Search Changesets

MantisBT: master f6644090

2017-05-13 18:47:13

dregad

Details Diff
Encode '\' in string_sanitize_url()

As an extra safety measure following up on the fix for CVE-2017-7620, we
encode the backslashes in the 'script' part of the URL to ensure that
the sanitized URL is treated as a path relative to MantisBT root and not
a link to an external site if the URL begins with an escaped `/`.

This reduces the risk of someone being able to use the same attack
vector in another page.

Fixes 0022702, 0022816
Affected Issues
0022702, 0022816
mod - core/string_api.php Diff File

MantisBT: master f21b56fa

2017-05-13 18:45:04

dregad

Details Diff
Add form security token to permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

The security token prevents such injection.

Fixes 0022702
Affected Issues
0022702
mod - core/filter_api.php Diff File
mod - permalink_page.php Diff File

MantisBT: master b0b56c82

2017-05-13 18:11:53

dregad

Details Diff
Fix system notice on login page with BASIC_AUTH

Undefined index: REMOTE_USER in authentication_api.php line 337

Fixes 0022865
Affected Issues
0022865
mod - core/authentication_api.php Diff File

MantisBT: master cbdf5661

2017-05-13 17:59:08

dregad

Details Diff
Fix .mailmap for Carlos
Attach Issues:
mod - .mailmap Diff File

MantisBT: master 0316eb9b

2017-05-13 08:38:51

cproensa

Details Diff
Fix PHPDoc for print_link_button()

Fix order of parameters

Fixes 0022864
Affected Issues
0022864
mod - core/print_api.php Diff File

MantisBT: master 3b21c7c6

2017-05-11 02:43:58

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_greek.txt Diff File
mod - lang/strings_polish.txt Diff File
mod - lang/strings_russian.txt Diff File
mod - lang/strings_spanish.txt Diff File
mod - lang/strings_swedish.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_japanese.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_swedish.txt Diff File
mod - plugins/MantisGraph/lang/strings_swedish.txt Diff File
mod - plugins/XmlImportExport/lang/strings_serbian.txt Diff File

MantisBT: master db1996c0

2017-05-10 19:19:50

cproensa

Details Diff
Improve phpdoc for db_result()

Rename parameters and improve phpdoc comments to better explain the
usage of this function.
Attach Issues:
mod - core/database_api.php Diff File

MantisBT: master 2dcb5559

2017-05-10 18:55:57

cproensa

Details Diff
Transform values fetched by db_result()

db_result() was bypassing transformations that must be made for some
databases (postgres and oracle), to transform some of the data
returned by the raw result set.
Attach Issues:
mod - core/database_api.php Diff File

MantisBT: master b2207408

2017-05-10 08:48:07

dregad

Details Diff
Display indentifier size limit warning for Oracle

Issue 0022851
Affected Issues
0022851
mod - admin/install.php Diff File
mod - js/install.js Diff File

MantisBT: master 624f9057

2017-05-10 06:59:03

dregad

Details Diff
Install: fix layout of check and options sections

Incorrect closing of tables and divs within the various conditional
blocks caused the title of the 'Installation Options' section to be
displayed as a "sub-table" under the 'Checking Installation' section,
followed by the actual install checks and finally the list of
installation options.

This commit moves the closing tags as appropriate, so that
- checks are listed as a table under 'Checking Installation' section
- 'Installation Options' is displayed as an independent section below
the checks

Fixes 0022850
Affected Issues
0022850, 0022985
mod - admin/install.php Diff File

MantisBT: master cf89c0fa

2017-05-10 06:38:36

dregad

Details Diff
Use proper input type 'text' instead of 'textbox'

This allows the correct Modern UI style to be applied.

Fixes 0022850
Affected Issues
0022850
mod - admin/install.php Diff File

MantisBT: master 119adddc

2017-05-10 05:23:34

dregad

Details Diff
Install: preview table name

Adds a preview to show what actual table names will look like as the
administrator changes the table prefix and suffix fields.

