Search Changesets
|
MantisBT: master-2.24 826c1550 2020-09-19 05:39 Details Diff |
Whitespace | ||
| mod - manage_proj_cat_update.php | Diff File | ||
|
MantisBT: master-2.24 7fc2a11f 2020-09-19 03:43 Details Diff |
Prevent sending reminders to unauthorized users Adds a check in bug_reminder.php to ensure that all the recipients have the required access level to receive them (reminder_receive_threshold). Fixes 0027276 |
Affected Issues 0027276 |
|
| mod - bug_reminder.php | Diff File | ||
|
MantisBT: master 3b513dca 2020-09-19 00:59 Details Diff |
New generic 'login' string, remove duplicates There were several language strings defined for the same label: click_to_login, login_button, login_link. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - core/access_api.php | Diff File | ||
| mod - core/layout_api.php | Diff File | ||
| mod - core/print_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - login_page.php | Diff File | ||
| mod - login_password_page.php | Diff File | ||
| mod - lost_pwd_page.php | Diff File | ||
| mod - signup_page.php | Diff File | ||
|
MantisBT: master e996db61 2020-09-19 00:53 Details Diff |
New generic 'add' string, remove duplicates There were several language strings defined for the same label: add_user_to_monitor, add_new_relationship_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - bug_view_inc.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master 2b356794 2020-09-19 00:48 Details Diff |
New generic 'close' string, remove duplicates There were several language strings defined for the same label: actiongroup_menu_close, close_bug_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - bug_view_inc.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master e40727d4 2020-09-19 00:43 Details Diff |
New generic 'move' string, remove duplicates There were several language strings defined for the same label: actiongroup_menu_move, move_bug_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - bug_view_inc.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master 4ce60173 2020-09-19 00:37 Details Diff |
Regroup generic action strings | ||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master 45657134 2020-09-19 00:35 Details Diff |
Remove unused language strings - switch and related constants (on, off) - vote_added_msg |
||
| mod - lang/strings_english.txt | Diff File | ||
|
MantisBT: master 4ece39a3 2020-09-19 00:23 Details Diff |
Remove duplicates of 'Update' string Using the generic update language string and removing duplicate plugin_update. |
||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_plugin_page.php | Diff File | ||
|
MantisBT: master 5a37a796 2020-09-19 00:06 Details Diff |
New generic 'delete' string, remove duplicates There were several language strings defined for the same label: actiongroup_menu_delete, delete_attachment_button, delete_bug_button, delete_filter_button, delete_link, delete_relationship_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - adm_config_delete.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - bug_file_delete.php | Diff File | ||
| mod - bug_relationship_delete.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/bug_group_action_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
|
MantisBT: master 0a8eaa71 2020-09-18 23:58 Details Diff |
New generic 'edit' string, remove duplicates There were several language strings defined for the same label: edit_link, bugnote_edit_link, update_bug_button. Adding a new generic short string and replace all occurences of the old ones in the code. |
||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - adm_config_report.php | Diff File | ||
| mod - bug_update_page.php | Diff File | ||
| mod - bug_view_inc.php | Diff File | ||
| mod - bugnote_view_inc.php | Diff File | ||
| mod - core/columns_api.php | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - manage_filter_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
| mod - my_view_inc.php | Diff File | ||
| mod - news_update.php | Diff File | ||
| mod - proj_doc_page.php | Diff File | ||
|
MantisBT: master-2.24 1e0de68e 2020-09-18 23:42 Details Diff |
Avoid testing the same thing twice Refactored the code so the global access check to edit tags is performed only once. |
||
| mod - tag_update.php | Diff File | ||
|
MantisBT: master 07b91f3c 2020-09-18 15:18 Details Diff |
Profiles refactoring and enhancements Merge PR https://github.com/mantisbt/mantisbt/pull/1698 |
||
| mod - account_prof_edit_page.php | Diff File | ||
| mod - account_prof_menu_page.php | Diff File | ||
| mod - account_prof_update.php | Diff File | ||
| mod - api/soap/mc_api.php | Diff File | ||
