Search Changesets

MantisBT: master 9ef8f23a

2020-06-22 02:55

dregad


Details Diff
Fix XSS in view_all_bug_page.php (CVE-2020-16266)

Hanno Boeck reported a stored cross-site scripting (XSS) vulnerability,
originally discovered by Jaime Andres Restrepo.

Improper escaping on view_all_bug_page.php allowed a remote attacker to
inject arbitrary HTML into the page by saving it into a text Custom
Field, leading to possible code execution in the browser of any user
subsequently viewing the issue (if CSP settings allow it).

Prevent the attack by properly escaping the custom field's contents
before display.

Fixes 0027056
Affected Issues
0027056
mod - core/filter_form_api.php Diff File

MantisBT: master b44c09c1

2020-06-18 11:19

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_polish.txt Diff File

MantisBT: dependabot/composer/guzzlehttp/guzzle-6.5.5 f8ce05ed

2020-06-16 22:25

dependabot-preview[bot]


Details Diff
Bump guzzlehttp/guzzle from 6.5.4 to 6.5.5

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.4 to 6.5.5.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.4...6.5.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
mod - composer.lock Diff File

MantisBT: master 5a96213e

2020-06-11 21:25

vboctor


Details Diff
Create a Cronjob script and plugin event

This way there is one cronjob script to execute which triggers an event, then all plugins can hook into it.

Fixes 0027882
Affected Issues
0027882
mod - core/events_inc.php Diff File
mod - docbook/Developers_Guide/en-US/Events_Reference.xml Diff File
add - scripts/cronjob.php Diff File

MantisBT: master efb44e48

2020-06-11 09:26

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_belarusian_tarask.txt Diff File
mod - lang/strings_portuguese_standard.txt Diff File

MantisBT: master 6f340058

2020-06-08 07:08

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_chinese_simplified.txt Diff File

MantisBT: master 5100efa1

2020-06-04 07:51

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_hungarian.txt Diff File

MantisBT: master 778af390

2020-06-03 01:17

dependabot-preview[bot]


Details Diff
Bump guzzlehttp/guzzle from 6.5.3 to 6.5.4

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.4/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.3...6.5.4)

Fixes 0026919, PR https://github.com/mantisbt/mantisbt/pull/1675

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Affected Issues
0026919
mod - composer.lock Diff File

MantisBT: master f9a43406

2020-06-03 00:57

dregad


Details Diff
Merge branch 'master-2.24'

# Conflicts:
# composer.lock
# core/constant_inc.php
mod - composer.lock Diff File
mod - docbook/Admin_Guide/en-US/Revision_History.xml Diff File
mod - docbook/Developers_Guide/en-US/Revision_History.xml Diff File

MantisBT: master-2.24 2fc66610

2020-06-03 00:55

dregad


Details Diff
Bump phpmailer/phpmailer from 6.1.5 to 6.1.6

Includes security fix for CVE-2020-13625: Insufficient output escaping
of attachment names [1]

- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](PHPMailer/PHPMailer@v6.1.5...v6.1.6)

Fixes 0027003

[1]: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
Affected Issues
0027003
mod - composer.lock Diff File

MantisBT: master b1d78e73

2020-06-01 12:33

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_arabic.txt Diff File
mod - lang/strings_luxembourgish.txt Diff File
mod - lang/strings_zazaki.txt Diff File

MantisBT: master b162f8fb

2020-05-28 07:56

maturbet


Details Diff
Fix TOO_MANY_REDIRECTS on bug_report_page.php

There is a redirection loop on bug_report_page.php, when the default
project rights have been removed for a viewer user.

Fixes 0026988
Affected Issues
0026988
mod - bug_report_page.php Diff File

MantisBT: dependabot/composer/phpmailer/phpmailer-6.1.6 51d28833

2020-05-27 11:14

dependabot-preview[bot]


Details Diff
[Security] Bump phpmailer/phpmailer from 6.1.5 to 6.1.6

Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.1.5 to 6.1.6. **This update includes a security fix.**
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.1.5...v6.1.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
mod - composer.lock Diff File

MantisBT: master 28163284

2020-05-26 07:09

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_eo.txt Diff File
mod - lang/strings_korean.txt Diff File
mod - lang/strings_macedonian.txt Diff File
mod - lang/strings_russian.txt Diff File
mod - lang/strings_turkish.txt Diff File

