Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2014-04-18 | Bug 998323 - URLs pasted in comments are no longer displayed | David Lawrence | 1 | -14/+11 | |
r=LpSolit,a=justdave | |||||
2014-04-17 | Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text | Manish Goregaokar | 1 | -0/+11 | |
r=glob a=justdave | |||||
2013-02-19 | Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵ | Frédéric Buclin | 1 | -0/+1 | |
invalid page format r=glob a=LpSolit | |||||
2013-01-14 | Bug 829939: Only build default_authorizer on request | Frédéric Buclin | 1 | -1/+1 | |
r=glob a=LpSolit | |||||
2012-07-26 | Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information ↵ | Frédéric Buclin | 1 | -14/+18 | |
about restricted bugs r=glob a=LpSolit | |||||
2012-05-17 | Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are ↵ | Simon Green | 1 | -1/+1 | |
not escaped correctly in SAFE_URL_REGEXP r/a=LpSolit | |||||
2011-08-04 | Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment ↵ | Reed Loden | 1 | -0/+3 | |
containing newline are corrupt [r=LpSolit a=LpSolit] | |||||
2011-08-01 | Bug 634812: Having a very large number of custom fields can make displaying ↵ | Frédéric Buclin | 1 | -0/+5 | |
show_bug.cgi slow r=glob a=LpSolit | |||||
2011-07-25 | Bug 652663 - When using bug_format_comment hook some replacements can happen ↵ | David Lawrence | 1 | -2/+4 | |
more than once causing broken links r/a=LpSolit | |||||
2011-07-08 | Bug 670169 - Escape '>' in js filter | Reed Loden | 1 | -0/+1 | |
[r=LpSolit a=LpSolit] | |||||
2011-05-24 | Bug 659185: html_quote() escapes @ causing mailto links to not be processed | Frédéric Buclin | 1 | -1/+2 | |
r/a=mkanat | |||||
2011-04-28 | Bug 423612 - Allow editing extern_id for users from the admin interface | Jochen Wiedmann | 1 | -0/+1 | |
r=mkanat, a=mkanat | |||||
2011-04-21 | Bug 650593: Bugzilla crashes when the database is gone, even when ↵ | Frédéric Buclin | 1 | -3/+4 | |
shutdownhtml is set r=justdave a=LpSolit | |||||
2011-01-24 | Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵ | Frédéric Buclin | 1 | -6/+21 | |
for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit | |||||
2011-01-04 | Bug 595410: Make it faster to display a bug that has a lot of dependencies. | Max Kanat-Alexander | 1 | -41/+12 | |
r=LpSolit, a=LpSolit | |||||
2010-11-04 | Bug 474766: The [details] string is duplicated when replying to a comment ↵ | Frédéric Buclin | 1 | -1/+1 | |
containing a link to an attachment r/a=mkanat | |||||
2010-10-21 | Bug 605425: Non-english templates are no longer precompiled by checksetup | Frédéric Buclin | 1 | -1/+2 | |
r/a=mkanat | |||||
2010-10-14 | Bug 602418: Add "template_cache" to bz_locations(), a way of specifying that | Max Kanat-Alexander | 1 | -10/+14 | |
cached templates should be stored somewhere else than the data directory. r=LpSolit, a=mkanat | |||||
2010-10-03 | Bug 65477: Send HTML bugmail | Guy Pyrzak | 1 | -1/+5 | |
r=mkanat, a=mkanat | |||||
2010-09-28 | Bug 595380: Add a ?mtime string to all of the manually-inserted | Max Kanat-Alexander | 1 | -1/+1 | |
<script src> and <link href> tags in Bugzilla r=glob, a=mkanat | |||||
2010-09-19 | Bug 586244: Make mod_headers and mod_expires optional | Max Kanat-Alexander | 1 | -8/+14 | |
r=glob, a=mkanat | |||||
2010-08-10 | Bug 585490: Instead of hardcoding <i> for UNCONFIRMED bug links, use | Christian Legnitto | 1 | -6/+9 | |
a CSS class. r=mkanat, a=mkanat | |||||
2010-08-06 | Bug 466968: Remove hardcoded strings from BugMail.pm, and refactor it so ↵ | Frédéric Buclin | 1 | -0/+43 | |
that bugmails are 100% localizable r/a=mkanat | |||||
2010-08-05 | Bug 583690: (CVE-2010-2759) [SECURITY][PostgreSQL] Bugzilla crashes when ↵ | Frédéric Buclin | 1 | -12/+6 | |
viewing a bug if a comment contains 'bug <num>' or 'attachment <num>' where <num> is greater than the max allowed integer r=mkanat a=LpSolit | |||||
2010-08-04 | Bug 584021: FILTER txt should also remove | Frédéric Buclin | 1 | -0/+2 | |
r/a=mkanat | |||||
2010-07-23 | Bug 398701: Replace |FILTER url_quote| by |FILTER uri| | Frédéric Buclin | 1 | -6/+0 | |
r/a=mkanat | |||||
