summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2004-10-25[SECURITY] Bug 263780: Exporting a bug to XML exposes user comments and ↵justdave%bugzilla.org2-0/+6
attachment summaries which are marked as private to users who are not members of the group allowed to see private comments and attachments. XML export is not exposed in the user interface, but is available to anyone who knows the correct URL to invoke it. This only affects sites that use the 'insidergroup' feature. Patch by Joel Peshkin <bugreport@peshkin.net> r=vladd,justdave, a=justdave
2004-10-25[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST ↵justdave%bugzilla.org1-1/+21
message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission). Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it. Patch by Myk Melez <myk@mozilla.org> r=gerv, a=justdave
2004-10-25Bug 250897: Enforce a 10 minute waiting period between password reset ↵justdave%bugzilla.org2-4/+17
attempts to prevent the user getting mailbombed if the form is submitted multiple times. Patch by Joel Peshkin <bugreport@peshkin.net> r=kiko, a=justdave
2004-10-25Bug 254498: Check for comment required for time validation was too late.justdave%bugzilla.org1-32/+36
Patch by Tiago R. Mello <tiago@async.com.br> r=kiko, a=justdave
2004-10-25Backing out patch for bug 251596: found a problem with it after I committed. ↵justdave%bugzilla.org2-11/+8
See the bug.
2004-10-25Bug 251596: show.html.tmpl wasn't using the customized body attributejustdave%bugzilla.org2-8/+11
Patch by Marc Schumann <wurblzap@gmail.com> r=kiko, a=myk
2004-10-25Documentation patch for bug 143490: Update documentation regarding code ↵jocuri%softhome.net1-49/+15
changes needed when running Bugzilla under win32 (some are no longer required since checksetup.pl no longer calls unsupported functions when running on Windows); patch by GavinS <bugzilla@chimpychompy.org>, r=vladd.
2004-10-25Patch for bug 192218: Ability to use a hyphen as a way to filter ↵jocuri%softhome.net2-4/+8
specifically for requests with no requestee; patch by Frédéric Buclin <LpSolit@netscape.net>; r=myk, a=myk.
2004-10-25Patch for bug 252137: tabular reports shouldn't be broken if a row/col/tbl ↵jocuri%softhome.net1-0/+6
header begins with an underscore; patch by Rob Siklos <rsiklos@adexa.com>; r=gerv, a=justdave.
2004-10-23Bug 265731: multipart_start in the server-push handling code wasn't honoring ↵justdave%bugzilla.org1-0/+3
the $cgi->charset setting. r=myk, a=justdave
2004-10-22fix for bug 265499: support custom stylesheets; r=gerv, a=mykmyk%mozilla.org1-0/+5
2004-10-22fix for bug 263250: adds a base tag to the simple buglist so it can be ↵myk%mozilla.org1-0/+1
loaded in an iframe on a remote site and have the CSS still work
2004-10-22fix for bug 256208: makes checksetup.pl create CVS-ignored skins/custom/ and ↵myk%mozilla.org1-0/+51
children; r=gerv, a=justdave
2004-10-22Fix for bug 256207: moves CSS files to skins/standard/ as part of CSS plan; ↵myk%mozilla.org11-316/+6
r=gerv, a=justdave
2004-10-21Fix for bug 265240: make collectstats generate valid RDF by not cutting off ↵myk%mozilla.org1-1/+1
the opening RDF tag; r=kiko, a=myk
2004-10-21Patch for bug 232155: Remove uninitialized value warning from Pperl's ↵jocuri%softhome.net1-8/+3
Cookie.pm and unify code by removing redundancy; patch by Christian Reis <kiko@async.com.br> backported to 2.18 by Rob Siklos <rsiklos@adexa.com>; r=vladd,kiko, a=justdave.
2004-10-21Fix for bug 265303: updates RDF content type to new standard ↵myk%mozilla.org1-1/+1
application/rdf+xml; r,a=justdave
2004-10-20Patch for bug 264003: Include the DBI error in the error message if ↵jocuri%softhome.net1-3/+9
'createdb' fails; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=kiko, a=justdave.
2004-10-20Patch for bug 189073: Allow accept as a resolution when changing multiple ↵jocuri%softhome.net1-7/+8
bugs only if all bugs are opened; r=kiko, a=justdave.
2004-10-20Patch for bug 199811: Implement UI for 'contains none of the strings' search ↵jocuri%softhome.net1-1/+2
operator; patch by Marc Schumann <wurblzap@gmail.com>, r=kiko, a=justdave.
2004-10-17Patch for bug 261434: implement functionality to delete a user semi-properly ↵jocuri%softhome.net1-1/+3
(only works for users with no bugs/comments); patch by Ivan Todoroski <grnch@gmx.net>; r=justdave, a=justdave.
2004-10-10Patch for bug 251338: Installation section should mention that you need an ↵jocuri%softhome.net1-1/+26
MTA installed; patch by Colin S. Ogilvie <colin.ogilvie@gmail.com>; r=vladd, a=justdave.
2004-10-10Patch for bug 257765: Make replies to private comments private by default; ↵jocuri%softhome.net2-1/+9
patch by Marc Schumann <wurblzap@gmail.com>, r=kiko, a=justdave.
2004-10-10Patch for bug 263165: Make Bugzilla specify table type as MyISAM when ↵jocuri%softhome.net1-1/+1
creating tables; patch by Byron Jones (glob) <bugzilla@glob.com.au>, r=kiko, a=justdave.
