Search Changesets
MantisBT: master 11ab5edc 2017-05-20 09:36:27 Details Diff |
Merge remote-tracking branch 'origin/master-2.4' | ||
mod - core/bugnote_api.php | Diff File | ||
MantisBT: master 33e1230b 2017-05-20 08:16:56 MS-Astra Details Diff |
Fix moving issues with attachments Issues with attachments cannot be moved between projects with different upload directories when files are stored in file system. Add missing parameters to db_query() call in file_move_bug_attachments(). Fixes 0021994 |
Affected Issues 0021994 |
|
mod - core/file_api.php | Diff File | ||
MantisBT: master 486e1a7e 2017-05-20 05:57:34 Details Diff |
Only append query string to return URL when not blank The target URL for the 'Login' button in the breadcrumbs div had a trailing '?' due to appending QUERY_STRING even when no query params are defined. Adding a check to only add it when QUERY_STRING is not blank fixes the problem. Fixes 0022905 |
Affected Issues 0022905 |
|
mod - core/layout_api.php | Diff File | ||
MantisBT: master 0562a516 2017-05-20 05:34:34 Details Diff |
Merge branch 'i22702-csrf' | ||
mod - core/filter_api.php | Diff File | ||
mod - core/string_api.php | Diff File | ||
mod - permalink_page.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
MantisBT: master d3d5ddcf 2017-05-20 05:31:40 Details Diff |
Make sure db_insert_id() always returns an int db_result() returns a string in some cases. Typecasting the return value to int ensures we comply with the PHPDoc. Fixes 0022904 |
Affected Issues 0022904 |
|
mod - core/database_api.php | Diff File | ||
MantisBT: master b7f337de 2017-05-20 05:28:22 Details Diff |
Refactor db_insert_id() to use $g_db_functional_type Avoid multiple calls to db_is_xxx. |
||
mod - core/database_api.php | Diff File | ||
MantisBT: master 2d541e98 2017-05-20 04:59:17 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. |
Affected Issues 0022852 |
|
mod - lang/strings_bulgarian.txt | Diff File | ||
mod - lang/strings_chinese_simplified.txt | Diff File | ||
mod - lang/strings_german.txt | Diff File | ||
mod - lang/strings_russian.txt | Diff File | ||
MantisBT: master-1.3.x c4f50e5d 2017-05-19 11:48:57 Details Diff |
Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection (code changed from original commit) 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816 |
Affected Issues 0022702, 0022816 |
|
mod - core/filter_api.php | Diff File | ||
mod - core/string_api.php | Diff File | ||
mod - permalink_page.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
MantisBT: master-2.3 8b6787c8 2017-05-19 11:48:57 Details Diff |
Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816 |
Affected Issues 0022702, 0022816 |
|
mod - core/filter_api.php | Diff File | ||
mod - core/string_api.php | Diff File | ||
mod - permalink_page.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
MantisBT: master-2.4 2d2309a3 2017-05-19 11:48:57 Details Diff |
Fix CSRF vulnerability in permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). Backporting from master branch: - Add form security token to prevent such injection 0d11077d40c5dfdb76efdad9ba2b455af5be25a0 - Encode '\' in string_sanitize_url() 7b23377c573817c5fe8b522e8c33de8b1caff179 Fixes 0022702, 0022816 |
Affected Issues 0022702, 0022816 |
|
mod - core/filter_api.php | Diff File | ||
mod - core/string_api.php | Diff File | ||
mod - permalink_page.php | Diff File | ||
mod - tests/Mantis/StringTest.php | Diff File | ||
MantisBT: master b0c652f3 2017-05-15 19:32:52 Carlos Proensa Details Diff |
Make buttons visible only on hover over container Make some buttons visible only when hovering over it's container. Applied to: adm_config_report.php, view.php (bugnotes) Fixes: 0022872 |
Affected Issues 0022872 |
|
mod - adm_config_report.php | Diff File | ||
mod - bugnote_view_inc.php | Diff File | ||
mod - js/common.js | Diff File | ||
MantisBT: master aee0080d 2017-05-15 18:40:05 Carlos Proensa Details Diff |
Add margin css to single button forms Add margin between buttons generated by print_form_button(), to be consistent with the general styling of inline buttons in a general form. Fixes: 0022870 |
Affected Issues 0022870 |
|
mod - core/print_api.php | Diff File | ||
mod - css/ace-mantis.css | Diff File | ||
MantisBT: master a0aa8078 2017-05-15 18:22:55 Details Diff |
Make single button forms flow inlined Add inline class to single button forms. Now it should not be needed to "pull-left" to place several buttons in line. Fixes: 0022871 |
Affected Issues 0022871 |
|
mod - core/print_api.php | Diff File | ||
MantisBT: master cf972ca1 2017-05-15 18:01:32 Details Diff |
