summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Template.pm
AgeCommit message (Collapse)AuthorFilesLines
2014-04-17Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla textManish Goregaokar1-0/+11
r=glob a=justdave
2014-03-04Bug 956230: improve instrumentation of bugzilla's internalsByron Jones1-1/+4
2014-01-29Bug 105865: bugzilla should pay attention to linebreaks when making ↵Byron Jones1-6/+10
bugnumbers to links
2013-11-19Bug 929345: bug history/activity shouldn't collapse multi-line values to a ↵Byron Jones1-8/+0
single line
2013-10-25Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵Dave Lawrence1-4/+1
invalid cookies/tokens are used with webservices
2013-10-23Bug 895687: add UserStory extensionByron Jones1-0/+8
2013-09-27Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵Dave Lawrence1-1/+4
should throw errors, not be silently ignored
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence1-4/+1
throw errors, not be silently ignored
2013-09-23Bug 919416: set STAT_TTL in template provider to > 1 secondByron Jones1-0/+4
2013-07-25Remove debugging lineDave Lawrence1-1/+0
2013-07-24Bug 895309 - comments returned via the REST endpoint shouldn't be wrappedDave Lawrence1-1/+3
https://bugzilla.mozilla.org/show_bug.cgi?id=859309
2013-02-19Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an ↵Frédéric Buclin1-0/+1
invalid page format r=glob a=LpSolit
2013-02-19Bug 842038Byron Jones1-0/+1
2013-01-17Bug 830467 - Don't call _wanted_languages() when only one is availableDave Lawrence1-8/+3
2013-01-14merged with bugzilla/4.2Dave Lawrence1-1/+1
2013-01-14Bug 829709 - Do not load CSS files from all skins by defaultDave Lawrence1-36/+13
2013-01-14Bug 829939: Only build default_authorizer on requestFrédéric Buclin1-1/+1
r=glob a=LpSolit
2012-11-28Bug 814411: Add a caching mechanism to Bugzilla::Object to avoid querying ↵Byron Jones1-3/+3
the database repeatedly for the same information
2012-11-26Bug 812543 - Back port patch from bug 797636 to bmo/4.2 to bring in ↵Dave Lawrence1-3/+2
performance enhancements r=glob
2012-10-12Bug 799257 - Backport bug 795650 and bug 797833 to bmo/4.0 and bmo/4.2 for ↵Dave Lawrence1-0/+9
performance improvement r=glob
2012-08-07Revert commit 8283Dave Lawrence1-10/+0
2012-08-07Bug 778631: use a persistent Template::Provider to avoid recompiling ↵Byron Jones1-0/+10
templates between page loads
2012-08-01merged with bugzilla/4.2Dave Lawrence1-14/+18
2012-07-26Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information ↵Frédéric Buclin1-14/+18
about restricted bugs r=glob a=LpSolit
2012-05-22merged with bugzilla/4.2Dave Lawrence1-1/+1
2012-05-17Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are ↵Simon Green1-1/+1
not escaped correctly in SAFE_URL_REGEXP r/a=LpSolit
2012-03-06Bug 732189 - Backport 731562 to bmo: Cache the global/user.html.tmpl ↵Dave Lawrence1-1/+9
template, r=glob https://bugzilla.mozilla.org/show_bug.cgi?id=731562
2012-01-12Bug 715467 - Inconsistency in patch option linksDave Lawrence1-1/+1
2011-10-05Some more 4.2 porting fixesDavid Lawrence1-0/+12
2011-10-05more porting workDavid Lawrence1-5/+8
2011-08-04Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment ↵Reed Loden1-0/+3
containing newline are corrupt [r=LpSolit a=LpSolit]
2011-08-01Bug 634812: Having a very large number of custom fields can make displaying ↵Frédéric Buclin1-0/+5
show_bug.cgi slow r=glob a=LpSolit
2011-07-25Bug 652663 - When using bug_format_comment hook some replacements can happen ↵David Lawrence1-2/+4
more than once causing broken links r/a=LpSolit
2011-07-08Bug 670169 - Escape '>' in js filterReed Loden1-0/+1
[r=LpSolit a=LpSolit]
2011-05-24Bug 659185: html_quote() escapes @ causing mailto links to not be processedFrédéric Buclin1-1/+2
r/a=mkanat
2011-04-28Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann1-0/+1
r=mkanat, a=mkanat
2011-04-21Bug 650593: Bugzilla crashes when the database is gone, even when ↵Frédéric Buclin1-3/+4
shutdownhtml is set r=justdave a=LpSolit
2011-01-24Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking ↵Frédéric Buclin1-6/+21
for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace and Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs r=dkl a=LpSolit
2011-01-04Bug 595410: Make it faster to display a bug that has a lot of dependencies.Max Kanat-Alexander1-41/+12
r=LpSolit, a=LpSolit
2010-11-04Bug 474766: The [details] string is duplicated when replying to a comment ↵Frédéric Buclin1-1/+1
containing a link to an attachment r/a=mkanat
2010-10-21Bug 605425: Non-english templates are no longer precompiled by checksetupFrédéric Buclin1-1/+2
r/a=mkanat
2010-10-14Bug 602418: Add "template_cache" to bz_locations(), a way of specifying thatMax Kanat-Alexander1-10/+14
cached templates should be stored somewhere else than the data directory. r=LpSolit, a=mkanat
2010-10-03Bug 65477: Send HTML bugmailGuy Pyrzak1-1/+5
r=mkanat, a=mkanat
2010-09-28Bug 595380: Add a ?mtime string to all of the manually-insertedMax Kanat-Alexander1-1/+1
<script src> and <link href> tags in Bugzilla r=glob, a=mkanat
2010-09-19Bug 586244: Make mod_headers and mod_expires optionalMax Kanat-Alexander1-8/+14
r=glob, a=mkanat
2010-08-10Bug 585490: Instead of hardcoding <i> for UNCONFIRMED bug links, useChristian Legnitto1-6/+9
a CSS class. r=mkanat, a=mkanat
2010-08-06Bug 466968: Remove hardcoded strings from BugMail.pm, and refactor it so ↵Frédéric Buclin1-0/+43
that bugmails are 100% localizable r/a=mkanat
2010-08-05Bug 583690: (CVE-2010-2759) [SECURITY][PostgreSQL] Bugzilla crashes when ↵Frédéric Buclin1-12/+6
viewing a bug if a comment contains 'bug <num>' or 'attachment <num>' where <num> is greater than the max allowed integer r=mkanat a=LpSolit
2010-08-04Bug 584021: FILTER txt should also remove &nbsp;Frédéric Buclin1-0/+2
r/a=mkanat
2010-07-23Bug 398701: Replace |FILTER url_quote| by |FILTER uri|Frédéric Buclin1-6/+0
r/a=mkanat