summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Template.pm
AgeCommit message (Collapse)AuthorFilesLines
2016-03-10Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt pageDylan Hardison1-1/+1
2015-12-23Bug 1234237 - Backport upstream bug 1232785 to bmo/4.2 [SECURITY] Buglists ↵David Lawrence1-0/+3
in CSV format can be parsed as valid javascript in some browsers
2015-10-08Bug 1200765 - Make login UX mobile friendly to assist mobile authentication ↵Dylan William Hardison1-0/+5
workflow
2015-05-19Bug 1160430: Backport bug 69267 to BMO (Add the ability to deactivate keywords)Dylan William Hardison1-1/+6
2015-04-24Bug 1157395: CSRF in log in formDavid Lawrence1-0/+5
2015-03-24Bug 1096798: prototype modal show_bug viewByron Jones1-0/+3
2015-03-10Bug 1139749: backport bug 1128853 to bmo (Bugzilla shouldn't try to write ↵Byron Jones1-2/+0
API tokens into the shadow DB)
2015-02-24Bug 1134743: javascript filter should escape uncode line and paragraph ↵Byron Jones1-0/+2
separators (causes "Unterminated string literal" javascript error)
2015-02-03Bug 1128832: don't create api_tokens when pointing to the shadow_dbByron Jones1-0/+2
2015-01-29Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api ↵David Lawrence1-0/+6
keys for authentication
2014-11-18Bug 1100368: css concatenation breaks data: urlsByron Jones1-1/+3
2014-11-04Bug 1093622: Backout bug 1090427 for causing: authenticated calls from bzapi ↵Byron Jones1-5/+0
are failing: 'Untrusted Authentication Request'
2014-11-04Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for ↵David Lawrence1-0/+5
login forms
2014-10-06merged with upstream 4.2David Lawrence1-1/+3
2014-10-06Bug 1054702: CSV export vulnerable to formulae injectionSimon Green1-1/+3
r=glob,a=glob
2014-09-25Bug 1072110: _concatenate_js assumes javascript_urls is an arrayByron Jones1-1/+2
2014-09-17Bug 1064395: concatenate and slightly minify javascript filesByron Jones1-1/+50
2014-07-07Bug 1033955: backport bug 1028795 to bmo (pre-load all related bugs during ↵Byron Jones1-4/+5
show_bug initialisation)
2014-05-27Bug 1014374: backport bug 977969 to bmo (concatenate and slightly minify css ↵Byron Jones1-3/+3
files)
2014-05-22add missing mod_perl fix for bug 977969Byron Jones1-0/+1
2014-05-22Bug 1014374: backport bug 977969 to bmo (concatenate and slightly minify css ↵Byron Jones1-17/+79
files)
2014-04-23merged with bugzilla/4.2Byron Jones1-14/+11
2014-04-18Bug 998323 - URLs pasted in comments are no longer displayedDavid Lawrence1-14/+11
r=LpSolit,a=justdave
2014-04-18merged with bugzilla/4.2David Lawrence1-0/+11
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar1-0/+11
r=glob a=justdave
2014-03-04Bug 956230: improve instrumentation of bugzilla's internalsByron Jones1-1/+4
2014-01-29Bug 105865: bugzilla should pay attention to linebreaks when making ↵Byron Jones1-6/+10
bugnumbers to links
2013-11-19Bug 929345: bug history/activity shouldn't collapse multi-line values to a ↵Byron Jones1-8/+0
single line
2013-10-25Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵Dave Lawrence1-4/+1
invalid cookies/tokens are used with webservices
2013-10-23Bug 895687: add UserStory extensionByron Jones1-0/+8
2013-09-27Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵Dave Lawrence1-1/+4
should throw errors, not be silently ignored
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence1-4/+1
throw errors, not be silently ignored
2013-09-23Bug 919416: set STAT_TTL in template provider to > 1 secondByron Jones1-0/+4
2013-07-25Remove debugging lineDave Lawrence1-1/+0
2013-07-24Bug 895309 - comments returned via the REST endpoint shouldn't be wrappedDave Lawrence1-1/+3
https://bugzilla.mozilla.org/show_bug.cgi?id=859309
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin1-0/+1
invalid page format r=glob a=LpSolit
2013-02-19Bug 842038Byron Jones1-0/+1
2013-01-17Bug 830467 - Don't call _wanted_languages() when only one is availableDave Lawrence1-8/+3
2013-01-14merged with bugzilla/4.2Dave Lawrence1-1/+1
2013-01-14Bug 829709 - Do not load CSS files from all skins by defaultDave Lawrence1-36/+13
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2012-11-28Bug 814411: Add a caching mechanism to Bugzilla::Object to avoid querying ↵Byron Jones1-3/+3
the database repeatedly for the same information
2012-11-26Bug 812543 - Back port patch from bug 797636 to bmo/4.2 to bring in ↵Dave Lawrence1-3/+2
performance enhancements r=glob
2012-10-12Bug 799257 - Backport bug 795650 and bug 797833 to bmo/4.0 and bmo/4.2 for ↵Dave Lawrence1-0/+9
performance improvement r=glob
2012-08-07Revert commit 8283Dave Lawrence1-10/+0
2012-08-07Bug 778631: use a persistent Template::Provider to avoid recompiling ↵Byron Jones1-0/+10
templates between page loads
2012-08-01merged with bugzilla/4.2Dave Lawrence1-14/+18
2012-07-26Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information ↵Frédéric Buclin1-14/+18
about restricted bugs r=glob a=LpSolit
2012-05-22merged with bugzilla/4.2Dave Lawrence1-1/+1
2012-05-17Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are ↵Simon Green1-1/+1
not escaped correctly in SAFE_URL_REGEXP r/a=LpSolit