summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Bug.pm7
-rw-r--r--Bugzilla/BugUrl/JIRA.pm2
-rw-r--r--Bugzilla/Install/DB.pm31
-rw-r--r--template/en/default/bug/dependency-tree.html.tmpl4
-rw-r--r--template/en/default/pages/release-notes.html.tmpl12
5 files changed, 45 insertions, 11 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 2361e7343..5fb4551e4 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -2866,14 +2866,13 @@ sub add_see_also {
$class->check_required_create_fields($params);
my $field_values = $class->run_create_validators($params);
- $uri = $field_values->{value};
- $field_values->{value} = $uri->as_string;
+ my $value = $field_values->{value}->as_string;
+ trick_taint($value);
+ $field_values->{value} = $value;
# We only add the new URI if it hasn't been added yet. URIs are
# case-sensitive, but most of our DBs are case-insensitive, so we do
# this check case-insensitively.
- my $value = $uri->as_string;
-
if (!grep { lc($_->name) eq lc($value) } @{ $self->see_also }) {
my $privs;
my $can = $self->check_can_change_field('see_also', '', $value, \$privs);
diff --git a/Bugzilla/BugUrl/JIRA.pm b/Bugzilla/BugUrl/JIRA.pm
index 97014e8a2..d0adcfed8 100644
--- a/Bugzilla/BugUrl/JIRA.pm
+++ b/Bugzilla/BugUrl/JIRA.pm
@@ -31,7 +31,7 @@ use Bugzilla::Util;
sub should_handle {
my ($class, $uri) = @_;
- return ($uri->path =~ m|/browse/[A-Z]+-\d+$|) ? 1 : 0;
+ return ($uri->path =~ m|/browse/[A-Z][A-Z]+-\d+$|) ? 1 : 0;
}
sub _check_value {
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index 622facdc4..a89be351c 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -3485,6 +3485,37 @@ sub _fix_series_indexes {
return if $dbh->bz_index_info('series', 'series_category_idx');
$dbh->bz_drop_index('series', 'series_creator_idx');
+
+ # Fix duplicated names under the same category/subcategory before
+ # adding the more restrictive index.
+ my $duplicated_series = $dbh->selectall_arrayref(
+ 'SELECT s1.series_id, s1.category, s1.subcategory, s1.name
+ FROM series AS s1
+ INNER JOIN series AS s2
+ ON s1.category = s2.category
+ AND s1.subcategory = s2.subcategory
+ AND s1.name = s2.name
+ WHERE s1.series_id != s2.series_id');
+ my $sth_series_update = $dbh->prepare('UPDATE series SET name = ? WHERE series_id = ?');
+ my $sth_series_query = $dbh->prepare('SELECT 1 FROM series WHERE name = ?
+ AND category = ? AND subcategory = ?');
+
+ my %renamed_series;
+ foreach my $series (@$duplicated_series) {
+ my ($series_id, $category, $subcategory, $name) = @$series;
+ # Leave the first series alone, then rename duplicated ones.
+ if ($renamed_series{"${category}_${subcategory}_${name}"}++) {
+ print "Renaming series ${category}/${subcategory}/${name}...\n";
+ my $c = 0;
+ my $exists = 1;
+ while ($exists) {
+ $sth_series_query->execute($name . ++$c, $category, $subcategory);
+ $exists = $sth_series_query->fetchrow_array;
+ }
+ $sth_series_update->execute($name . $c, $series_id);
+ }
+ }
+
$dbh->bz_add_index('series', 'series_creator_idx', ['creator']);
$dbh->bz_add_index('series', 'series_category_idx',
{FIELDS => [qw(category subcategory name)], TYPE => 'UNIQUE'});
diff --git a/template/en/default/bug/dependency-tree.html.tmpl b/template/en/default/bug/dependency-tree.html.tmpl
index 6ae183f1f..10279f9b2 100644
--- a/template/en/default/bug/dependency-tree.html.tmpl
+++ b/template/en/default/bug/dependency-tree.html.tmpl
@@ -64,14 +64,14 @@
[% IF ids.size %]
depends on
[% ELSE %]
- does not depend on any [% terms.bugs %].
+ does not depend on any [% 'open ' IF hide_resolved %][% terms.bugs %].
[% END %]
[% ELSIF type == 2 %]
[% tree_name = "blocked_tree" %]
[% IF ids.size %]
blocks
[% ELSE %]
- does not block any [% terms.bugs %].
+ does not block any [% 'open ' IF hide_resolved %][% terms.bugs %].
[% END %]
[% END %]
[% IF ids.size %]
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 41396f5ac..03df6911c 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -95,7 +95,7 @@
[% INCLUDE req_table reqs = OPTIONAL_MODULES
new = ['Encode', 'Encode-Detect']
- updated = ['PatchReader']
+ updated = ['PatchReader', 'Apache-SizeLimit']
include_feature = 1 %]
<h3 id="v42_req_apache">Optional Apache Modules</h3>
@@ -218,6 +218,10 @@
dependencies is now much faster.</li>
<li><strong>Attachments:</strong> The encoding of text files can be automatically
detected when uploading them as attachments.</li>
+ <li><strong>Attachments:</strong> Clickjacking could possibly occur in an attachment
+ Details page if a user attached a specially formatted HTML file. To fix this
+ potential problem, the Details page always displays the HTML source instead and
+ users can see rendered page by clicking on View.</li>
<li><strong>Flags:</strong> Changing the requestee of a flag no longer changes
the requester.</li>
<li><strong>Reports:</strong> If JavaScript is enabled in your web browser,
@@ -425,7 +429,7 @@
release:</p>
<ul>
- <li>The <kdb>B[% %]ug.create</kdb> WebService method now throws an error if you
+ <li>The <kbd>B[% %]ug.create</kbd> WebService method now throws an error if you
pass a group name which doesn't exist. In [% terms.Bugzilla %] 4.0 and 4.0.1,
this group name was silently ignored, leaving your [% terms.bug %] unsecure
if no other group applied.
@@ -436,7 +440,7 @@
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=663208">[% terms.Bug %] 663208</a>)</li>
<li>Marking [% terms.abug %] as a duplicate now works in Internet Explorer 9.
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=656769">[% terms.Bug %] 656769</a>)</li>
- <li><kdb>importxml.pl</kdb> no longer crashes when importing keywords (regressed
+ <li><kbd>importxml.pl</kbd> no longer crashes when importing keywords (regressed
in 4.0).
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=657707">[% terms.Bug %] 657707</a>)</li>
<li>Data entered while reporting a new [% terms.bug %] could be lost if you had
@@ -449,7 +453,7 @@
<li>The XML-RPC interface now works with SOAP::Lite 0.711 and 0.712 under mod_perl.
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=600810">[% terms.Bug %] 600810</a>)</li>
<li>LWP 6.00 and newer require Perl 5.8.8 and above. When installing this module
- using <kdb>install-module.pl</kdb> on a Perl installation older than 5.8.8,
+ using <kbd>install-module.pl</kbd> on a Perl installation older than 5.8.8,
LWP 5.837 will be installed instead.
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=655912">[% terms.Bug %] 655912</a>)</li>
<li>Viewing [% terms.abug %] report should be significantly faster when your