MantisBT: master cd2246c5

2020-05-25 23:38

dregad


Details Diff
MantisGraph: Update chart.js to 2.9.3

Fixes 0027124
Affected Issues
0027124
mod - plugins/MantisGraph/MantisGraph.php Diff File
rm - plugins/MantisGraph/files/Chart-2.8.0.min.js Diff
add - plugins/MantisGraph/files/Chart-2.9.3.min.js Diff File

MantisBT: master 4e82e3a5

2020-05-25 23:36

dregad


Details Diff
MantisGraph: stop using chart.js bundled build

The plugin currently links both chart.js and chart-bundle.js, which is
not necessary. The latter includes Moment.js, which is already part of
MantisBT since 2.0 (see layout_body_javascript() function), so using
the stand-alone build should be sufficient.

According to documentation [[1]] this could cause compatibility issues.

Fixes 0027123

[1]: https://www.chartjs.org/docs/latest/getting-started/installation.html#bundled-build
Affected Issues
0027123
mod - plugins/MantisGraph/MantisGraph.php Diff File
rm - plugins/MantisGraph/files/Chart.bundle-2.8.0.min.js Diff

MantisBT: dependabot/composer/guzzlehttp/guzzle-6.5.4 3eace93f

2020-05-25 22:41

dependabot-preview[bot]


Details Diff
Bump guzzlehttp/guzzle from 6.5.3 to 6.5.4

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.4/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.3...6.5.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
mod - composer.lock Diff File

MantisBT: master a1453788

2020-05-25 08:42

dregad


Details Diff
MantisGraph: new method to load chart.js resources

Since MantisBT 2.8.0, MantisGraph only loads chart.js for its own pages.

This prevents other plugins from accessing these resources to publish
their own charts, unless they bundle chart.js themselves.

This commit exposes a dedicated public method include_chartjs() to
include the library, separately from the plugin's standard resources()
function.

Fixes 0027122
Affected Issues
0027122
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master 3aef726c

2020-05-23 18:57

vboctor


Details Diff
Fix handling of `allow_reporter_close`

Fixes 0026920
Affected Issues
0026920
mod - core/commands/IssueViewPageCommand.php Diff File

MantisBT: master af7f8dcb

2020-05-21 03:06

atrol


Details Diff
Composer: add required json extension

This avoids warnings in code inspection tools (e.g. PHPStorm).

Issue 0026974
Affected Issues
0026974
mod - composer.json Diff File

MantisBT: master 8e068784

2020-05-21 02:49

atrol


Details Diff
Add missing required PHP extensions to documentation

Issue 0026974
Affected Issues
0026974
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File

MantisBT: master 8d8d40e0

2020-05-21 02:40

atrol


Details Diff
Check for PHP json extension in admin checks

Fixes 0026974
Affected Issues
0026974
mod - admin/check/check_php_inc.php Diff File

MantisBT: master ef6160ff

2020-05-18 12:33

atrol


Details Diff
Remove get_magic_quotes_* checks

Our minimum supported PHP version is 5.5.0.

Starting from PHP 5.4.0, get_magic_quotes_runtime and get_magic_quotes_gpc
always return FALSE, as the magic quotes feature was removed from PHP.
So the check is no longer needed.

Starting from 7.4.0 the functions have been deprecated.

Fixes 0026964
Affected Issues
0026964
mod - admin/check/check_php_inc.php Diff File

MantisBT: master 9e6667c3

2020-05-18 06:07

translatewiki.net


Details Diff
Localisation updates from https://translatewiki.net.
mod - lang/strings_japanese.txt Diff File
mod - lang/strings_persian.txt Diff File
mod - lang/strings_spanish.txt Diff File

Tools: master 3112e131

2020-05-17 01:52

dregad


Details Diff
Do not abort if a plugin can't be updated

An error while executing the git command subprocess caused the whole
script to stop.

Taking advantage of new python3 subprocess.run() features, we catch the
exception and log the error, allowing the whole process to complete.
mod - get_all_repos.py Diff File
 First  Prev  1 2 3 ... 66 67 68 69 70 71 72 ... 140 ... 210 ... 280 ... 350 ... 420 ... 490 ... 560 ... 630 ... 700 ... 741 742 743  Next  Last