Search Changesets

MantisBT: master 11ab5edc

2017-05-20 09:36:27

dregad

Details Diff
Merge remote-tracking branch 'origin/master-2.4'
Attach Issues:
mod - core/bugnote_api.php Diff File

MantisBT: master 33e1230b

2017-05-20 08:16:56

MS-Astra

Details Diff
Fix moving issues with attachments

Issues with attachments cannot be moved between projects with different
upload directories when files are stored in file system.

Add missing parameters to db_query() call in file_move_bug_attachments().

Fixes 0021994
Affected Issues
0021994
mod - core/file_api.php Diff File

MantisBT: master 486e1a7e

2017-05-20 05:57:34

dregad

Details Diff
Only append query string to return URL when not blank

The target URL for the 'Login' button in the breadcrumbs div had a
trailing '?' due to appending QUERY_STRING even when no query params
are defined.

Adding a check to only add it when QUERY_STRING is not blank fixes the
problem.

Fixes 0022905
Affected Issues
0022905
mod - core/layout_api.php Diff File

MantisBT: master 0562a516

2017-05-20 05:34:34

dregad

Details Diff
Merge branch 'i22702-csrf'
Attach Issues:
mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File

MantisBT: master d3d5ddcf

2017-05-20 05:31:40

dregad

Details Diff
Make sure db_insert_id() always returns an int

db_result() returns a string in some cases. Typecasting the return
value to int ensures we comply with the PHPDoc.

Fixes 0022904
Affected Issues
0022904
mod - core/database_api.php Diff File

MantisBT: master b7f337de

2017-05-20 05:28:22

dregad

Details Diff
Refactor db_insert_id() to use $g_db_functional_type

Avoid multiple calls to db_is_xxx.
Attach Issues:
mod - core/database_api.php Diff File

MantisBT: master 2d541e98

2017-05-20 04:59:17

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net. Affected Issues
0022852
mod - lang/strings_bulgarian.txt Diff File
mod - lang/strings_chinese_simplified.txt Diff File
mod - lang/strings_german.txt Diff File
mod - lang/strings_russian.txt Diff File

MantisBT: master-1.3.x c4f50e5d

2017-05-19 11:48:57

dregad

Details Diff
Fix CSRF vulnerability in permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

Backporting from master branch:
- Add form security token to prevent such injection (code changed from
original commit) 0d11077d40c5dfdb76efdad9ba2b455af5be25a0
- Encode '\' in string_sanitize_url()
7b23377c573817c5fe8b522e8c33de8b1caff179

Fixes 0022702, 0022816
Affected Issues
0022702, 0022816
mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File

MantisBT: master-2.3 8b6787c8

2017-05-19 11:48:57

dregad

Details Diff
Fix CSRF vulnerability in permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

Backporting from master branch:
- Add form security token to prevent such injection
0d11077d40c5dfdb76efdad9ba2b455af5be25a0
- Encode '\' in string_sanitize_url()
7b23377c573817c5fe8b522e8c33de8b1caff179

Fixes 0022702, 0022816
Affected Issues
0022702, 0022816
mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File

MantisBT: master-2.4 2d2309a3

2017-05-19 11:48:57

dregad

Details Diff
Fix CSRF vulnerability in permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

Backporting from master branch:
- Add form security token to prevent such injection
0d11077d40c5dfdb76efdad9ba2b455af5be25a0
- Encode '\' in string_sanitize_url()
7b23377c573817c5fe8b522e8c33de8b1caff179

Fixes 0022702, 0022816
Affected Issues
0022702, 0022816
mod - core/filter_api.php Diff File
mod - core/string_api.php Diff File
mod - permalink_page.php Diff File
mod - tests/Mantis/StringTest.php Diff File

MantisBT: master b0c652f3

2017-05-15 19:32:52

Carlos Proensa

Details Diff
Make buttons visible only on hover over container

Make some buttons visible only when hovering over it's container.

Applied to: adm_config_report.php, view.php (bugnotes)

Fixes: 0022872
Affected Issues
0022872
mod - adm_config_report.php Diff File
mod - bugnote_view_inc.php Diff File
mod - js/common.js Diff File

MantisBT: master aee0080d

2017-05-15 18:40:05

Carlos Proensa

Details Diff
Add margin css to single button forms

Add margin between buttons generated by print_form_button(), to be
consistent with the general styling of inline buttons in a general form.

Fixes: 0022870
Affected Issues
0022870
mod - core/print_api.php Diff File
mod - css/ace-mantis.css Diff File

MantisBT: master a0aa8078

2017-05-15 18:22:55

cproensa

Details Diff
Make single button forms flow inlined

Add inline class to single button forms.
Now it should not be needed to "pull-left" to place several buttons in
line.

Fixes: 0022871
Affected Issues
0022871
mod - core/print_api.php Diff File

MantisBT: master cf972ca1

2017-05-15 18:01:32

cproensa

Details Diff
Use button tag for print_form_button()

Use 'button' tag instead of 'input', to offer better customization for
labels and icons.
Attach Issues:
mod - core/print_api.php Diff File

MantisBT: master c0903f25

2017-05-15 07:55:00

dregad

Details Diff
Fix 0022868: typo in variable name Affected Issues
0022868
mod - core/html_api.php Diff File

MantisBT: master 06e76774

2017-05-15 04:33:39

dregad

Details Diff
Improve db_fetch_array performance

Improve db_fetch_array performance by caching the result from:
- db_is_pgsql()
- db_is_oracle()

Based on profiling, the repeated calls were using up to 20% of total
time for the db_fetch_array execution.

Fixes 0021871, PR https://github.com/mantisbt/mantisbt/pull/1105
Affected Issues
0021871
mod - core/constant_inc.php Diff File
mod - core/database_api.php Diff File

MantisBT: master-2.4 a64a0d22

2017-05-15 00:32:02

vboctor

Details Diff
Fixes markdown formating for notes column

The 3 dashes marked the notes above it as a markdown header. Fix is to use `=-=` instead.

Fixes 0022867
Affected Issues
0022867
mod - core/bugnote_api.php Diff File

MantisBT: master-2.4 8dad4e18

2017-05-14 23:43:55

vboctor

Details Diff
Fix CSV and Excel export when markdown is enabled

The output for CSV and Excel included paragraph html tags which polluted
the output and corrupted Excel output when there are numeric custom fields.

This was caused by calling html processing when getting the value of custom fields.

The fix is to have the retrieval of custom field values not process it for any output
and have the calling code do the appropriate processing. The code also now does
processing based on the custom field type rather than treating types all as string.

Fixes 0022428
Affected Issues
0022428
mod - core/cfdefs/cfdef_standard.php Diff File
mod - core/classes/MantisColumn.class.php Diff File
mod - core/csv_api.php Diff File
mod - core/custom_field_api.php Diff File
mod - core/excel_api.php Diff File
mod - csv_export.php Diff File
mod - excel_xml_export.php Diff File

MantisBT: master 241ff4eb

2017-05-13 18:53:15

dregad

Details Diff
Add test for '\' encoding in in string_sanitize_url()

Issue 0022702
Affected Issues
0022702
mod - tests/Mantis/StringTest.php Diff File

MantisBT: master f6644090

2017-05-13 18:47:13

dregad

Details Diff
Encode '\' in string_sanitize_url()

As an extra safety measure following up on the fix for CVE-2017-7620, we
encode the backslashes in the 'script' part of the URL to ensure that
the sanitized URL is treated as a path relative to MantisBT root and not
a link to an external site if the URL begins with an escaped `/`.

This reduces the risk of someone being able to use the same attack
vector in another page.

Fixes 0022702, 0022816
Affected Issues
0022702, 0022816
mod - core/string_api.php Diff File

MantisBT: master f21b56fa

2017-05-13 18:45:04

dregad

Details Diff
Add form security token to permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

The security token prevents such injection.

Fixes 0022702
Affected Issues
0022702
mod - core/filter_api.php Diff File
mod - permalink_page.php Diff File

MantisBT: master b0b56c82

2017-05-13 18:11:53

dregad

Details Diff
Fix system notice on login page with BASIC_AUTH

Undefined index: REMOTE_USER in authentication_api.php line 337

Fixes 0022865
Affected Issues
0022865
mod - core/authentication_api.php Diff File

MantisBT: master cbdf5661

2017-05-13 17:59:08

dregad

Details Diff
Fix .mailmap for Carlos
Attach Issues:
mod - .mailmap Diff File

MantisBT: master 0316eb9b

2017-05-13 08:38:51

cproensa

Details Diff
Fix PHPDoc for print_link_button()

Fix order of parameters

Fixes 0022864
Affected Issues
0022864
mod - core/print_api.php Diff File

MantisBT: master 3b21c7c6

2017-05-11 02:43:58

translatewiki.net

Details Diff
Localisation updates from https://translatewiki.net.
Attach Issues:
mod - lang/strings_greek.txt Diff File
mod - lang/strings_polish.txt Diff File
mod - lang/strings_russian.txt Diff File
mod - lang/strings_spanish.txt Diff File
mod - lang/strings_swedish.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_japanese.txt Diff File
mod - plugins/MantisCoreFormatting/lang/strings_swedish.txt Diff File
mod - plugins/MantisGraph/lang/strings_swedish.txt Diff File
mod - plugins/XmlImportExport/lang/strings_serbian.txt Diff File
 First  Prev  1 2 3 ... 62 63 64 65 66 67 68 ... 70 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 659 660 661  Next  Last