17:14:00

atrol

Details Diff
Fix XSS in manage_user_page.php (CVE-2017-12062)

trichimtrich (https://twitter.com/trichimtrich) reported this
vulnerability, allowing an attacker to inject arbitrary code through a
crafted 'filter' form variable.

Prevent the attack by sanitizing the variable before output.

Fixes 0023166

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0023166
mod - manage_user_page.php Diff File

MantisBT: master 3fa9f5d6

2017-07-27 15:59:15

atrol

Details Diff
Enhance graph display

Reduce transparency
Remove axes form pie charts

Fixes 0023159
Affected Issues
0023159
mod - plugins/MantisGraph/core/graph_api.php Diff File
mod - plugins/MantisGraph/files/MantisGraph.js Diff File

MantisBT: master 09f749de

2017-07-27 04:18:10

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_latvian.txt Diff File
mod - plugins/MantisGraph/lang/strings_asturian.txt Diff File

MantisBT: master df80e3a0

2017-07-25 16:41:16

atrol

Details Diff
Display "Monitored By" user list based on monitor_bug_threshold

Fixes 0023087
Affected Issues
0023087
mod - core/filter_form_api.php Diff File

MantisBT: master 18d5214f

2017-07-24 16:27:51

atrol

Details Diff
Remove UTF-8 library from source

Issue 0023214
Affected Issues
0023214
mod - core.php Diff File
mod - library/README.md Diff File
rm - library/utf8/ChangeLog Diff File
rm - library/utf8/LICENSE Diff File
rm - library/utf8/README Diff File
rm - library/utf8/TODO.tsk Diff File
rm - library/utf8/exp/regexunicode.php Diff File
rm - library/utf8/index.html Diff File
rm - library/utf8/mbstring/core.php Diff File
rm - library/utf8/native/core.php Diff File
rm - library/utf8/ord.php Diff File
rm - library/utf8/readme_mantis.txt Diff File
rm - library/utf8/str_ireplace.php Diff File
rm - library/utf8/str_pad.php Diff File
rm - library/utf8/str_split.php Diff File
rm - library/utf8/strcasecmp.php Diff File
rm - library/utf8/strcspn.php Diff File
rm - library/utf8/stristr.php Diff File
rm - library/utf8/strrev.php Diff File
rm - library/utf8/strspn.php Diff File
rm - library/utf8/substr_replace.php Diff File
rm - library/utf8/trim.php Diff File
rm - library/utf8/ucfirst.php Diff File
rm - library/utf8/ucwords.php Diff File
rm - library/utf8/utf8.php Diff File
rm - library/utf8/utils/ascii.php Diff File
rm - library/utf8/utils/bad.php Diff File
rm - library/utf8/utils/patterns.php Diff File
rm - library/utf8/utils/position.php Diff File
rm - library/utf8/utils/specials.php Diff File
rm - library/utf8/utils/unicode.php Diff File
rm - library/utf8/utils/validation.php Diff File

MantisBT: master d61ccd1e

2017-07-24 14:59:12

atrol

Details Diff
Remove unused code and generation of unused CSS code

The following kind of CSS is no longer needed since status legend
and status_legend_position have been obsoleted.

.status-legend-width { width: 14%; }

Fixes 0023150
Affected Issues
0023150
mod - config_defaults_inc.php Diff File
mod - css/status_config.php Diff File

MantisBT: master 32e30f3e

2017-07-23 19:55:56

Zipher

Details Diff
Show file added event in timeline. And remove identical event from
timeline.
Attach Issues:
add - core/classes/IssueFileAddedTimelineEvent.class.php Diff File
mod - core/timeline_api.php Diff File
mod - lang/strings_chinese_traditional.txt Diff File
mod - lang/strings_english.txt Diff File

MantisBT: master bb69572c

2017-07-23 15:32:37

vboctor

Details Diff
Support deleting notes via REST API

Fixes 0023145
Affected Issues
0023145
mod - api/rest/restcore/issues_rest.php Diff File

MantisBT: master 4a4cc453

2017-07-23 15:18:35

vboctor

Details Diff
Fix note timestamps in REST APIs

Fixes 0023139
Affected Issues
0023139
mod - api/soap/mc_issue_api.php Diff File

MantisBT: master 10ff2817

2017-07-23 15:11:05

vboctor

Details Diff
Support sub-projects in REST API get all projects

- GET /api/rest/projects should return sub-projects.
- Projects should include “subProjects” element that lists sub-projects.
- Project info returned for sub-project reflects inherited information like categories and versions.

Fixes 0023131
Affected Issues
0023131
mod - api/rest/restcore/projects_rest.php Diff File

MantisBT: master 39219bd9

2017-07-23 14:46:31

vboctor

Details Diff
Support adding issue notes

Support adding a note while specifying text, reporter, and view state.

Fixes 0023143
Affected Issues
0023143
mod - api/rest/restcore/issues_rest.php Diff File
mod - api/soap/mc_issue_api.php Diff File

MantisBT: master 3034a126

2017-07-23 09:27:23

atrol

Details Diff
Remove loading of UTF8 library

Issue 0023214
Affected Issues
0023214
mod - core.php Diff File

MantisBT: master 3278e4d5

2017-07-23 09:17:36

atrol

Details Diff
Move function utf8_str_pad to Mantis core

Thers is still no function mb_str_pad in latest PHP
https://bugs.php.net/bug.php?id=21317

The function has been changed to use no longer utf8_*, but mb_* functions.

I didn't rename the function to mb_str_pad to avoid any problems
if there will be mb_str_pad in later PHP versions.

Issue 0023214
Affected Issues
0023214
mod - core.php Diff File
mod - core/string_api.php Diff File

MantisBT: master 442eb35e

2017-07-23 05:49:42

atrol

Details Diff
Remove generation of unused CSS code

The following kind of CSS is no longer need since
status_percentage_legend has been obsoleted.

.status-10-percentage { width: 11%; }

Fixes 0023141
Affected Issues
0023141
mod - css/status_config.php Diff File

MantisBT: master 9e81d27a

2017-07-22 07:14:12

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_spanish.txt Diff File
mod - plugins/MantisGraph/lang/strings_spanish.txt Diff File

MantisBT: master 27090d47

2017-07-16 16:33:22

atrol

Details Diff
Replace utf8_strtoupper by mb_strtoupper

Issue 0023214
Affected Issues
0023214
mod - manage_tags_page.php Diff File
mod - manage_user_page.php Diff File

MantisBT: master 322acccd

2017-07-16 16:29:58

atrol

Details Diff
Replace utf8_strtolower by mb_strtolower

Issue 0023214
Affected Issues
0023214
mod - bug_actiongroup_ext_page.php Diff File
mod - core/columns_api.php Diff File
mod - core/database_api.php Diff File
mod - core/file_api.php Diff File
mod - core/filter_api.php Diff File
mod - core/filter_form_api.php Diff File
mod - core/helper_api.php Diff File
mod - core/install_helper_functions_api.php Diff File
mod - core/lang_api.php Diff File
mod - core/tag_api.php Diff File
mod - core/version_api.php Diff File
mod - manage_proj_cat_update.php Diff File
mod - print_all_bug_options_update.php Diff File
mod - signup.php Diff File
 First  Prev  1 2 3 ... 57 58 59 60 61 62 63 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 657 658 659  Next  Last