| mod - core/filter_form_api.php | Diff File | ||
| mod - core/profile_api.php | Diff File | ||
| mod - css/ace-mantis.css | Diff File | ||
| mod - lang/strings_english.txt | Diff File | ||
| mod - lost_pwd_page.php | Diff File | ||
| mod - news_menu_page.php | Diff File | ||
| mod - print_all_bug_page_word.php | Diff File | ||
|
MantisBT: master-2.24 fe3a91cb 2020-09-18 09:00 Details Diff |
Plugin update: validate Priority parameter Plugin Priority must be a number from 1 to 5. Trigger an error if the parameter's value is outside of that range. Fixes 0027284 |
Affected Issues 0027284 |
|
| mod - manage_plugin_update.php | Diff File | ||
|
MantisBT: master-2.24 8d9fbb58 2020-09-18 08:48 Details Diff |
manage_plugin_update.php: use DbQuery | ||
| mod - manage_plugin_update.php | Diff File | ||
|
MantisBT: master 97ea7453 2020-09-14 07:04 translatewiki.net Details Diff |
Localisation updates from https://translatewiki.net. | ||
| mod - lang/strings_turkish.txt | Diff File | ||
|
MantisBT: master-2.24 f2b0f843 2020-09-12 12:25 Details Diff |
Fix PHPStorm undefined variable warnings | ||
| mod - file_download.php | Diff File | ||
|
MantisBT: master-2.24 34199561 2020-09-12 12:24 Details Diff |
Improve PHPDoc for file_get_visible_attachments() | ||
| mod - core/file_api.php | Diff File | ||
|
MantisBT: master-2.24 9de20c09 2020-09-12 12:21 Details Diff |
Check ability to download attachments at bugnote level This prevents users authorized to download attachments but not to view private bugnotes, from accessing files attached to a private note via `file_download.php?file_id={FILE_ID}&type=bug` (CVE-2020-25781). Includes some minor code cleanup in file_get_visible_attachments(): - use a foreach loop - reuse variables instead of derefenrcing array Fixes 0027039 |
Affected Issues 0027039 |
|
| mod - core/file_api.php | Diff File | ||
| mod - file_download.php | Diff File | ||
|
MantisBT: master-2.24 5595c90f 2020-09-12 12:09 Details Diff |
Functions to check view/download ability at bugnote level 2 new File API functions: - file_can_view_bugnote_attachments() - file_can_download_bugnote_attachments Prerequisite to fix issue 0027039 |
Affected Issues 0027039 |
|
| mod - core/file_api.php | Diff File | ||
|
MantisBT: master-2.24 90b83956 2020-09-12 12:04 Details Diff |
New file_can_view_or_download() function file_can_view_bug_attachments() and file_can_download_bug_attachments() have nearly identical code, the only difference being the names of the configs. Adding a new internal File API function to avoid code duplication. Fixes 0027299 |
Affected Issues 0027299 |
|
| mod - core/file_api.php | Diff File | ||
|
MantisBT: master-2.24 221cf323 2020-09-12 02:20 Details Diff |
Fix XSS in Custom Field regex pattern validation Improper escaping of the custom field definition's Regular Expression allowed an attacker to inject HTML into the page (CVE-2020-25288). Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding. Fixes 0027275 |
Affected Issues 0027275 |
|
| mod - core/cfdefs/cfdef_standard.php | Diff File | ||
|
MantisBT: master c776e54d 2020-09-10 20:14 Details Diff |
Regroup the 2 subprojects sections into one There is now a single section allowing to create a new subproject or add an existing project as subproject, and list/edit/remove existing subprojects. Fixes 0030423 |
Affected Issues 0030423 |
|
| mod - manage_proj_edit_page.php | Diff File | ||
|
MantisBT: master 6db5ae6a 2020-09-10 13:27 Details Diff |
Move Delete button to form footer: Version Using the HTML5 button's `formaction` property we can get rid of the separate form that caused the button to be displayed below the Edit box, and put the Delete button in the main form's footer. Fixes 0027274 |
Affected Issues 0027274 |
|
| mod - manage_proj_ver_delete.php | Diff File | ||
| mod - manage_proj_ver_edit_page.php | Diff File | ||
|
MantisBT: master aaa671c2 2020-09-10 12:50 Details Diff |
Move Delete button to form footer: Category Using the HTML5 button's `formaction` property we can get rid of the separate form that caused the button to be displayed below the Edit box, and put the Delete button in the main form's footer This required the following changes - renaming the form parameter from `id` to `category_id` - using the same CSRF token `manage_proj_cat_update` for deletion Fixes 0027274 |
Affected Issues 0027274 |
|
| mod - manage_proj_cat_add.php | Diff File | ||
| mod - manage_proj_cat_delete.php | Diff File | ||
| mod - manage_proj_cat_edit_page.php | Diff File | ||
| mod - manage_proj_edit_page.php | Diff File | ||
| mod - manage_proj_page.php | Diff File | ||