Use button tag for print_form_button() Use 'button' tag instead of 'input', to offer better customization for labels and icons. |
||
mod - core/print_api.php | Diff File | ||
MantisBT: master c0903f25 2017-05-15 07:55:00 Details Diff |
Fix 0022868: typo in variable name |
Affected Issues 0022868 |
|
mod - core/html_api.php | Diff File | ||
MantisBT: master 06e76774 2017-05-15 04:33:39 Details Diff |
Improve db_fetch_array performance Improve db_fetch_array performance by caching the result from: - db_is_pgsql() - db_is_oracle() Based on profiling, the repeated calls were using up to 20% of total time for the db_fetch_array execution. Fixes 0021871, PR https://github.com/mantisbt/mantisbt/pull/1105 |
Affected Issues 0021871 |
|
mod - core/constant_inc.php | Diff File | ||
mod - core/database_api.php | Diff File | ||
MantisBT: master-2.4 a64a0d22 2017-05-15 00:32:02 Details Diff |
Fixes markdown formating for notes column The 3 dashes marked the notes above it as a markdown header. Fix is to use `=-=` instead. Fixes 0022867 |
Affected Issues 0022867 |
|
mod - core/bugnote_api.php | Diff File | ||
MantisBT: master-2.4 8dad4e18 2017-05-14 23:43:55 Details Diff |
Fix CSV and Excel export when markdown is enabled The output for CSV and Excel included paragraph html tags which polluted the output and corrupted Excel output when there are numeric custom fields. This was caused by calling html processing when getting the value of custom fields. The fix is to have the retrieval of custom field values not process it for any output and have the calling code do the appropriate processing. The code also now does processing based on the custom field type rather than treating types all as string. Fixes 0022428 |
Affected Issues 0022428 |
|
mod - core/cfdefs/cfdef_standard.php | Diff File | ||
mod - core/classes/MantisColumn.class.php | Diff File | ||
mod - core/csv_api.php | Diff File | ||
mod - core/custom_field_api.php | Diff File | ||
mod - core/excel_api.php | Diff File | ||
mod - csv_export.php | Diff File | ||
mod - excel_xml_export.php | Diff File | ||
MantisBT: master 241ff4eb 2017-05-13 18:53:15 Details Diff |
Add test for '\' encoding in in string_sanitize_url() Issue 0022702 |
Affected Issues 0022702 |
|
mod - tests/Mantis/StringTest.php | Diff File | ||
MantisBT: master f6644090 2017-05-13 18:47:13 Details Diff |
Encode '\' in string_sanitize_url() As an extra safety measure following up on the fix for CVE-2017-7620, we encode the backslashes in the 'script' part of the URL to ensure that the sanitized URL is treated as a path relative to MantisBT root and not a link to an external site if the URL begins with an escaped `/`. This reduces the risk of someone being able to use the same attack vector in another page. Fixes 0022702, 0022816 |
Affected Issues 0022702, 0022816 |
|
mod - core/string_api.php | Diff File | ||
MantisBT: master f21b56fa 2017-05-13 18:45:04 Details Diff |
Add form security token to permalink_page.php John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org reported a CSRF vulnerability in permalink_page.php, allowing an attacker to inject arbitrary links (CVE-2017-7620). The security token prevents such injection. Fixes 0022702 |
Affected Issues 0022702 |
|
mod - core/filter_api.php | Diff File | ||
mod - permalink_page.php | Diff File | ||
MantisBT: master b0b56c82 2017-05-13 18:11:53 Details Diff |
Fix system notice on login page with BASIC_AUTH Undefined index: REMOTE_USER in authentication_api.php line 337 Fixes 0022865 |
Affected Issues 0022865 |
|
mod - core/authentication_api.php | Diff File | ||
MantisBT: master cbdf5661 2017-05-13 17:59:08 Details Diff |
Fix .mailmap for Carlos | ||
mod - .mailmap | Diff File | ||
MantisBT: master 0316eb9b 2017-05-13 08:38:51 Details Diff |
Fix PHPDoc for print_link_button() Fix order of parameters Fixes 0022864 |
Affected Issues 0022864 |
|
mod - core/print_api.php | Diff File | ||
MantisBT: master 3b21c7c6 2017-05-11 02:43:58 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
mod - lang/strings_greek.txt | Diff File | ||
mod - lang/strings_polish.txt | Diff File | ||
mod - lang/strings_russian.txt | Diff File | ||
mod - lang/strings_spanish.txt | Diff File | ||
mod - lang/strings_swedish.txt | Diff File | ||
mod - plugins/MantisCoreFormatting/lang/strings_japanese.txt | Diff File | ||
mod - plugins/MantisCoreFormatting/lang/strings_swedish.txt | Diff File | ||
mod - plugins/MantisGraph/lang/strings_swedish.txt | Diff File | ||
mod - plugins/XmlImportExport/lang/strings_serbian.txt | Diff File |