summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2013-10-17Bug 927736: "invalid token" error if someone else changes the CC list while ↵Byron Jones1-2/+2
viewing a bug r/a=LpSolit
2013-10-17Bug 927570: mid-air conflict fails to check all changed fieldsByron Jones1-2/+4
r=dkl, a=simon
2013-10-16Bump version to 4.5.1Dave Lawrence2-4/+4
2013-10-16Bug 924932: (CVE-2013-1743) [SECURITY] Field values are not escaped ↵Frédéric Buclin1-14/+24
correctly in tabular reports r=dkl a=glob
2013-10-16Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not ↵Frédéric Buclin2-5/+3
sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob
2013-10-16Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachmentsFrédéric Buclin1-7/+10
r=dkl a=sgreen
2013-10-16Bug 911593: (CVE-2013-1733) [SECURITY] CSRF in process_bug.cgiFrédéric Buclin1-11/+12
r=dkl a=sgreen
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence2-5/+20
and allowing easier brute force r=LpSolit,a=glob
2013-10-16Bug 912641: Release notes for Bugzilla 4.4.1Frédéric Buclin1-2/+45
r=dkl a=LpSolit
2013-10-15Bug 917370: large dependency trees are very slow to loadByron Jones1-43/+66
r=dkl, a=simon
2013-10-14Bug 340160: Speed up LogActivityEntry()Frédéric Buclin1-5/+6
r=dkl a=glob
2013-10-14Backout 1st part of bug 340160: state $sth doesn't work fine with mod_perlFrédéric Buclin1-6/+5
2013-10-11Fixes on checkin for bug 769134Frédéric Buclin2-11/+8
2013-10-11Bug 916254 - Bug.get should include the name for reporter, assigned_to and ↵Frank Becker1-0/+57
qa_contact r=dkl,a=sgreen
2013-10-01Bug 919852 - Add ability to perform quicksearch using Bug.searchDave Lawrence2-37/+53
r/a=glob
2013-09-30Bug 864625 - Setting a non-privileged user as a requestee on a secure bug ↵Dave Lawrence1-6/+14
while ccing the same user to give access at the same r=LpSolit,a=sgreen
2013-09-28Bug 891311: Text in the "My Requests" page is misleading about how the ↵Frédéric Buclin2-34/+36
AND/OR radio button works r=dkl a=justdave
2013-09-28Bug 798927: An error should be thrown when passing an illegal pronounImran Chaudhry2-1/+9
r=LpSolit a=justdave
2013-09-28Bug 340160: Speed up LogActivityEntry()Frédéric Buclin2-14/+10
r=dkl a=justdave
2013-09-28Bug 851267: Bugzilla times out when a user has several thousands of votesFrédéric Buclin3-96/+93
r=dkl a=justdave
2013-09-26Bug 917483 - Bug.update_attachment causes error when updating filename using ↵Dave Lawrence1-6/+19
key 'file_name'
2013-09-26Bug 784072 (2nd part): Exclude extensions from POD coverage checksFrédéric Buclin1-0/+2
2013-09-26fix bustage due to bug 891236: it doesn't pass t/002goodperl.tFrédéric Buclin1-1/+3
2013-09-26Bug 920787: The "Flags:" label in bug reports is badly alignedFrédéric Buclin2-8/+2
r=dkl a=sgreen
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence5-14/+41
throw errors, not be silently ignored r/a=glob
2013-09-26Bug 893589 - 004template.t fails when templates in extension directorySimon Green3-14/+26
r=dkl, a=simon
2013-09-26Bug 769134 - Bugzilla unintentionally removes groups when changing products ↵Simon Green2-13/+62
with multiple bugs r=dkl, a=justdave
2013-09-26Bug 714523 - editversions.cgi should use ->set_allSunil Joshi2-7/+9
r=simon, a=simon
2013-09-26Bug 621216 - Don't call GetQuip() if the user doesn't want quipsSunil Joshi1-1/+4
r=simon, a=simon
2013-09-25Bug 455301: Don't show password box on userprefs.cgi if your auth method ↵Dirk Steinmetz1-15/+19
didn't use DB passwords r=LpSolit a=justdave
2013-09-24Temporary fix for bug 916882: whitelist product and component when used with ↵Frédéric Buclin1-1/+4
the changed* operators r/a=glob
2013-09-23Bug 919475: [Oracle] Crash when non-mandatory free text custom fields are ↵Jiří Netolický1-0/+4
left empty on bug creation r=LpSolit a=justdave
2013-09-23Bug 918647: "Use of uninitialized value" warnings when using quicksearchByron Jones1-1/+5
r=simon, a=glob
2013-09-20Bug 918362 - The "order" parameter passed to Bug.search is ignoredDave Lawrence1-4/+4
r=LpSolit,a=glob
2013-09-19Bug 897510 - Create and Modify User Screen must also contain password rules ↵Sunil Joshi1-1/+8
as hint r=simon, a=glob
2013-09-19Bug 373820 - View User Account Log should include real nameSunil Joshi1-1/+1
r=simon, a=glob
2013-09-19Bug 368541 - Make it obvious that the bug alias is not part of the bug summarySunil Joshi1-2/+2
r=simon, a=simon
2013-09-19Bug 365501 - admin/products/groupcontrol/updated uses p as brSunil Joshi1-7/+19
r=simon, a=glob
2013-09-19Bug 332034 - Add New Attachment as an option for attachment.cgi when we are ↵Sunil Joshi1-2/+8
not passed any parameters\nr=simon, a=glob
2013-09-18Bug 578434 - Bug group checkboxes lay out poorly beside attachment fieldDave Lawrence4-78/+64
- Backed out to make adjustments on screen size before the groups drop down https://bugzilla.mozilla.org/show_bug.cgi?id=578464
2013-09-18Bug 578434 - Bug group checkboxes lay out poorly beside attachment field Dave Lawrence4-64/+78
r/a=glob
2013-09-18Bug 916979 - Bug.search ignores the "limit" parameterDave Lawrence2-10/+6
a/r=glob
2013-09-18fix typo in commentByron Jones1-1/+1
2013-09-18Bug 877545: quicksearch shouldn't treat apostrophes as quote charactersByron Jones1-6/+27
r=simon, a=glob
2013-09-17Bug 916935 - Add Access-Control-Allow-Headers to REST API to indicate which ↵Dave Lawrence1-0/+1
HTTP headers can be used when making the request r/a=glob
2013-09-16Fix POD (bogus in bug 866927)Frédéric Buclin1-3/+3
2013-09-16Bug 785565: Search by change history between two dates doesn't give expected ↵Frédéric Buclin1-35/+14
result r/a=glob
2013-09-13Bug 914986 - Create Bug.update_attachment to update attachments via RPC/RESTSimon Green3-4/+242
r=dkl, a=sgreen
2013-09-12Bug 911509: SOAP::Lite 1.0 no longer includes XMLRPC::LiteFrédéric Buclin1-0/+10
r=dkl a=glob