summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-05-03Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and ↵Dylan Hardison1-9/+6
data disclosure vulnerability for insecure accounts
2016-05-02Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵David Lawrence1-4/+28
to remove b2gtest from Treeherder results
2016-04-28Bug 1256051 - Allow MozReview.attachments() to post mozreview-* tags without ↵Dylan Hardison1-7/+14
requiring editbugs
2016-04-27Bug 1235514 - Change color of note regarding changed votesNikhil Handa2-10/+12
2016-04-27Bug 1225214 - Implement very simple request time loggingDylan Hardison1-0/+3
2016-04-22Bug 1195736 - intermittent internal error: "file error - nav_link: not ↵Dylan Hardison5-6/+22
found" (also manifests as fields_lhs: not found)
2016-04-22Bug 1266167 - clickjacking is possible on "view all" and "details" ↵David Lawrence2-2/+2
attachment pages
2016-04-21Bug 1239838 - Don't see a way to redirect a needinfo request (in ↵Byron Jones4-166/+225
Experimental UI)
2016-04-20Bug 1266117 - I have found a bug in the section 2.6.1 in the user guide(2.6) ↵David Lawrence1-1/+1
of BMO documentation. The bug identified is a grammatical error committed in one of the sentences.
2016-04-19Bug 1265432 - backport upstream bug 1263923 to bmo/4.2 - X-Bugzilla-Who ↵David Lawrence1-1/+1
header is not set for flag mails
2016-04-13Revert "Bug 1195736 - intermittent internal error: "file error - nav_link: ↵Dylan William Hardison3-13/+2
not found" (also manifests as fields_lhs: not found)" Test failures result from this, we will need a different approach. This reverts commit 33f61556746e1729746342d802ca7ea9cea18caf.
2016-04-13Bug 1264207 - add support for the hellosplat tracker to 'see also'Byron Jones3-0/+26
2016-04-13Bug 1195736 - intermittent internal error: "file error - nav_link: not ↵Dylan Hardison3-2/+13
found" (also manifests as fields_lhs: not found)
2016-04-12Bug 1263520 - Cannot set r+ back to r? directlyDavid Lawrence2-2/+2
2016-04-07Bug 1260458 - search failing for users who are not members of the insider ↵David Lawrence1-1/+2
group (DBD::mysql::db selectcol_arrayref failed: You have an error in your SQL syntax)
2016-04-04Bug 1259322 - Legal compliance / adding link to footerDavid Lawrence3-12/+23
2016-04-04Bug 1257662 - Disallow clearing a flag if the flag is set to allow granting ↵David Lawrence4-8/+20
by specifc group and changer is not in group
2016-04-04Bug 1197061 - don't create a new session for every authenticated ↵David Lawrence1-0/+7
XMLRPC/JSONRPC call
2016-03-30Bug 1260545 - Legal compliance / adding terms link to new BMO account flowDavid Lawrence1-0/+6
2016-03-25Bug 1253718 - CRM/Email request formDavid Lawrence3-0/+362
2016-03-24Bug 1259266 - Attachment of security issues when viewing a bug are ↵David Lawrence3-3/+15
indistinguishable from any other attachment.
2016-03-23Bug 1251236 - Please show the diff on the attachment details page when a ↵Byron Jones2-65/+86
patch has been reviewed in MozReview
2016-03-22Bug 1258547 - XSS through javascript: callback URLs in auth delegationDylan Hardison2-0/+7
2016-03-21Bug 1252782 - can't add a "See Also" to a Chromium bug on bugs.chromium.orgDavid Lawrence3-0/+51
2016-03-15Bug 1256954 - Multiple Selenium cases are failing after the commit of bug ↵David Lawrence1-1/+1
1253914
2016-03-15Bug 1251442 - Update VP list in Recruiting ProductDavid Lawrence1-0/+1
2016-03-15Bug 1229834 - extend information we [audit] log to the syslogDylan Hardison2-1/+16
2016-03-14Bug 1255272 - Adding a flag via the MozReview batch-attachment API doesn't ↵Dylan Hardison1-0/+3
CC the user
2016-03-10Bug 1252578 - CSRF and SELECT-only SQL execution attack against ↵Dylan Hardison2-0/+2
query_database.html
2016-03-10Bug 1253914 - Cross domain referer leakage when resetting the user passwordDylan Hardison4-1/+8
2016-03-10Bug 1254227 - MozReview auth delegation allows sending out phishing mails ↵Dylan Hardison4-3/+15
via Bugzilla
2016-03-10Bug 1254675 - bug_modal template fails to escape format parameterDavid Lawrence1-1/+1
2016-03-10Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt pageDylan Hardison2-1/+2
2016-03-09Bug 1253483 - MozReview.attachments() doesn't create flags on new attachmentsDylan Hardison1-1/+7
2016-03-08Bug 1252554 - Avoid possibility of XSS in release tracking reportDylan Hardison1-3/+3
2016-03-08Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and causes ↵David Lawrence6-9/+24
persistent XSS
2016-03-08Bug 1251442 - Update VP list in Recruiting ProductDavid Lawrence1-3/+4
2016-03-07Bug 1253691 - In issue-api-key.pl, set the MozReview API key if the ↵Mark Côté1-2/+9
description is 'mozreview'. r=dylan
2016-03-07Bug 1252084 - Warning when entering row into user_request_log when running ↵David Lawrence1-1/+2
commandline script
2016-03-07Bug 1252862 - Remove calls to delete_token() in several places where it is ↵David Lawrence3-4/+1
unnecessary
2016-03-03Bug 1252735 - test_email_preferences.t selenium test is intermittently failingDavid Lawrence1-1/+1
- Archiving the test caused test_qa_contact.t to fail due to a bug in the test that relied on the archived test to set a preference to enabled. An accidental side effect. Changing generate_test_data.pl to always add preferences as enabled by default since BMO does not display displayed preferences.
2016-03-03Bug 1252735 - selenium tests are failingDavid Lawrence1-0/+0
- Archiving test script for now til a future time it can be fixed
2016-03-03Bug 1253032 - Recent change to JSON::XS breaks some APIsDylan Hardison1-0/+1
2016-03-02Bug 1252628 - 404 on ↵David Lawrence1-1/+1
https://www.mozilla.org/en-US/quality/bug-writing-guidelines.html
2016-03-01Bug 1252437 - XSS vulnerability through malicious bug aliasesDylan Hardison1-1/+2
2016-03-01Bug 1252437 - XSS vulnerability through malicious bug aliasesDylan Hardison2-3/+6
2016-03-01Revert "Bug 1251208 - Bugzilla->request_cache() can be faster"Dylan William Hardison1-6/+29
This reverts commit 1d3186c171465b173a42f8ecd168662eccccc4d1.
2016-03-01Bug 1252210 - AntiSpam configuration is vulnerable to CSRF and persistent XSSDylan Hardison2-1/+8
2016-03-01Bug 1252216 - Push extension configuration is vulnerable to CSRF and ↵David Lawrence3-0/+7
potentially code execution
2016-03-01Bug 1252219 - Attachment bounty form is vulnerable to CSRF and persistent XSSDylan Hardison2-9/+16