2004-10-07Patch for bug 256567: Harmonize descriptions of classifications and products ↵jocuri%softhome.net6-5/+25
in terms of 'FILTER html'; patch by Marc Schumann <wurblzap@gmail.com>; r=justdave, kiko, a=justdave.
2004-10-01Patch for bug 262126: fix invalid date parsing; patch by me, r=kiko, a=justdave.jocuri%softhome.net1-1/+1
2004-10-01Patch for bug 261210: adapt bz_secure CSS for text based browsers; patch by ↵jocuri%softhome.net1-1/+1
Jason Pyeron <jpyeron@pyerotechnics.com>; r=myk, a=myk.
2004-10-01Patch for bug 258712: whine.pl should honour emailsuffix; patch by Marc ↵jocuri%softhome.net1-1/+1
Schumann <wurblzap@gmail.com>; r=erik, a=justdave.
2004-09-30Patch for bug 237769: use Administrator instead of root for super-user name ↵jocuri%softhome.net1-9/+10
in Windows, and change the ppm repository from Apache to the one maintained on landfill; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd, a=myk.
2004-09-30Patch for bug 261993: fix uninitialized value error in webserver log when ↵jocuri%softhome.net1-0/+1
accessing buglist.cgi (generated by the fix for bug 255512); patch by Marc Schumann <wurblzap@gmail.com>; r=justdave, a=myk.
2004-09-28Fix for bug 103794: adds 'home' link to navigation bar; patch by GavinS; r,a=mykmyk%mozilla.org1-0/+1
2004-09-25Fix for bug 258029: sets whining group inheritance in the correct order. ↵erik%dasbistro.com1-1/+1
r,a=justdave
2004-09-25Fix for bug 261446: checksetup.pl needs to update permissions onkiko%async.com.br1-0/+2
images/. r,a=myk
2004-09-25Landing fix for bug 153811: default severity should be parametrized.kiko%async.com.br2-1/+19
r,a=myk.
2004-09-24Fix for bug 252739: moves inclusion/exclusion action names to button name ↵myk%mozilla.org2-10/+13
instead of button value so that button values (which are also used as labels) will be localizable; patch by Marc Schumann; r=kiko,myk; a=justdave
2004-09-24Fix for bug 261273: make column changing work with Sun ONE web server; fix ↵myk%mozilla.org1-2/+5
by tmabbott@hbs.edu; r,a=justdave
2004-09-24Bug 261071 Error: Error in parsing value for property 'vertical-align'. ↵timeless%mozdev.org1-1/+1
Declaration dropped. r=vladd a=myk
2004-09-24Patch for bug 258938: Minor tweak to editmilestones templatization; patch by ↵jocuri%softhome.net1-0/+2
GavinS <bugzilla@chimpychompy.org>; r=jouni, a=justdave.
2004-09-24Patch for bug 255512: For bz_secure, distinguish between mandatory and ↵jocuri%softhome.net4-11/+31
non-mandatory groups and create distinct CSS classes to enable customizations by the admin; patch by Marc Schumann <wurblzap@gmail.com>; r=kiko, r=joel, a=justdave.
2004-09-24Landing fix for bug 260411: MS IE breaks png alpha channel padlock. Addskiko%async.com.br1-0/+0
a new PNG file with a 1-bit alpha layer. File by Jason Pyeron <jpyeron@pyerotechnics.com> r=kiko, a=myk.
2004-09-22Bug 259452 Add bonsai style &mark support to showbug for bug commentstimeless%mozdev.org4-1/+27
r=kiko a=justdave
2004-09-21Fix for bug 245075: command-line script that sends bug mail so installations ↵myk%mozilla.org1-0/+51
can push bug mail out if it's been missed by the code that sends mail when changes are made; written by Dave Miller
2004-09-18Bug 250979 - fix broken anchors to severity. Patch by Tobias Sager ↵gerv%gerv.net2-2/+2
<moixa@gmx.ch>, r=gerv, a=justdave.
2004-09-15Bug 256004: Fix regression that caused duplicate sortkeys in the fielddefs tablejustdave%bugzilla.org1-2/+2
r=myk, a=justdave
2004-09-15Fix for bug 249868: makes series pages validatemyk%mozilla.org4-21/+30
2004-09-15Fix for bug 240460: updates upgrading examples with new URLs and version ↵myk%mozilla.org1-15/+15
numbers; r=gerv; a=justdave
2004-09-14Oops, backing out changes to administration.xml that are supposed to be part ↵justdave%bugzilla.org1-15/+15
of a different patch.
2004-09-14Bug 257534: Require Perl 5.8.1 or later when running on Windows with ↵justdave%bugzilla.org5-38/+32
ActiveState Perl (there is no official CGI ppm build with a new enough version for Bugzilla on any earlier version of ActiveState Perl) Patch by Byron Jones <bugzilla@glob.com.au> r=justdave, a=justdave
2004-09-13Bug 252295: Ensure that the "Edit Search" link goes back to the same form ↵justdave%bugzilla.org1-0/+8
the search was created on when running a saved search that was saved before we had multiple search forms. r=gerv, a=justdave
2004-09-13Bug 253696: work around NAME_lc bug in ActiveState Perl on Win32justdave%bugzilla.org1-1/+5
Patch by Byron Jones <bugzilla@glob.com.au> r=jouni,bbaetz a=justdave