summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Template.pm
AgeCommit message (Collapse)AuthorFilesLines
2014-10-06merged with upstream 4.2David Lawrence1-1/+3
2014-10-06Bug 1054702: CSV export vulnerable to formulae injectionSimon Green1-1/+3
r=glob,a=glob
2014-09-25Bug 1072110: _concatenate_js assumes javascript_urls is an arrayByron Jones1-1/+2
2014-09-17Bug 1064395: concatenate and slightly minify javascript filesByron Jones1-1/+50
2014-07-07Bug 1033955: backport bug 1028795 to bmo (pre-load all related bugs during ↵Byron Jones1-4/+5
show_bug initialisation)
2014-05-27Bug 1014374: backport bug 977969 to bmo (concatenate and slightly minify css ↵Byron Jones1-3/+3
files)
2014-05-22add missing mod_perl fix for bug 977969Byron Jones1-0/+1
2014-05-22Bug 1014374: backport bug 977969 to bmo (concatenate and slightly minify css ↵Byron Jones1-17/+79
files)
2014-04-23merged with bugzilla/4.2Byron Jones1-14/+11
2014-04-18Bug 998323 - URLs pasted in comments are no longer displayedDavid Lawrence1-14/+11
r=LpSolit,a=justdave
2014-04-18merged with bugzilla/4.2David Lawrence1-0/+11
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar1-0/+11
r=glob a=justdave
2014-03-04Bug 956230: improve instrumentation of bugzilla's internalsByron Jones1-1/+4
2014-01-29Bug 105865: bugzilla should pay attention to linebreaks when making ↵Byron Jones1-6/+10
bugnumbers to links
2013-11-19Bug 929345: bug history/activity shouldn't collapse multi-line values to a ↵Byron Jones1-8/+0
single line
2013-10-25Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵Dave Lawrence1-4/+1
invalid cookies/tokens are used with webservices
2013-10-23Bug 895687: add UserStory extensionByron Jones1-0/+8
2013-09-27Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵Dave Lawrence1-1/+4
should throw errors, not be silently ignored
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence1-4/+1
throw errors, not be silently ignored
2013-09-23Bug 919416: set STAT_TTL in template provider to > 1 secondByron Jones1-0/+4
2013-07-25Remove debugging lineDave Lawrence1-1/+0
2013-07-24Bug 895309 - comments returned via the REST endpoint shouldn't be wrappedDave Lawrence1-1/+3
https://bugzilla.mozilla.org/show_bug.cgi?id=859309
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin1-0/+1
invalid page format r=glob a=LpSolit
2013-02-19Bug 842038Byron Jones1-0/+1
2013-01-17Bug 830467 - Don't call _wanted_languages() when only one is availableDave Lawrence1-8/+3
2013-01-14merged with bugzilla/4.2Dave Lawrence1-1/+1
2013-01-14Bug 829709 - Do not load CSS files from all skins by defaultDave Lawrence1-36/+13
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2012-11-28Bug 814411: Add a caching mechanism to Bugzilla::Object to avoid querying ↵Byron Jones1-3/+3
the database repeatedly for the same information
2012-11-26Bug 812543 - Back port patch from bug 797636 to bmo/4.2 to bring in ↵Dave Lawrence1-3/+2
performance enhancements r=glob
2012-10-12Bug 799257 - Backport bug 795650 and bug 797833 to bmo/4.0 and bmo/4.2 for ↵Dave Lawrence1-0/+9
performance improvement r=glob
2012-08-07Revert commit 8283Dave Lawrence1-10/+0
2012-08-07Bug 778631: use a persistent Template::Provider to avoid recompiling ↵Byron Jones1-0/+10
templates between page loads
2012-08-01merged with bugzilla/4.2Dave Lawrence1-14/+18
2012-07-26Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information ↵Frédéric Buclin1-14/+18
about restricted bugs r=glob a=LpSolit
2012-05-22merged with bugzilla/4.2Dave Lawrence1-1/+1
2012-05-17Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are ↵Simon Green1-1/+1
not escaped correctly in SAFE_URL_REGEXP r/a=LpSolit
2012-03-06Bug 732189 - Backport 731562 to bmo: Cache the global/user.html.tmpl ↵Dave Lawrence1-1/+9
template, r=glob https://bugzilla.mozilla.org/show_bug.cgi?id=731562
2012-01-12Bug 715467 - Inconsistency in patch option linksDave Lawrence1-1/+1
2011-10-05Some more 4.2 porting fixesDavid Lawrence1-0/+12
2011-10-05more porting workDavid Lawrence1-5/+8
2011-08-04Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment ↵Reed Loden1-0/+3
containing newline are corrupt [r=LpSolit a=LpSolit]
2011-08-01Bug 634812: Having a very large number of custom fields can make displaying ↵Frédéric Buclin1-0/+5
show_bug.cgi slow r=glob a=LpSolit
2011-07-25Bug 652663 - When using bug_format_comment hook some replacements can happen ↵David Lawrence1-2/+4
more than once causing broken links r/a=LpSolit
2011-07-08Bug 670169 - Escape '>' in js filterReed Loden1-0/+1
[r=LpSolit a=LpSolit]
2011-05-24Bug 659185: html_quote() escapes @ causing mailto links to not be processedFrédéric Buclin1-1/+2
r/a=mkanat
2011-04-28Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann1-0/+1
r=mkanat, a=mkanat
2011-04-21Bug 650593: Bugzilla crashes when the database is gone, even when ↵Frédéric Buclin1-3/+4
shutdownhtml is set r=justdave a=LpSolit
2011-01-24Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵Frédéric Buclin1-6/+21
for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
2011-01-04Bug 595410: Make it faster to display a bug that has a lot of dependencies.Max Kanat-Alexander1-41/+12
r=LpSolit, a=LpSolit