summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Template.pm
AgeCommit message (Collapse)AuthorFilesLines
2014-04-18Bug 998323 - URLs pasted in comments are no longer displayedDavid Lawrence1-14/+11
r=LpSolit,a=justdave
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar1-0/+11
r=glob a=justdave
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin1-0/+1
invalid page format r=glob a=LpSolit
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2012-07-26Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information ↵Frédéric Buclin1-14/+18
about restricted bugs r=glob a=LpSolit
2012-05-17Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are ↵Simon Green1-1/+1
not escaped correctly in SAFE_URL_REGEXP r/a=LpSolit
2011-08-04Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment ↵Reed Loden1-0/+3
containing newline are corrupt [r=LpSolit a=LpSolit]
2011-08-01Bug 634812: Having a very large number of custom fields can make displaying ↵Frédéric Buclin1-0/+5
show_bug.cgi slow r=glob a=LpSolit
2011-07-25Bug 652663 - When using bug_format_comment hook some replacements can happen ↵David Lawrence1-2/+4
more than once causing broken links r/a=LpSolit
2011-07-08Bug 670169 - Escape '>' in js filterReed Loden1-0/+1
[r=LpSolit a=LpSolit]
2011-05-24Bug 659185: html_quote() escapes @ causing mailto links to not be processedFrédéric Buclin1-1/+2
r/a=mkanat
2011-04-28Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann1-0/+1
r=mkanat, a=mkanat
2011-04-21Bug 650593: Bugzilla crashes when the database is gone, even when ↵Frédéric Buclin1-3/+4
shutdownhtml is set r=justdave a=LpSolit
2011-01-24Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵Frédéric Buclin1-6/+21
for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
2011-01-04Bug 595410: Make it faster to display a bug that has a lot of dependencies.Max Kanat-Alexander1-41/+12
r=LpSolit, a=LpSolit
2010-11-04Bug 474766: The [details] string is duplicated when replying to a comment ↵Frédéric Buclin1-1/+1
containing a link to an attachment r/a=mkanat
2010-10-21Bug 605425: Non-english templates are no longer precompiled by checksetupFrédéric Buclin1-1/+2
r/a=mkanat
2010-10-14Bug 602418: Add "template_cache" to bz_locations(), a way of specifying thatMax Kanat-Alexander1-10/+14
cached templates should be stored somewhere else than the data directory. r=LpSolit, a=mkanat
2010-10-03Bug 65477: Send HTML bugmailGuy Pyrzak1-1/+5
r=mkanat, a=mkanat
2010-09-28Bug 595380: Add a ?mtime string to all of the manually-insertedMax Kanat-Alexander1-1/+1
<script src> and <link href> tags in Bugzilla r=glob, a=mkanat
2010-09-19Bug 586244: Make mod_headers and mod_expires optionalMax Kanat-Alexander1-8/+14
r=glob, a=mkanat
2010-08-10Bug 585490: Instead of hardcoding <i> for UNCONFIRMED bug links, useChristian Legnitto1-6/+9
a CSS class. r=mkanat, a=mkanat
2010-08-06Bug 466968: Remove hardcoded strings from BugMail.pm, and refactor it so ↵Frédéric Buclin1-0/+43
that bugmails are 100% localizable r/a=mkanat
2010-08-05Bug 583690: (CVE-2010-2759) [SECURITY][PostgreSQL] Bugzilla crashes when ↵Frédéric Buclin1-12/+6
viewing a bug if a comment contains 'bug <num>' or 'attachment <num>' where <num> is greater than the max allowed integer r=mkanat a=LpSolit
2010-08-04Bug 584021: FILTER txt should also remove &nbsp;Frédéric Buclin1-0/+2
r/a=mkanat
2010-07-23Bug 398701: Replace |FILTER url_quote| by |FILTER uri|Frédéric Buclin1-6/+0
r/a=mkanat
2010-07-21Bug 428313: Properly expire the browser's CSS and JS cache when thereMax Kanat-Alexander1-0/+120
