Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-02-06 | Bug 1336387 - CSP breaks GitHubAuth on index and bug modal pages | Dylan William Hardison | 1 | -15/+22 | |
2017-01-31 | Bug 1335362 - CSP regression: MozReview requests section is broken ("Error ↵ | David Lawrence | 1 | -0/+6 | |
loading review requests: unknown") | |||||
2017-01-26 | Bug 1334158 - Lightbox images CSP error on bug modal | Dylan William Hardison | 1 | -1/+10 | |
2017-01-25 | Bug 1286290 - CSP compliant bug modal | Dylan William Hardison | 1 | -8/+38 | |
2016-11-15 | Revert "Bug 1314201 - ThrowUserError and ThrowCodeError should print headers ↵ | Dylan William Hardison | 1 | -19/+4 | |
if headers have not already been printed" This reverts commit 874e96c2423c772564c9dc63254baa99e86f270b. | |||||
2016-11-12 | Bug 1314201 - ThrowUserError and ThrowCodeError should print headers if ↵ | Dylan William Hardison | 1 | -4/+19 | |
headers have not already been printed | |||||
2016-10-06 | Bug 1293689 - Bring Bugzilla::CGI::ContentSecurityPolicy to BMO (Backport ↵ | Dylan William Hardison | 1 | -10/+78 | |
Bug 1286287) | |||||
2016-09-13 | Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵ | Dylan William Hardison | 1 | -21/+10 | |
local symlink to data/ directory | |||||
2016-09-12 | Revert "Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to ↵ | Dylan William Hardison | 1 | -10/+21 | |
bmo/master + local symlink to data/ directory" This reverts commit e6bf4cacb10f86077fe898349485f5c7ab9fb4b6. | |||||
2016-09-12 | Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵ | Dylan William Hardison | 1 | -21/+10 | |
local symlink to data/ directory | |||||
2015-12-01 | Bug 1229198 - When saving a buglist from a saved search as a CSV file, set ↵ | Byron Jones | 1 | -5/+4 | |
the filename to <saved-query-name>.csv | |||||
2015-11-25 | Bug 1227866 - infinite loop consuming resources when PATH_INFO set | Byron Jones ‹:glob› | 1 | -1/+9 | |
2015-11-05 | Bug 1196743 - Fix information disclosure vulnerability that allows attacker ↵ | Dylan Hardison | 1 | -0/+28 | |
to obtain victim's GitHub OAuth return code | |||||
2015-06-03 | Bug 1170414: Redirection loop in *.cgi when path-info is present | Byron Jones | 1 | -1/+5 | |
2015-04-24 | Bug 1157395: CSRF in log in form | David Lawrence | 1 | -0/+13 | |
2014-11-04 | Bug 1093622: Backout bug 1090427 for causing: authenticated calls from bzapi ↵ | Byron Jones | 1 | -13/+0 | |
are failing: 'Untrusted Authentication Request' | |||||
2014-11-04 | Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for ↵ | David Lawrence | 1 | -0/+13 | |
login forms | |||||
2014-07-21 | Bug 1041559: "Please wait while your bugs are retrieved" shown above menu ↵ | Byron Jones | 1 | -0/+15 | |
header for search error pages | |||||
2014-07-10 | Bug 1032323: canonicalise_query() should omit parameters with empty values ↵ | Ed Morley | 1 | -2/+5 | |
so generated URLs are shorter | |||||
2014-06-18 | Bug 1026863: buglist.cgi enters in an infinite loop if called without ↵ | Frédéric Buclin | 1 | -0/+4 | |
arguments and the user is logged in | |||||
2013-09-30 | Bug 922246 - backport upstream bug 851267 to bmo/4.2 for performance ↵ | Dave Lawrence | 1 | -4/+4 | |
improvement with large number of votes | |||||
2013-08-12 | Bug 894878 - CSV output template for request queues has gone away | Dave Lawrence | 1 | -0/+25 | |
r=glob | |||||
2013-08-09 | Bug 903514 - Backport upstream bug 569177 for etag support to bmo/4.2 | Dave Lawrence | 1 | -0/+20 | |
2013-07-15 | Bug 892601 - Port over upstream native REST patch (bug 866927) to bmo/4.2 | Dave Lawrence | 1 | -1/+1 | |
r=glob | |||||
2012-09-09 | Merge from bugzilla/4.2 | Reed Loden | 1 | -0/+4 | |
2012-09-09 | Bug 671612: Send "X-Content-Type-Options: nosniff" with every response | Matt Selsky | 1 | -0/+4 | |
r/a=LpSolit | |||||
2012-08-31 | Merge from bugzilla/4.2 | Reed Loden | 1 | -1/+11 | |
2012-08-29 | Fix more bustage caused by Bug 772953 | Byron Jones | 1 | -4/+6 | |
2012-08-29 | Fix bustage caused by Bug 772953 | Byron Jones | 1 | -1/+4 | |
2012-08-28 | Bug 772953: Remove the token from buglist urls | Byron Jones | 1 | -0/+5 | |
r=dkl, a=LpSolit | |||||
2012-08-15 | Bug 779088 - Allow extensions to whitelist PATH_INFO | Dave Lawrence | 1 | -1/+12 | |
2012-08-15 | Bug 771100: Unable to attach a file to a bug with perl 5.16 | Frédéric Buclin | 1 | -1/+1 | |
r=dkl a=LpSolit | |||||
2011-11-21 | Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking | Dave Lawrence | 1 | -0/+4 | |
r=mkanat, approved for trunk=LpSolit | |||||
2011-05-31 | Bug 647649: Change the old "Boolean Charts" UI into the new AND/OR | Max Kanat-Alexander | 1 | -3/+12 | |
"Custom Search" UI. r=timello, a=mkanat | |||||
2011-05-29 | Bug 655847: Accessing buglist.cgi throws: Use of inherited AUTOLOAD for ↵ | Frédéric Buclin | 1 | -9/+1 | |
non-method Bugzilla::CGI::SERVER_PUSH() is deprecated at Bugzilla/CGI.pm line 233 r/a=mkanat | |||||
2013-05-04 | Bug 652625 - Empty queries still get run because the list_id parameter is ↵ | David Lawrence | 1 | -1/+3 | |
added to them r/a=mkanat | |||||
2011-03-14 | Bug 637977: Re-setup CGI.pm global variables on every request under mod_perl, | Max Kanat-Alexander | 1 | -13/+24 | |
which prevents CGI.pm from generating URLs with semicolons in them instead of ampersands. r=glob, a=mkanat | |||||
2010-12-28 | Remove unused variable, per my review comment | Frédéric Buclin | 1 | -1/+0 | |
https://bugzilla.mozilla.org/show_bug.cgi?id=615574 | |||||
2010-12-27 | Bug 615574: Make every search done by buglist.cgi create a list_id, so that | Max Kanat-Alexander | 1 | -0/+49 | |
even Saved Searches get "last list" support. r=LpSolit, a=LpSolit | |||||
2010-12-18 | Bug 475894 - Send the 'X-Frame-Options: SAMEORIGIN' header to help protect ↵ | Reed Loden | 1 | -0/+6 | |
against clickjacking. [r=mkanat a=mkanat] | |||||
2010-12-06 | Bug 607138: Don't send the Strict-Transport-Security header for the | Max Kanat-Alexander | 1 | -2/+6 | |
attachment_base. r=LpSolit, a=LpSolit | |||||
2010-11-03 | Bug 600464: (CVE-2010-3172) [SECURITY] Content/Header injection due to ↵ | Byron Jones | 1 | -1/+2 | |
non-random multipart/x-mixed-replace boundary r=mkanat a=LpSolit | |||||
2010-10-28 | Bug 607966: Use of qw(...) as parentheses is deprecated since Perl 5.13.5 | Frédéric Buclin | 1 | -3/+1 | |
r=gerv a=LpSolit | |||||
2010-09-29 | Bug 600475 - Support the 'includeSubDomains' flag as an option for the ↵ | Reed Loden | 1 | -2/+6 | |
'Strict-Transport-Security' advanced option in order to protect subdomains. [r=glob a=mkanat] | |||||
2010-09-28 | Bug 594990: Make the Strict-Transport-Security HTTP header only be sent | Max Kanat-Alexander | 1 | -2/+2 | |
if a particular parameter is enabled. r=glob, a=mkanat | |||||
2010-07-16 | Bug 398308: Make Search.pm take a hashref for its "params" argument | Max Kanat-Alexander | 1 | -12/+0 | |
instead of taking a CGI object. r=mkanat, a=mkanat (module owner) | |||||
2010-07-15 | Bug 521416: Some web servers fail to set the QUERY_STRING parameter | byron jones (glob) | 1 | -0/+3 | |
r/a=mkanat | |||||
2010-06-27 | Bug 575097 - "New STS header in Bugzilla::CGI causes malformed header error ↵ | Reed Loden | 1 | -5/+6 | |
due to lack of Content-Type naming" [r=LpSolit a=LpSolit] | |||||
2010-06-26 | Bug 562475 - "Bugzilla should use strict-transport-security (STS) headers" | Reed Loden | 1 | -0/+6 | |
[r=mkanat a=mkanat] | |||||
2010-06-24 | Bug 574166: Make clean_search_url take into account the new email3 fields | Max Kanat-Alexander | 1 | -1/+1 | |
from query.cgi r=glob, a=mkanat |