2010-07-21 | Bug 428313: Properly expire the browser's CSS and JS cache when there | Max Kanat-Alexander | 1 | -0/+120 | |
are new versions of those files. This also eliminates single-file skins and should also allow Extensions to have skins. r=glob, a=mkanat | |||||
2010-07-09 | Bug 576670: Optimize Search.pm's "init" method for being called many times | Max Kanat-Alexander | 1 | -2/+2 | |
in a loop r=glob, a=mkanat | |||||
2010-07-06 | Bug 554964 - Show if a user is a "Default CC" under the Product ↵ | Reed Loden | 1 | -2/+10 | |
Responsibilities section of editusers.cgi. [r=mkanat a=mkanat] | |||||
2010-07-05 | Bug 455810 - Add autocomplete support to the keywords field | Reed Loden | 1 | -0/+3 | |
* Special thanks to Guy Pyrzak for the original patch [r=mkanat a=mkanat] | |||||
2010-07-01 | Bug 545766: Figure out what columns can be reported on from the database, | Max Kanat-Alexander | 1 | -0/+3 | |
instead of from a static list r=glob, a=mkanat | |||||
2010-06-16 | Bug 24896: Make the First/Last/Prev/Next navigation on bugs work with | Max Kanat-Alexander | 1 | -9/+0 | |
multiple buglists at once r=glob, a=mkanat | |||||
2010-05-19 | Bug 565899: Make the html_linebreak filter safe by having it first call the | Max Kanat-Alexander | 1 | -0/+1 | |
"html" filter r=LpSolit, a=LpSolit | |||||
2010-05-18 | Bug 566499 - "#c0 links have the wrong href" | Reed Loden | 1 | -1/+1 | |
[r=LpSolit a=LpSolit] | |||||
2010-04-22 | Bug 560009: Use firstidx from List::MoreUtils instead of lsearch | Max Kanat-Alexander | 1 | -1/+5 | |
r=timello, a=mkanat | |||||
2010-04-08 | Bug 284650: Beginning a chart name with an "_" (underscore) causes errors | Frédéric Buclin | 1 | -0/+3 | |
r/a=mkanat | |||||
2010-04-07 | Bug 557780: Remove the unused .substr method in Template.pm | Frédéric Buclin | 1 | -8/+0 | |
r=glob a=LpSolit | |||||
2010-04-06 | Bug 556429: Stop sending bugmail from inside the template | Max Kanat-Alexander | 1 | -7/+0 | |
r=LpSolit, a=LpSolit | |||||
2010-03-28 | Bug 553923: Don't word-wrap messages and errors for the WebService | Max Kanat-Alexander | 1 | -2/+10 | |
r=dkl, a=mkanat | |||||
2010-03-14 | Bug 498309: Speed up show_bug.cgi when there are many comments by caching | Max Kanat-Alexander | 1 | -1/+6 | |
field-descs globally for all template calls r=LpSolit, a=LpSolit | |||||
2010-03-01 | Bug 508823: Make it so that you don't ever have to reset template_inner (like | Max Kanat-Alexander | 1 | -3/+20 | |
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit | |||||
2010-03-01 | Bug 547466: Release Notes for Bugzilla 3.6rc1 | Max Kanat-Alexander | 1 | -2/+7 | |
r=LpSolit, r=gerv | |||||
2010-03-01 | Bug 545235: Simplify Bugzilla's language-choosing code | Max Kanat-Alexander | 1 | -4/+3 | |
r=LpSolit, a=LpSolit | |||||
2010-01-07 | Bug 514703 - revert changes to bug link detection algorithm. r,a=LpSolit | gerv%gerv.net | 1 | -9/+4 | |
2009-12-17 | Bug 525606: Make the template_before_process hook run whenever a template is ↵ | mkanat%bugzilla.org | 1 | -20/+3 | |
loaded (including PROCESS and INCLUDE), not just when $template->process is called. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-12-15 | Bug 523762: Prevent the template_before_process hook from causing an ↵ | mkanat%bugzilla.org | 1 | -3/+9 | |
infinite recursion when an error is thrown Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-12-04 | Bug 452919: Allow the "created an attachment" message in comments to be ↵ | mkanat%bugzilla.org | 1 | -6/+1 | |
localized Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2009-11-25 | Bug 530960: Put hooks into template/default/hook instead of template/hook | mkanat%bugzilla.org | 1 | -0/+8 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat | |||||
2009-11-24 | Post-checkin fix for bug 430012: Make checksetup not throw a warning when ↵ | mkanat%bugzilla.org | 1 | -15/+18 | |
there are no extension templates that got compiled. | |||||
2009-11-24 | Bug 430014: Re-write the code hooks system so that it uses modules instead ↵ | mkanat%bugzilla.org | 1 | -5/+5 | |
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat |