summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2011-01-25Make param pages without a sortkey sort to the end. r=dkl, a=lpsolit.Gervase Markham1-0/+1
https://bugzilla.mozilla.org/show_bug.cgi?id=621255
2011-01-24Bug 619594: (CVE-2010-4568) [SECURITY] Improve the randomness ofMax Kanat-Alexander4-5/+32
generate_random_password, to protect against an account compromise issue and other critical vulnerabilities. r=LpSolit, a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=621591
2011-01-24Bug 621105 - [SECURITY] Voting lacks CSRF protectionDavid Lawrence3-0/+6
r=mkanat,a=LpSolit
2011-01-24Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵Frédéric Buclin4-19/+29
for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
2011-01-24Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to ↵Reed Loden1-3/+3
header-injection due to use of |print "Location:"| instead of $cgi->redirect [r=mkanat a=LpSolit]
2011-01-24Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible ↵Reed Loden1-1/+2
duplicates" table due to lack of encoding by YUI [r=mkanat a=LpSolit]
2011-01-24Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack ↵Reed Loden1-1/+8
of encoding by YUI [r=mkanat r=dkl a=LpSolit]
2011-01-24Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protectionFrédéric Buclin2-2/+12
r=dkl a=LpSolit
2011-01-24Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protectionFrédéric Buclin3-2/+9
r=dkl a=LpSolit
2011-01-24Bug 621107: [SECURITY] Sanity checking lacks CSRF protectionFrédéric Buclin4-8/+26
r=dkl a=LpSolit
2011-01-24An optional module was accidentally listed in the "required" section of theMax Kanat-Alexander1-2/+2
release notes. https://bugzilla.mozilla.org/show_bug.cgi?id=627910
2011-01-24Bug 627910: Update Release Notes for Bugzilla 4.0rc2Max Kanat-Alexander1-6/+26
r=reed
2011-01-23Bug 625741: Need a hook in update_fielddefs_definition to enable adding ↵rojanu3-0/+17
columns to fielddefs r/a=mkanat
2011-01-22Bug 621128 - Remove trailing whitespace from '<div id="view_disabled" >'timeless1-1/+1
[r=reed a=LpSolit]
2011-01-22Bug 624696: We need a template hook to add a description to parameters added ↵rojanu3-1/+30
by extensions r/a=mkanat
2011-01-22Bug 621109: Column changing lacks CSRF protectionFrédéric Buclin2-5/+19
r=dkl a=mkanat
2011-01-21Bug 627854: Add 'form' hook to create-guided.html.tmpl similar to ↵David Lawrence1-0/+2
create.html.tmpl r/a=mkanat
2011-01-21Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of ↵Reed Loden1-2/+2
CGI.pm to v3.51 in order to address header injection vulnerability. [r=mkanat a=mkanat]
2011-01-21Bug 627660 - Rename "Send" button on final create account page to "Create", ↵Reed Loden1-1/+1
as nothing is actually sent. [r=mkanat a=mkanat]
2011-01-21Bug 626292: "Make description private" checkbox should set bz_private class ↵David Lawrence3-6/+8
on the comment box r/a=mkanat
2011-01-21Bug 623608 - Add intro/outro extension hooks to footer.html.tmplDavid Lawrence1-2/+2
r/a=mkanat
2011-01-21Bug 626658 - Add (take) link to bug edit page to allow quick assigning to ↵David Lawrence2-4/+19
the current user r/a=mkanat
2011-01-15Bug 625190: Typo and Missing FK in Bugzilla::DB::SchemaDavid Marshall1-3/+6
r/a=mkanat
2011-01-15Bug 623408: Message-ID is gone in bugmail for new bugsFrédéric Buclin1-2/+3
r=dkl a=LpSolit
