summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2001-08-25Fix for bug 95235: variables with untrusted content were being echoed back ↵justdave%syndicomm.com2-6/+11
to the user in error messages. Those variables are now run through html_quote() first. Patch by Gavin Shelley <gavins@iplbath.com> r= justdave@syndicomm.com
2001-08-23Adding some pretty images for the Bugzilla Guide warning,barnboy%trilobyte.net4-0/+0
note, caution, and tip entries.
2001-08-22Big checkin of docs to resolve everybarnboy%trilobyte.net67-9166/+12577
known outstanding doc bug! Yay release. Still many things to fix. Aren't there always?
2001-08-21Bug 96063 - the old method of doing this barfed on long URL strings.gerv%gerv.net1-29/+48
2001-08-21Fix for bug 96085: don't allow unauthorized users to access restricted bugs ↵myk%mozilla.org1-7/+10
that do not have a QA contact. Patch by Myk Melez <myk@mozilla.org> r=Jake <jake@acutex.net>
2001-08-20Fix for bug 95890: Correctly convert/record keyword changes in the ↵myk%mozilla.org2-19/+19
bugs_activity table for keywords containing a plus sign or other regular expression meta-characters. Myk's first ever Bugzilla checkin! Patch by Dave Miller <justdave@syndicomm.com> and Myk Melez <myk@mozilla.org>. r=myk@mozilla.org,justdave@syndicomm.com
2001-08-18Refixing bug 95875 - The code that breakes the typed in CC list into ↵jake%acutex.net1-4/+4
individual lists is now slightly more robust and allows perl to handle the splitting more efficiently (by using a space as the delimiter). r= myk@mozilla.org
2001-08-18Fix for bug 95857: process_bugs.cgi sees blank address in cc: line (would ↵justdave%syndicomm.com1-6/+4
show up as __UNKNOWN__) Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-08-18Fix for bug 95747 - CC List validation (for additions) wasn't happening ↵jake%acutex.net1-39/+58
until after the bug's changes were in the process of being commited. This caused problems if a typo was made in the e-mail address. r= myk@mozilla.org
2001-08-17Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' ↵jake%acutex.net1-1/+1
not locked", fixed typo in lock tables command. Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-08-17Fix for bug 95743: the role-accessible checkboxes were getting cleared if a ↵justdave%syndicomm.com2-40/+13
user with group access had to log in to make changes to a public bug. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-08-17Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' ↵justdave%syndicomm.com2-4/+4
not locked", fixed typo in lock tables command. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-08-17Fix for bug 95546. MySQL versions before 3.23 don't support INNER JOINsjake%acutex.net1-2/+2
Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-08-16Fix for bug 95535: the token generator for password resets is allowing the & ↵justdave%syndicomm.com2-0/+2
character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password. Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org
2001-08-16Fix for bug 87779: thanks to the new password reset code, there was no clear ↵justdave%syndicomm.com1-1/+3
way to create a new Bugzilla account from the login screen. There is now a link to createaccount.cgi from the login screen, and the text around the password reset button has been edited so it doesn't sound like you can get a new account by using it (because you can't) Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org
2001-08-16Fix for bug 95304: Add a buglist link to the top of duplicates.cgijustdave%syndicomm.com1-0/+6
Patch by Gervase Markham <gerv@mozilla.org> r= justdave@syndicomm.com
2001-08-16Fix for bug 92593: Changing a bugs product will no longer remove the votes ↵justdave%syndicomm.com1-7/+35
from that bug unless the number of votes for a given user is beyond what is allowed per-bug on the new product. Only the per-bug vote count is checked. If the user is beyond the per-product vote limit for the new product, it is left alone, on the theory that it's better to preserve the votes on the bug. The user will be forced to reduce their votes to fit the product limit the next time they try to vote on something. Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-08-15Re-fix for bug 95082: allow syncshadowdb to continue to make queries while ↵justdave%syndicomm.com1-1/+1
Bugzilla is shut down. Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-08-14Fix for bug 95082 - Param('shutdownhtml') doesn't completely shut down bugzilla.jake%acutex.net5-7/+36
r= justdave@syndicomm.com
2001-08-14Fix for bug 26194: There are now substitution parameters available for use ↵justdave%syndicomm.com2-5/+12
in newchangedmail which will include the reason(s) that the person is receiving the mail in either an email header, the body of the message, or both. The default newchangedmail parameter includes these in it. If you have an existing installation you will need to either hit "reset" next to the newchangedmail parameter, or add the substitution parameters where you like them according to the instructions given in editparams.cgi viewed from the web. Patch by Matthew Tuck <matty@chariot.net.au> and Zach Lipton <zach@zachlipton.com> r= justdave@syndicomm.com
2001-08-13Fix silly syntax error I missed.justdave%syndicomm.com1-3/+3
2001-08-13Fix for bug 39816: Anyone in CC, Reporter, QA Contact, or Asigned To fields ↵justdave%syndicomm.com4-51/+154
can now be given access to view a bug even if the permissions on that bug are set to a group that would normally exclude those people. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-08-13Fix for bug 95008: duplicates page no longer ignores verified ↵justdave%syndicomm.com1-5/+9
INVALID/WONTFIX bugs Patch by Gervase Markham <gervase.markham@univ.ox.ac.au> r= justdave@syndicomm.com
2001-08-12More bug 26194: move the reason to the top of the email so that it doesn't ↵zach%zachlipton.com1-2/+2
look like part of the comment. a=dave
2001-08-12patch for bug 26194: Header explaining reason d'etre for email in New email ↵zach%zachlipton.com2-10/+48
notification scheme. Patch by MattyT <matty@chariot.net.au>, r=zach@zachlipton.com.
2001-08-12Updates to README from bug 94846.jake%acutex.net1-11/+5
Patch by Matthew Tuck <matty@chariot.net.au>
2001-08-11Fix for bug 94618: remove restrictions on valid characters in passwords. If ↵justdave%syndicomm.com2-10/+6
crypt() takes it, why shouldn't we? Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-08-11fix for bug 66235: process_bug.cgi: multiple product change misses the ↵zach%zachlipton.com2-33/+217
groupset bit. Patch by Myk <myk@mozilla.org> r=Jake, oh, and it's my first checkin, yahoo!
2001-08-11CHANGES move to "UPGRADING-pre-2.8"barnboy%trilobyte.net2-3/+9
2001-08-11Compiled HTML/TXT check-in. For some reason, it keeps thinking my darnbarnboy%trilobyte.net63-1886/+40092
dbschema.jpg file is changing, though.
2001-08-11Removal of HTML from docs temporarily due to massive renamingbarnboy%trilobyte.net65-34226/+0
in the latest restructuring of the Bugzilla Guide.
2001-08-11Checkin for 2.14 release. Still some problems; this cannot yetbarnboy%trilobyte.net34-7900/+11347
be used for 2.14 documentation due to inconsistencies.
2001-08-09Re-fix for bug 55161 - if data is partial in activity table, prepend a ? to ↵justdave%syndicomm.com2-12/+35
indicate that we don't know for sure what got dropped. Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-07-30Fix for bug 92713, show_activity.pl displays zeros as non-breaking spaces.jake%acutex.net1-2/+2
Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-07-26fix for bug 91903: insecure dependency in require in importxml.pl under ↵justdave%syndicomm.com1-1/+2
taint mode only in Perl 5.005. Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-07-26Fix for bug 90933: inconsistant field types for profiles.disabledtextjustdave%syndicomm.com1-1/+5
Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-07-25re-fix bug 76154: permissions weren't being set correctly on the .htaccess ↵justdave%syndicomm.com2-0/+4
files when checksetup.pl was run again. Also adding .htaccess to .cvsignore so it won't show up as ? in cvs diffs and updates. Patch by Dave Miller <justdave@syndicomm.com> r= jake@acutex.net
2001-07-23Remove the code for rejecting the version of MySQL with broken encryption ↵jake%acutex.net1-9/+8
(as bugzilla no longer uses MySQL's encrypt routine). Also, point to mysql.com for downloading newer versions. Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-07-23re-fix for bug 55161: buglist works again if you search for change history ↵justdave%syndicomm.com1-2/+2
on a bug Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
2001-07-22Fix for bug 76154: Bugzilla can now optionally provide .htaccess files for ↵justdave%syndicomm.com1-0/+71
Apache to help restrict viewing of private data Patch by Dave Miller <justdave@syndicomm.com> r= jake@acutex.net
2001-07-22fix "used only once" error reported by tinderboxjustdave%syndicomm.com1-0/+1
2001-07-22Fix for bug 84714 and bug 88797: You can now change bug groups from the ↵justdave%syndicomm.com1-30/+29
"change several bugs" form even if the bugs aren't all in the same groups. Also, the groups are no longer cleared when you make a change from the "change several bugs" form (unless you tell it to) Patch by Joe Robins <jmrobins@tgix.com> and Dave Miller <justdave@syndicomm.com> r= zach@zachlipton.com a= justdave@syndicomm.com
2001-07-22Fix for bug 84714 and bug 88797: You can now change bug groups from the ↵justdave%syndicomm.com1-21/+46
"change several bugs" form even if the bugs aren't all in the same groups. Also, the groups are no longer cleared when you make a change from the "change several bugs" form (unless you tell it to) Patch by Joe Robins <jmrobins@tgix.com> and Dave Miller <justdave@syndicomm.com> r= zach@zachlipton.com a= justdave@syndicomm.com
2001-07-21Fix for bugs 55161 and 12819. The activity log now stores only what's ↵jake%acutex.net7-80/+203
changed in multi-value fields. r= justdave@syndicomm.com
2001-07-20Re-fix for bug 77699: the undefined error affected other browsers than just ↵justdave%syndicomm.com1-25/+17
IE5, so work around it for all browsers. Patch by Stephen Lee <slee@uk.bnsmc.com> r= afranke@ags.uni-sb.de
2001-07-17Correcting the URL for MySQL's web page. Bug 90553.jake%acutex.net1-1/+1
Patch by Myk Melez <myk@mozilla.org>
2001-07-17Fixing minor problem caused by the original bug 77473 checkin where an SQL ↵justdave%syndicomm.com1-0/+6
error was being produced if you tried to log in with an invalid username. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com
2001-07-11Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored ↵justdave%syndicomm.com10-130/+938
in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net
2001-07-04Fix for bug 87701: Invalid username in bug changes echoed back without ↵justdave%syndicomm.com3-6/+10
escaping HTML data Patch by Gervase Markham <gervase.markham@univ.ox.ac.uk> r= justdave@syndicomm.com
2001-07-04Killing the "used only once" error that suddenly popped up out of nowhere on ↵justdave%syndicomm.com1-0/+1
tinderbox.