summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Token.pm
AgeCommit message (Collapse)AuthorFilesLines
2014-09-08Bug 1046126: Do not generate a new API token every time you access a ↵David Lawrence1-3/+10
bug-related page r=sgreen,a=glob
2014-08-13Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modulesFrédéric Buclin1-0/+1
r=dkl a=sgreen
2014-07-27Bug 726696 - All authenticated WebServices methods should require ↵Simon Green1-1/+17
username/pass, token or a valid API key for authentication r=dkl, a=sgreen
2014-02-27Bug 947823: Replace gender-specific pronouns with gender-neutral pronounsCharlie Somerville1-8/+8
r=gerv a=justdave
2014-01-27Bug 964113: Digest::SHA 5.82 and newer always croak on wide characters, ↵Frédéric Buclin1-0/+4
preventing saved searched from being displayed r=dkl a=justdave
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence1-5/+17
and allowing easier brute force r=LpSolit,a=glob
2013-06-06Bug 878035: Do not disclose whether a user account exists or not when a user ↵Frédéric Buclin1-1/+3
clicks "forgot password" r=dkl a=LpSolit
2012-12-01Bug 787668: Use |use parent| instead of |use base|Matt Selsky1-1/+1
r/a=LpSolit
2012-11-30Bug 816747 - Add dummy POD for unPODded methods.Marc Schumann1-0/+10
r/a=LpSolit
2012-09-01Bug 787529: Use |use 5.10.1| everywhereFrédéric Buclin1-7/+2
r=wicked a=LpSolit
2012-07-30Bug 767623 - Use HMAC to generate tokens and sensitive graph filenamesReed Loden1-8/+6
[r=LpSolit a=LpSolit]
2012-04-13Bug 349337: The time between two successive token requests should be a constantKoosha Khajeh Moogahi1-3/+3
r/a=LpSolit
2012-01-11Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin1-20/+5
add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
2011-12-13Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵Reed Loden1-2/+7
unauthorized account creation e-mail request [r=mkanat a=mkanat]
2011-08-17Bug 677522: IssueEmailChangeToken() should get the old login name from the ↵Frédéric Buclin1-4/+4
user object r=timello a=LpSolit
2011-08-16Bug 677901: Bugzilla crashes when no token is passed to token.cgi but the ↵Frédéric Buclin1-6/+4
script expects one, because tokens are incorrectly validated r/a=mkanat
2011-08-15Bug 678959: Make GenerateUniqueToken work for all tablesByron Jones1-1/+1
r=LpSolit, a=LpSolit
2011-07-25Bug 589128: Adds a preference allowing users to choose between text or htmlByron Jones1-3/+3
for bugmail. r=LpSolit, a=LpSolit
2010-10-07Bug 602165: Change sql_interval to sql_date_math, in preparation forMax Kanat-Alexander1-14/+14
MS-SQL and SQLite support.
2010-03-01Bug 508823: Make it so that you don't ever have to reset template_inner (likeMax Kanat-Alexander1-3/+0
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit
2009-12-31Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxiesmkanat%bugzilla.org1-2/+2
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-02-09Bug 477513: md5_hex() fails if a saved search has UTF8 characters in it - ↵lpsolit%gmail.com1-1/+7
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-02-02Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making ↵lpsolit%gmail.com1-2/+52
bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-01-08Bug 452519: Fix timezones in emails - Patch by Frédéric Buclin ↵lpsolit%gmail.com1-7/+9
<LpSolit@gmail.com> r=wicked a=LpSolit
2008-04-03Bug 405946: Some emails are not sent in the language chosen by the addressee ↵lpsolit%gmail.com1-41/+42
- Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
2007-11-19Bug 399163: Bugzilla/*.pm should use transactions for database interaction - ↵lpsolit%gmail.com1-6/+2
Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat
2007-03-11Bug 366466 - "flag notification mail has canceled spelled incorrectly" ↵reed%reedloden.com1-3/+3
[p=reed r=timeless a=mkanat]
2006-11-21Fix nits about bug 316797lpsolit%gmail.com1-3/+3
2006-11-21Bug 316797: Token.pm needs POD - Patch by Frédéric Buclin ↵lpsolit%gmail.com1-0/+181
<LpSolit@gmail.com> r/a=myk
2006-10-21Bug 340538: Insecure dependency in exec while running with -T switch at ↵wurblzap%gmail.com1-1/+0
/usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
2006-10-15Bug 281181: [SECURITY] It's way too easy to delete ↵lpsolit%gmail.com1-3/+54
versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-26Bug 350120: undefined value when creating a new user account - Patch by ↵lpsolit%gmail.com1-1/+1
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-20Bug 87795: Creating an account should send token and wait for confirmation ↵lpsolit%gmail.com1-16/+46
(prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
2006-07-14Bug 343338: Eliminate "my" variables from the root level of modulesmkanat%bugzilla.org1-4/+4
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-07-04Bug 338375: Use Bugzilla->params everywhere instead of Param().mkanat%bugzilla.org1-1/+0
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-07-04Bug 342869: Use Bugzilla->params everywhere except templatesmkanat%bugzilla.org1-7/+8
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-06-21Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵lpsolit%gmail.com1-3/+0
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-06-02Bug 339862: Move Bugzilla::BugMail::MessageToMTA() in a separate module - ↵lpsolit%gmail.com1-5/+5
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave
2006-03-10I forgot a "fix on checkin" (useless whitespaces)lpsolit%gmail.com1-1/+1
2006-03-10Bug 300551: Eliminate deprecated Bugzilla::DB routines from User.pm and ↵lpsolit%gmail.com1-67/+60
Token.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
2006-01-03Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵lpsolit%gmail.com1-1/+5
logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave
2005-11-14Bug 301062: [PostgreSQL] whine.pl fails when using PostgreSQL 8.0.x - Patch ↵lpsolit%gmail.com1-1/+1
by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=manu a=justdave
2005-10-25Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵lpsolit%gmail.com1-7/+7
Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
2005-09-02Bug 304582: Move GenerateRandomPassword() out of globals.pl - Patch by ↵lpsolit%gmail.com1-2/+2
Frédéric Buclin <LpSolit@gmail.com> r=joel a=myk
2005-08-13Bug 303669: Bugzilla mis-uses perl subroutine prototypesmkanat%kerio.com1-3/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-08-10Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵lpsolit%gmail.com1-2/+2
r=mkanat,wicked a=justdave
2005-08-09Backout of bug 303669 which broke AppendComment and possibly a numberbugreport%peshkin.net1-3/+3
of other items.
2005-08-09Bug 303669: Bugzilla mis-uses perl subroutine prototypesmkanat%kerio.com1-3/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-07-08Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵mkanat%kerio.com1-1/+1
insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-07-01Bug 297646: Write helper functions for Bugzilla::Token.pmbugzilla%glob.com.au1-45/+80
Patch by Byron Jones <bugzilla@glob.com.au> r=LpSolit,a=justdave