are new versions of those files. This also eliminates single-file skins and should also allow Extensions to have skins. r=glob, a=mkanat
2010-07-09Bug 576670: Optimize Search.pm's "init" method for being called many timesMax Kanat-Alexander1-2/+2
in a loop r=glob, a=mkanat
2010-07-06Bug 554964 - Show if a user is a "Default CC" under the Product ↵Reed Loden1-2/+10
Responsibilities section of editusers.cgi. [r=mkanat a=mkanat]
2010-07-05Bug 455810 - Add autocomplete support to the keywords fieldReed Loden1-0/+3
* Special thanks to Guy Pyrzak for the original patch [r=mkanat a=mkanat]
2010-07-01Bug 545766: Figure out what columns can be reported on from the database,Max Kanat-Alexander1-0/+3
instead of from a static list r=glob, a=mkanat
2010-06-16Bug 24896: Make the First/Last/Prev/Next navigation on bugs work withMax Kanat-Alexander1-9/+0
multiple buglists at once r=glob, a=mkanat
2010-05-19Bug 565899: Make the html_linebreak filter safe by having it first call theMax Kanat-Alexander1-0/+1
"html" filter r=LpSolit, a=LpSolit
2010-05-18Bug 566499 - "#c0 links have the wrong href"Reed Loden1-1/+1
[r=LpSolit a=LpSolit]
2010-04-22Bug 560009: Use firstidx from List::MoreUtils instead of lsearchMax Kanat-Alexander1-1/+5
r=timello, a=mkanat
2010-04-08Bug 284650: Beginning a chart name with an "_" (underscore) causes errorsFrédéric Buclin1-0/+3
r/a=mkanat
2010-04-07Bug 557780: Remove the unused .substr method in Template.pmFrédéric Buclin1-8/+0
r=glob a=LpSolit
2010-04-06Bug 556429: Stop sending bugmail from inside the templateMax Kanat-Alexander1-7/+0
r=LpSolit, a=LpSolit
2010-03-28Bug 553923: Don't word-wrap messages and errors for the WebServiceMax Kanat-Alexander1-2/+10
r=dkl, a=mkanat
2010-03-14Bug 498309: Speed up show_bug.cgi when there are many comments by cachingMax Kanat-Alexander1-1/+6
field-descs globally for all template calls r=LpSolit, a=LpSolit
2010-03-01Bug 508823: Make it so that you don't ever have to reset template_inner (likeMax Kanat-Alexander1-3/+20
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit
2010-03-01Bug 547466: Release Notes for Bugzilla 3.6rc1Max Kanat-Alexander1-2/+7
r=LpSolit, r=gerv
2010-03-01Bug 545235: Simplify Bugzilla's language-choosing codeMax Kanat-Alexander1-4/+3
r=LpSolit, a=LpSolit
2010-01-07Bug 514703 - revert changes to bug link detection algorithm. r,a=LpSolitgerv%gerv.net1-9/+4
2009-12-17Bug 525606: Make the template_before_process hook run whenever a template is ↵mkanat%bugzilla.org1-20/+3
loaded (including PROCESS and INCLUDE), not just when $template->process is called. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-12-15Bug 523762: Prevent the template_before_process hook from causing an ↵mkanat%bugzilla.org1-3/+9
infinite recursion when an error is thrown Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-12-04Bug 452919: Allow the "created an attachment" message in comments to be ↵mkanat%bugzilla.org1-6/+1
localized Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-11-25Bug 530960: Put hooks into template/default/hook instead of template/hookmkanat%bugzilla.org1-0/+8
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat
2009-11-24Post-checkin fix for bug 430012: Make checksetup not throw a warning when ↵mkanat%bugzilla.org1-15/+18
there are no extension templates that got compiled.
2009-11-24Bug 430014: Re-write the code hooks system so that it uses modules instead ↵mkanat%bugzilla.org1-5/+5
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat