Search Changesets

MantisBT: master 054eee96

2017-08-09 17:03:29

atrol

Details Diff
PHPDoc fixes

Issue 0023204
Affected Issues
0023204
mod - core/layout_api.php Diff File

MantisBT: master dc19a293

2017-08-09 16:58:19

atrol

Details Diff
Optimize and remove unused code in function layout_print_sidebar

Fixes 0023204
Affected Issues
0023204
mod - core/layout_api.php Diff File

MantisBT: master e8845fd0

2017-08-09 15:49:27

atrol

Details Diff
Change order of top buttons on "View Issue" page

Chang order and avoid unneeded server round trip if history is visible

Fixes 0023202
Affected Issues
0023202
mod - bug_view_inc.php Diff File
mod - lang/strings_english.txt Diff File

MantisBT: master 38c15c9a

2017-08-07 01:30:29

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_german.txt Diff File
mod - lang/strings_spanish.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_spanish.txt Diff File

MantisBT: master 7e0e097e

2017-08-06 10:51:41

atrol

Details Diff
Correct access check for time tracking reports

Fixes 0023191
Affected Issues
0023191
mod - core/layout_api.php Diff File

MantisBT: master f4cbc57a

2017-08-05 19:21:13

vboctor

Details Diff
Update to latest libraries

- Updating guzzlehttp/guzzle (6.2.3 => 6.3.0): Loading from cache
- Updating phpmailer/phpmailer (v5.2.23 => v5.2.24): Downloading (100%) - Updating erusev/parsedown (1.6.2 => 1.6.3): Downloading (100%)
- Updating symfony/yaml (v3.2.8 => v3.3.6): Downloading (100%)
- Updating phpdocumentor/type-resolver (0.2.1 => 0.3.0): Downloading (100%) - Updating phpdocumentor/reflection-docblock (3.1.1 => 3.2.1): Downloading (100%)
- Updating phpunit/phpunit (4.8.35 => 4.8.36): Downloading (100%)
- Updating pimple/pimple (v3.0.2 => v3.2.2): Downloading (100%)

Fixes 0023187, 0023188, 0023189, 0023190
Affected Issues
0023187, 0023188, 0023189, 0023190
mod - composer.lock Diff File

MantisBT: master 32fd4fb7

2017-08-04 18:34:59

dregad

Details Diff
Merge remote-tracking branch 'origin/master-2.5'
Attach Issues:
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master-1.3.x 10211c90

2017-08-04 17:45:55

dregad

Details Diff
Improve admin information about CVE-2017-12419

- Add admin check for mysqli.allow_local_infile
- Add reminder to remove admin dir at end of Admin checks
- Improve post-install tasks section of Admin Guide: add explicit
warning about potential consequences of not deleting the admin
directory, more descriptive wording.

Stopgap measures for issue 0023173

Backported from master-2.5 branch 3a7c6f75bf3c4bc0856ebffe388df9e46ac10e5d

Conflicts:
admin/check/index.php
Affected Issues
0023173, 0023186
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File

MantisBT: master-2.5 3a7c6f75

2017-08-03 19:39:40

dregad

Details Diff
Improve admin information about CVE-2017-12419

- Add admin check for mysqli.allow_local_infile
- Add reminder to remove admin dir at end of Admin checks
- Improve post-install tasks section of Admin Guide: add explicit
warning about potential consequences of not deleting the admin
directory, more descriptive wording.

Stopgap measures for issue 0023173
Affected Issues
0023173, 0023185
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File

MantisBT: master-2.5 a6dc088a

2017-08-03 17:47:16

dregad

Details Diff
Improve wording of admin messages on login page
Attach Issues:
mod - lang/strings_english.txt Diff File

MantisBT: master-1.3.x 600d0e0b

2017-08-03 17:47:16

dregad

Details Diff
Improve wording of admin messages on login page

Backported from master-2.5 branch a6dc088a395e3b4a8f2f243eac82786a751a7536
Attach Issues:
mod - lang/strings_english.txt Diff File

MantisBT: master-2.5 12ab69b8

2017-08-03 17:19:03

dregad

Details Diff
Admin checks: fix HTML syntax error on index page

A closing </div> was missing when displaying failures or warning.
Attach Issues:
mod - admin/check/index.php Diff File

MantisBT: master-2.5 4980b3b0

2017-08-03 16:57:09

dregad

Details Diff
Execute login page checks that can run without admin dir

Some of the admin checks performed on login page can (and should) be
executed if the admin dir does not exist (e.g. default administrator
account password, detailed error settings).

