diff options
-rw-r--r-- | Bugzilla/Bug.pm | 7 | ||||
-rw-r--r-- | Bugzilla/BugUrl/JIRA.pm | 2 | ||||
-rw-r--r-- | Bugzilla/Install/DB.pm | 31 | ||||
-rw-r--r-- | template/en/default/bug/dependency-tree.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/pages/release-notes.html.tmpl | 12 |
5 files changed, 45 insertions, 11 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 2361e7343..5fb4551e4 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2866,14 +2866,13 @@ sub add_see_also { $class->check_required_create_fields($params); my $field_values = $class->run_create_validators($params); - $uri = $field_values->{value}; - $field_values->{value} = $uri->as_string; + my $value = $field_values->{value}->as_string; + trick_taint($value); + $field_values->{value} = $value; # We only add the new URI if it hasn't been added yet. URIs are # case-sensitive, but most of our DBs are case-insensitive, so we do # this check case-insensitively. - my $value = $uri->as_string; - if (!grep { lc($_->name) eq lc($value) } @{ $self->see_also }) { my $privs; my $can = $self->check_can_change_field('see_also', '', $value, \$privs); diff --git a/Bugzilla/BugUrl/JIRA.pm b/Bugzilla/BugUrl/JIRA.pm index 97014e8a2..d0adcfed8 100644 --- a/Bugzilla/BugUrl/JIRA.pm +++ b/Bugzilla/BugUrl/JIRA.pm @@ -31,7 +31,7 @@ use Bugzilla::Util; sub should_handle { my ($class, $uri) = @_; - return ($uri->path =~ m|/browse/[A-Z]+-\d+$|) ? 1 : 0; + return ($uri->path =~ m|/browse/[A-Z][A-Z]+-\d+$|) ? 1 : 0; } sub _check_value { diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm index 622facdc4..a89be351c 100644 --- a/Bugzilla/Install/DB.pm +++ b/Bugzilla/Install/DB.pm @@ -3485,6 +3485,37 @@ sub _fix_series_indexes { return if $dbh->bz_index_info('series', 'series_category_idx'); $dbh->bz_drop_index('series', 'series_creator_idx'); + + # Fix duplicated names under the same category/subcategory before + # adding the more restrictive index. + my $duplicated_series = $dbh->selectall_arrayref( + 'SELECT s1.series_id, s1.category, s1.subcategory, s1.name + FROM series AS s1 + INNER JOIN series AS s2 + ON s1.category = s2.category + AND s1.subcategory = s2.subcategory + AND s1.name = s2.name + WHERE s1.series_id != s2.series_id'); + my $sth_series_update = $dbh->prepare('UPDATE series SET name = ? WHERE series_id = ?'); + my $sth_series_query = $dbh->prepare('SELECT 1 FROM series WHERE name = ? + AND category = ? AND subcategory = ?'); + + my %renamed_series; + foreach my $series (@$duplicated_series) { + my ($series_id, $category, $subcategory, $name) = @$series; + # Leave the first series alone, then rename duplicated ones. + if ($renamed_series{"${category}_${subcategory}_${name}"}++) { + print "Renaming series ${category}/${subcategory}/${name}...\n"; + my $c = 0; + my $exists = 1; + while ($exists) { + $sth_series_query->execute($name . ++$c, $category, $subcategory); + $exists = $sth_series_query->fetchrow_array; + } + $sth_series_update->execute($name . $c, $series_id); + } + } + $dbh->bz_add_index('series', 'series_creator_idx', ['creator']); $dbh->bz_add_index('series', 'series_category_idx', {FIELDS => [qw(category subcategory name)], TYPE => 'UNIQUE'}); diff --git a/template/en/default/bug/dependency-tree.html.tmpl b/template/en/default/bug/dependency-tree.html.tmpl index 6ae183f1f..10279f9b2 100644 --- a/template/en/default/bug/dependency-tree.html.tmpl +++ b/template/en/default/bug/dependency-tree.html.tmpl @@ -64,14 +64,14 @@ [% IF ids.size %] depends on [% ELSE %] - does not depend on any [% terms.bugs %]. + does not depend on any [% 'open ' IF hide_resolved %][% terms.bugs %]. [% END %] [% ELSIF type == 2 %] [% tree_name = "blocked_tree" %] [% IF ids.size %] blocks [% ELSE %] - does not block any [% terms.bugs %]. + does not block any [% 'open ' IF hide_resolved %][% terms.bugs %]. [% END %] [% END %] [% IF ids.size %] diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 41396f5ac..03df6911c 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -95,7 +95,7 @@ [% INCLUDE req_table reqs = OPTIONAL_MODULES new = ['Encode', 'Encode-Detect'] - updated = ['PatchReader'] + updated = ['PatchReader', 'Apache-SizeLimit'] include_feature = 1 %] <h3 id="v42_req_apache">Optional Apache Modules</h3> @@ -218,6 +218,10 @@ dependencies is now much faster.</li> <li><strong>Attachments:</strong> The encoding of text files can be automatically detected when uploading them as attachments.</li> + <li><strong>Attachments:</strong> Clickjacking could possibly occur in an attachment + Details page if a user attached a specially formatted HTML file. To fix this + potential problem, the Details page always displays the HTML source instead and + users can see rendered page by clicking on View.</li> <li><strong>Flags:</strong> Changing the requestee of a flag no longer changes the requester.</li> <li><strong>Reports:</strong> If JavaScript is enabled in your web browser, @@ -425,7 +429,7 @@ release:</p> <ul> - <li>The <kdb>B[% %]ug.create</kdb> WebService method now throws an error if you + <li>The <kbd>B[% %]ug.create</kbd> WebService method now throws an error if you pass a group name which doesn't exist. In [% terms.Bugzilla %] 4.0 and 4.0.1, this group name was silently ignored, leaving your [% terms.bug %] unsecure if no other group applied. @@ -436,7 +440,7 @@ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=663208">[% terms.Bug %] 663208</a>)</li> <li>Marking [% terms.abug %] as a duplicate now works in Internet Explorer 9. (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=656769">[% terms.Bug %] 656769</a>)</li> - <li><kdb>importxml.pl</kdb> no longer crashes when importing keywords (regressed + <li><kbd>importxml.pl</kbd> no longer crashes when importing keywords (regressed in 4.0). (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=657707">[% terms.Bug %] 657707</a>)</li> <li>Data entered while reporting a new [% terms.bug %] could be lost if you had @@ -449,7 +453,7 @@ <li>The XML-RPC interface now works with SOAP::Lite 0.711 and 0.712 under mod_perl. (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=600810">[% terms.Bug %] 600810</a>)</li> <li>LWP 6.00 and newer require Perl 5.8.8 and above. When installing this module - using <kdb>install-module.pl</kdb> on a Perl installation older than 5.8.8, + using <kbd>install-module.pl</kbd> on a Perl installation older than 5.8.8, LWP 5.837 will be installed instead. (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=655912">[% terms.Bug %] 655912</a>)</li> <li>Viewing [% terms.abug %] report should be significantly faster when your |