2011-01-11Bug 624349: Let the config_modify_panels hook add new parameters to existing ↵Frédéric Buclin1-11/+10
panels r/a=mkanat
2011-01-09Bug 618841: Bare word "bug" in release notesA. Shimono1-3/+3
r=dkl a=LpSolit
2011-01-09Bug 622204: Bugzilla::Migrate crashes trying to create bugs with resolutions1-1/+1
r/a=mkanat
2011-01-07Bug 558803: Add a parameter to specify the password complexity for new passwordsrojanu4-1/+52
r/a=LpSolit
2011-01-07Bug 255524: The duplicates table inherits no CSS classes when viewed in ↵Frédéric Buclin1-0/+4
simple format r=dkl a=LpSolit
2011-01-07Provide user objects to bugmail_recipients hook. r,a=mkanat.Gervase Markham2-1/+15
https://bugzilla.mozilla.org/show_bug.cgi?id=622813
2011-01-07Bug 621090 - [SECURITY] Adding saved searches lacks CSRF protectionDavid Lawrence3-0/+4
r/a=mkanat
2011-01-05Document how to add user settings. r,a=mkanat.Gervase Markham3-1/+19
https://bugzilla.mozilla.org/show_bug.cgi?id=616427
2011-01-05Allow extensions to add new Jobs. r,a=mkanat.Gervase Markham5-3/+45
https://bugzilla.mozilla.org/show_bug.cgi?id=617012
2011-01-05Bug 622822 - add additional_links hook to front page. r,a=mkanat.Gervase Markham1-0/+1
2011-01-04Bug 595410: Make it faster to display a bug that has a lot of dependencies.Max Kanat-Alexander8-98/+168
r=LpSolit, a=LpSolit
2011-01-02Bug 622437: Remove 'colchange_columns' hook from the Example extensionTiago Mello1-7/+0
r/a=LpSolit
2010-12-30Bug 622105 - Misspelling in setting_info_invalid error message David Lawrence1-1/+1
r/a=LpSolit
2010-12-28Bug 621597: Make mod_perl.pl do the INC configuration itself, instead ofMax Kanat-Alexander2-2/+8
requiring it to be in httpd.conf. r=dkl, a=mkanat
2010-12-28Remove unused variable, per my review commentFrédéric Buclin1-1/+0
https://bugzilla.mozilla.org/show_bug.cgi?id=615574
2010-12-27Bug 618844: Make clear that the Apache module must be enabled in release notesA. Shimono (himorin)1-2/+2
r/a=mkanat
2010-12-27Bug 618842: Enclose checksetup.pl between <kbd> and </kbd> tags in templatesA. Shimono (himorin)5-15/+15
r/a=mkanat
2010-12-27Bug 599539: Update the mod_perl code for Apache2::SizeLimit 0.92Max Kanat-Alexander3-16/+25
r=glob, a=mkanat
2010-12-27Bug 615574: Make every search done by buglist.cgi create a list_id, so thatMax Kanat-Alexander4-25/+61
even Saved Searches get "last list" support. r=LpSolit, a=LpSolit
2010-12-27Bug 603762: Vertical margins between header, footer, and content are not ↵Christian Legnitto2-4/+1
consistent r=pyrzak a=mkanat
2010-12-27Bug 588013: Fix typotimeless1-1/+1
r/a=mkanat
2010-12-23Add contributor lines for mkanat and myself for the new BugUrl modules.Reed Loden5-5/+9
Add missing period in original developer line in license block. [a=mkanat]
2010-12-22Bug 620796: Make Bugzilla::Migrate skip abnormal fields when doingMax Kanat-Alexander1-0/+2
create_legal_values (otherwise it tried to create Components there, when it should not have). r=mkanat, a=mkanat (module owner)
2010-12-21Bug 593539: Fix the bugs activity for the see_also field.Tiago Mello1-1/+2
r/a=mkanat
2010-12-20Bug 593539: Refactor See Also to use separate modules for each type of URLTiago Mello8-160/+558
r/a=mkanat
2010-12-18Bug 475894 - Send the 'X-Frame-Options: SAMEORIGIN' header to help protect ↵Reed Loden1-0/+6
against clickjacking. [r=mkanat a=mkanat]