Fixes 0022851
Affected Issues
0022851
mod - admin/install.php Diff File
mod - js/install.js Diff File

MantisBT: master f49b8489

2017-05-07 04:21:18

dregad

Details Diff
Move definition of PHP_MIN_VERSION to constant_inc.php
Attach Issues:
mod - core/constant_inc.php Diff File
mod - core/php_api.php Diff File

MantisBT: master e78e7187

2017-05-07 04:15:28

dregad

Details Diff
Remove php_version_at_least() API function

Standard version_compare() function was introduced in PHP 4.1, and
should be used instead.

Fixes 0022842
Affected Issues
0022842
mod - core.php Diff File
mod - core/php_api.php Diff File

MantisBT: master 16b01b6e

2017-05-04 01:51:06

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_spanish.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_galician.txt Diff File

MantisBT: master 55fe1aad

2017-05-03 22:40:20

vboctor

Details Diff
Merge branch 'rest_api_improvements'

# Conflicts:
# api/soap/mc_issue_api.php
Attach Issues:
mod - api/rest/index.php Diff File
mod - api/rest/restcore/issues_rest.php Diff File
add - api/rest/restcore/projects_rest.php Diff File
mod - api/rest/restcore/users_rest.php Diff File
mod - api/soap/mc_api.php Diff File
mod - api/soap/mc_enum_api.php Diff File
mod - api/soap/mc_issue_api.php Diff File
mod - api/soap/mc_project_api.php Diff File
mod - api/soap/mc_tag_api.php Diff File
mod - composer.json Diff File
mod - composer.lock Diff File
mod - tests/bootstrap.php.sample Diff File
add - tests/rest/AllTests.php Diff File
add - tests/rest/RestBase.php Diff File
add - tests/rest/RestIssueAddTest.php Diff File
mod - tests/soap/FilterTest.php Diff File
mod - tests/soap/IssueAddTest.php Diff File
mod - tests/soap/IssueUpdateTest.php Diff File
mod - tests/soap/LoginTest.php Diff File

MantisBT: master 4fd21d00

2017-05-03 22:26:26

vboctor

Details Diff
Fix test cases for SOAP API
Attach Issues:
mod - api/soap/mc_api.php Diff File
mod - tests/soap/FilterTest.php Diff File
mod - tests/soap/IssueAddTest.php Diff File
mod - tests/soap/LoginTest.php Diff File

MantisBT: master 85f41b97

2017-05-02 02:02:33

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_chinese_simplified.txt Diff File
mod - lang/strings_spanish.txt Diff File

MantisBT: master 34996d1e

2017-04-30 14:47:32

vboctor

Details Diff
Update version to `2.5.0-dev`
Attach Issues:
mod - core/constant_inc.php Diff File

MantisBT: master d83c14a9

2017-04-30 14:08:52

vboctor

Details Diff
Bump version to `2.4.0`
Attach Issues:
mod - core/constant_inc.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master 4c04c261

2017-04-30 14:07:05

vboctor

Details Diff
Update credits
Attach Issues:
mod - doc/CREDITS Diff File

MantisBT: master 35f164d9

2017-04-30 14:04:34

vboctor

Details Diff
Merge remote-tracking branch 'origin/master-2.3'

# Conflicts:
# core/constant_inc.php
Attach Issues:
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master-2.3 afc31a63

2017-04-30 13:54:06

vboctor

Details Diff
Bump version to `2.3.2`
Attach Issues:
mod - core/constant_inc.php Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master 29cc2eb3

2017-04-29 21:29:54

badfiles

Details Diff
Fix required custom fields marker

- Fix required custom fields marker on bug_change_status_page.php
- Remove unused variables

Fixes 0021807
Affected Issues
0021807
mod - bug_change_status_page.php Diff File
mod - bug_report_page.php Diff File

MantisBT: master 7314c096

2017-04-28 01:09:33

vboctor

Details Diff
REST: Add support for getting all projects

- Add ability to get all projects accessible to user including
proj info, custom fields, categories and versions.
- Change users/me to return just accessible project ids and names, and not full info.
Attach Issues:
mod - api/rest/index.php Diff File
add - api/rest/restcore/projects_rest.php Diff File
mod - api/soap/mc_api.php Diff File
mod - api/soap/mc_project_api.php Diff File
 First  Prev  1 2 3 ... 61 62 63 64 65 66 67 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 657 658 659  Next  Last