Search Changesets

MantisBT: master b52576cc

2017-08-11 07:10:22

cproensa

Details Diff
PR fixes
Attach Issues:
mod - core/filter_api.php Diff File

MantisBT: master fb955ddc

2017-08-10 19:28:38

cproensa

Details Diff
PR fixes
Attach Issues:
mod - core/print_api.php Diff File

MantisBT: master c57a735d

2017-08-10 02:43:28

dregad

Details Diff
XHR: send HTTP 400 error for invalid entry point

Returning an HTTP error code from xmlhttprequest back to the caller
instead of just outputting some arbitrary text message ensures that the
client's call actually fails, without relying on the failure being
caused by mismatch in output type, or detecting the error by parsing the
output.

HTTP 400 (Bad Request) error code was chosen following discussion in
pull request https://github.com/mantisbt/mantisbt/pull/1139.

Fixes 0023184
Affected Issues
0023184
mod - xmlhttprequest.php Diff File

MantisBT: master 48a9b048

2017-08-10 01:49:26

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_czech.txt Diff File
mod - lang/strings_french.txt Diff File
mod - lang/strings_italian.txt Diff File

MantisBT: master 508ab61c

2017-08-09 19:27:09

cproensa

Details Diff
Fix filter by custom fields distinct values

Fix populating available values for a custom field, to match the
behaviour of version < 2.1, where the retrieved values are those
existing only for current project issues.

Fixes: 0023112
Affected Issues
0023112
mod - core/filter_form_api.php Diff File

MantisBT: master 054eee96

2017-08-09 17:03:29

atrol

Details Diff
PHPDoc fixes

Issue 0023204
Affected Issues
0023204
mod - core/layout_api.php Diff File

MantisBT: master dc19a293

2017-08-09 16:58:19

atrol

Details Diff
Optimize and remove unused code in function layout_print_sidebar

Fixes 0023204
Affected Issues
0023204
mod - core/layout_api.php Diff File

MantisBT: master e8845fd0

2017-08-09 15:49:27

atrol

Details Diff
Change order of top buttons on "View Issue" page

Chang order and avoid unneeded server round trip if history is visible

Fixes 0023202
Affected Issues
0023202
mod - bug_view_inc.php Diff File
mod - lang/strings_english.txt Diff File

MantisBT: master 38c15c9a

2017-08-07 01:30:29

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_german.txt Diff File
mod - lang/strings_spanish.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_spanish.txt Diff File

MantisBT: master 7e0e097e

2017-08-06 10:51:41

atrol

Details Diff
Correct access check for time tracking reports

Fixes 0023191
Affected Issues
0023191
mod - core/layout_api.php Diff File

MantisBT: master f4cbc57a

2017-08-05 19:21:13

vboctor

Details Diff
Update to latest libraries

- Updating guzzlehttp/guzzle (6.2.3 => 6.3.0): Loading from cache
- Updating phpmailer/phpmailer (v5.2.23 => v5.2.24): Downloading (100%) - Updating erusev/parsedown (1.6.2 => 1.6.3): Downloading (100%)
- Updating symfony/yaml (v3.2.8 => v3.3.6): Downloading (100%)
- Updating phpdocumentor/type-resolver (0.2.1 => 0.3.0): Downloading (100%) - Updating phpdocumentor/reflection-docblock (3.1.1 => 3.2.1): Downloading (100%)
- Updating phpunit/phpunit (4.8.35 => 4.8.36): Downloading (100%)
- Updating pimple/pimple (v3.0.2 => v3.2.2): Downloading (100%)

Fixes 0023187, 0023188, 0023189, 0023190
Affected Issues
0023187, 0023188, 0023189, 0023190
mod - composer.lock Diff File

MantisBT: master 32fd4fb7

2017-08-04 18:34:59

dregad

Details Diff
Merge remote-tracking branch 'origin/master-2.5'
Attach Issues:
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master-1.3.x 10211c90

2017-08-04 17:45:55

dregad

Details Diff
Improve admin information about CVE-2017-12419

- Add admin check for mysqli.allow_local_infile
- Add reminder to remove admin dir at end of Admin checks
- Improve post-install tasks section of Admin Guide: add explicit
warning about potential consequences of not deleting the admin
directory, more descriptive wording.

Stopgap measures for issue 0023173

Backported from master-2.5 branch 3a7c6f75bf3c4bc0856ebffe388df9e46ac10e5d

Conflicts:
admin/check/index.php
Affected Issues
0023173, 0023186
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File

MantisBT: master-2.5 3a7c6f75

2017-08-03 19:39:40

dregad

Details Diff
Improve admin information about CVE-2017-12419

- Add admin check for mysqli.allow_local_infile
- Add reminder to remove admin dir at end of Admin checks
- Improve post-install tasks section of Admin Guide: add explicit
warning about potential consequences of not deleting the admin
directory, more descriptive wording.

Stopgap measures for issue 0023173
Affected Issues
0023173, 0023185
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File

MantisBT: master-2.5 a6dc088a

2017-08-03 17:47:16

dregad

Details Diff
Improve wording of admin messages on login page
Attach Issues:
mod - lang/strings_english.txt Diff File

MantisBT: master-1.3.x 600d0e0b

2017-08-03 17:47:16

dregad

Details Diff
Improve wording of admin messages on login page

Backported from master-2.5 branch a6dc088a395e3b4a8f2f243eac82786a751a7536
Attach Issues:
mod - lang/strings_english.txt Diff File

MantisBT: master-2.5 12ab69b8

2017-08-03 17:19:03

dregad

Details Diff
Admin checks: fix HTML syntax error on index page

A closing </div> was missing when displaying failures or warning.
Attach Issues:
mod - admin/check/index.php Diff File

MantisBT: master-2.5 4980b3b0

2017-08-03 16:57:09

dregad

Details Diff
Execute login page checks that can run without admin dir

Some of the admin checks performed on login page can (and should) be
executed if the admin dir does not exist (e.g. default administrator
account password, detailed error settings).

Fixes 0023181
Affected Issues
0023181
mod - login_page.php Diff File

MantisBT: master-1.3.x 82f913d3

2017-08-03 16:57:09

dregad

Details Diff
Execute login page checks that can run without admin dir

Some of the admin checks performed on login page can (and should) be
executed if the admin dir does not exist (e.g. default administrator
account password, detailed error settings).

Fixes 0023181

Backported from master-2.5 branch 4980b3b0ae85cb76f3b14ac61214efde1f802da4
Affected Issues
0023181
mod - login_page.php Diff File

MantisBT: master-2.5 d6d7dc2d

2017-08-03 16:54:04

dregad

Details Diff
Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173
Affected Issues
0023173, 0023179, 0023185
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master-1.3.x 21a15b88

2017-08-03 16:54:04

dregad

Details Diff
Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173

Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409
Affected Issues
0023173, 0023179, 0023186
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master 5dea34c9

2017-08-02 11:04:24

dregad

Details Diff
Update PHPMailer to 5.2.24

Fixes 0022940
Affected Issues
0022940
mod - composer.lock Diff File

MantisBT: master 7cf4f0df

2017-08-02 11:03:35

dregad

Details Diff
Composer: minimum PHPMailer version is 5.2.22

Older versions have security issues.

Issue 0022940
Affected Issues
0022940
mod - composer.json Diff File

MantisBT: master e7d5e46a

2017-08-02 10:50:37

dregad

Details Diff
Add former Submodules to .gitignore

Following the move of libraries from Git Submodules to Composer and
removal of the former, their respective directories need to be ignored
to avoid risk of inadvertant updates when switching back and forth
between 2.6+ and older branches.

Issues 0022913, 0022939, 0022940
Affected Issues
0022913, 0022939, 0022940
mod - .gitignore Diff File

MantisBT: master 54929f3b

2017-08-02 08:18:18

dregad

Details Diff
Fix inline viewing of image attachments

The code extracting the MIME type from the content was incorrect,
assuming that a semi-colon would always be present but it's not always
the case.

This resulted in MIME type being empty, which in turn made the browser
download the file instead of displaying the image inline when the web
server's content disposition header is set to "attachment".

Jan Müller's original patch [1] was replaced by more efficient code.

Fixes 0012313

[1] https://github.com/mantisbt/mantisbt/pull/1125
Affected Issues
0012313
mod - file_download.php Diff File
 First  Prev  1 2 3 ... 58 59 60 61 62 63 64 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 659 660 661  Next  Last