Fixes 0023181
Affected Issues
0023181
mod - login_page.php Diff File

MantisBT: master-1.3.x 82f913d3

2017-08-03 16:57:09

dregad

Details Diff
Execute login page checks that can run without admin dir

Some of the admin checks performed on login page can (and should) be
executed if the admin dir does not exist (e.g. default administrator
account password, detailed error settings).

Fixes 0023181

Backported from master-2.5 branch 4980b3b0ae85cb76f3b14ac61214efde1f802da4
Affected Issues
0023181
mod - login_page.php Diff File

MantisBT: master-2.5 d6d7dc2d

2017-08-03 16:54:04

dregad

Details Diff
Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173
Affected Issues
0023173, 0023179, 0023185
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master-1.3.x 21a15b88

2017-08-03 16:54:04

dregad

Details Diff
Restore "admin dir" warning on login page

Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin
checks on login page to remove the logic checking for pre 1.0 upgrade
steps.

However, it also (probably unintentionally) removed the check for admin
directory presence, so administrators are no longer reminded that they
should delete this directory, potentially leaving them exposed to
security breaches.

This commit restores the warning, and improves the error message.

Fixes 0023179
Stopgap measure for issue 0023173

Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409
Affected Issues
0023173, 0023179, 0023186
mod - lang/strings_english.txt Diff File
mod - login_page.php Diff File

MantisBT: master 5dea34c9

2017-08-02 11:04:24

dregad

Details Diff
Update PHPMailer to 5.2.24

Fixes 0022940
Affected Issues
0022940
mod - composer.lock Diff File

MantisBT: master 7cf4f0df

2017-08-02 11:03:35

dregad

Details Diff
Composer: minimum PHPMailer version is 5.2.22

Older versions have security issues.

Issue 0022940
Affected Issues
0022940
mod - composer.json Diff File

MantisBT: master e7d5e46a

2017-08-02 10:50:37

dregad

Details Diff
Add former Submodules to .gitignore

Following the move of libraries from Git Submodules to Composer and
removal of the former, their respective directories need to be ignored
to avoid risk of inadvertant updates when switching back and forth
between 2.6+ and older branches.

Issues 0022913, 0022939, 0022940
Affected Issues
0022913, 0022939, 0022940
mod - .gitignore Diff File

MantisBT: master 54929f3b

2017-08-02 08:18:18

dregad

Details Diff
Fix inline viewing of image attachments

The code extracting the MIME type from the content was incorrect,
assuming that a semi-colon would always be present but it's not always
the case.

This resulted in MIME type being empty, which in turn made the browser
download the file instead of displaying the image inline when the web
server's content disposition header is set to "attachment".

Jan Müller's original patch [1] was replaced by more efficient code.

Fixes 0012313

[1] https://github.com/mantisbt/mantisbt/pull/1125
Affected Issues
0012313
mod - file_download.php Diff File

MantisBT: master 5884ba47

2017-08-01 09:16:04

dregad

Details Diff
Merge remote-tracking branch 'origin/master-2.5'

# Conflicts:
# core/constant_inc.php
Attach Issues:
mod - admin/install.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File
mod - manage_user_page.php Diff File

MantisBT: master-2.5 c73ae3d3

2017-08-01 07:00:04

dregad

Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC (https://twitter.com/IamSecurity) reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the
attack.

Fixes 0023146
Affected Issues
0023146
mod - admin/install.php Diff File

MantisBT: master-1.3.x 17f9b94f

2017-08-01 07:00:04

dregad

Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC (https://twitter.com/IamSecurity) reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the
attack.

Fixes 0023146

Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5
Affected Issues
0023146, 0023175
mod - admin/install.php Diff File

MantisBT: master-2.5 9b5b71da

2017-07-27 17:14:00

atrol

Details Diff
Fix XSS in manage_user_page.php (CVE-2017-12062)

trichimtrich (https://twitter.com/trichimtrich) reported this
vulnerability, allowing an attacker to inject arbitrary code through a
crafted 'filter' form variable.

Prevent the attack by sanitizing the variable before output.

Fixes 0023166

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0023166
mod - manage_user_page.php Diff File

MantisBT: master 3fa9f5d6

2017-07-27 15:59:15

atrol

Details Diff
Enhance graph display

Reduce transparency
Remove axes form pie charts

Fixes 0023159
Affected Issues
0023159
mod - plugins/MantisGraph/core/graph_api.php Diff File
mod - plugins/MantisGraph/files/MantisGraph.js Diff File
 First  Prev  1 2 3 ... 60 61 62 63 64 65 66 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 661 662 663  Next  Last