Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-10-16 | Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵ | Dave Lawrence | 1 | -5/+17 | |
and allowing easier brute force r=LpSolit,a=glob | |||||
2011-12-13 | Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵ | Reed Loden | 1 | -2/+7 | |
unauthorized account creation e-mail request [r=mkanat a=mkanat] | |||||
2011-08-17 | Bug 677522: IssueEmailChangeToken() should get the old login name from the ↵ | Frédéric Buclin | 1 | -4/+4 | |
user object r=timello a=LpSolit | |||||
2011-08-15 | Bug 678959: Make GenerateUniqueToken work for all tables | Byron Jones | 1 | -1/+1 | |
r=LpSolit, a=LpSolit | |||||
2011-07-25 | Bug 589128: Adds a preference allowing users to choose between text or html | Byron Jones | 1 | -3/+3 | |
for bugmail. r=LpSolit, a=LpSolit | |||||
2010-10-07 | Bug 602165: Change sql_interval to sql_date_math, in preparation for | Max Kanat-Alexander | 1 | -14/+14 | |
MS-SQL and SQLite support. | |||||
2010-03-01 | Bug 508823: Make it so that you don't ever have to reset template_inner (like | Max Kanat-Alexander | 1 | -3/+0 | |
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit | |||||
2009-12-31 | Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies | mkanat%bugzilla.org | 1 | -2/+2 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-02-09 | Bug 477513: md5_hex() fails if a saved search has UTF8 characters in it - ↵ | lpsolit%gmail.com | 1 | -1/+7 | |
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit | |||||
2009-02-02 | Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making ↵ | lpsolit%gmail.com | 1 | -2/+52 | |
bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit | |||||
2009-01-08 | Bug 452519: Fix timezones in emails - Patch by Frédéric Buclin ↵ | lpsolit%gmail.com | 1 | -7/+9 | |
<LpSolit@gmail.com> r=wicked a=LpSolit | |||||
2008-04-03 | Bug 405946: Some emails are not sent in the language chosen by the addressee ↵ | lpsolit%gmail.com | 1 | -41/+42 | |
- Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit | |||||
2007-11-19 | Bug 399163: Bugzilla/*.pm should use transactions for database interaction - ↵ | lpsolit%gmail.com | 1 | -6/+2 | |
Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat | |||||
2007-03-11 | Bug 366466 - "flag notification mail has canceled spelled incorrectly" ↵ | reed%reedloden.com | 1 | -3/+3 | |
[p=reed r=timeless a=mkanat] | |||||
2006-11-21 | Fix nits about bug 316797 | lpsolit%gmail.com | 1 | -3/+3 | |
2006-11-21 | Bug 316797: Token.pm needs POD - Patch by Frédéric Buclin ↵ | lpsolit%gmail.com | 1 | -0/+181 | |
<LpSolit@gmail.com> r/a=myk | |||||
2006-10-21 | Bug 340538: Insecure dependency in exec while running with -T switch at ↵ | wurblzap%gmail.com | 1 | -1/+0 | |
/usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk | |||||
2006-10-15 | Bug 281181: [SECURITY] It's way too easy to delete ↵ | lpsolit%gmail.com | 1 | -3/+54 | |
versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | |||||
2006-08-26 | Bug 350120: undefined value when creating a new user account - Patch by ↵ | lpsolit%gmail.com | 1 | -1/+1 | |
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | |||||
2006-08-20 | Bug 87795: Creating an account should send token and wait for confirmation ↵ | lpsolit%gmail.com | 1 | -16/+46 | |
(prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk | |||||
2006-07-14 | Bug 343338: Eliminate "my" variables from the root level of modules | mkanat%bugzilla.org | 1 | -4/+4 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | |||||
2006-07-04 | Bug 338375: Use Bugzilla->params everywhere instead of Param(). | mkanat%bugzilla.org | 1 | -1/+0 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2006-07-04 | Bug 342869: Use Bugzilla->params everywhere except templates | mkanat%bugzilla.org | 1 | -7/+8 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2006-06-21 | Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵ | lpsolit%gmail.com | 1 | -3/+0 | |
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | |||||
2006-06-02 | Bug 339862: Move Bugzilla::BugMail::MessageToMTA() in a separate module - ↵ | lpsolit%gmail.com | 1 | -5/+5 | |
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave | |||||
2006-03-10 | I forgot a "fix on checkin" (useless whitespaces) | lpsolit%gmail.com | 1 | -1/+1 | |
2006-03-10 | Bug 300551: Eliminate deprecated Bugzilla::DB routines from User.pm and ↵ | lpsolit%gmail.com | 1 | -67/+60 | |
Token.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave | |||||
2006-01-03 | Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵ | lpsolit%gmail.com | 1 | -1/+5 | |
logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave | |||||
2005-11-14 | Bug 301062: [PostgreSQL] whine.pl fails when using PostgreSQL 8.0.x - Patch ↵ | lpsolit%gmail.com | 1 | -1/+1 | |
by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=manu a=justdave | |||||
2005-10-25 | Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵ | lpsolit%gmail.com | 1 | -7/+7 | |
Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave | |||||
2005-09-02 | Bug 304582: Move GenerateRandomPassword() out of globals.pl - Patch by ↵ | lpsolit%gmail.com | 1 | -2/+2 | |
Frédéric Buclin <LpSolit@gmail.com> r=joel a=myk | |||||
2005-08-13 | Bug 303669: Bugzilla mis-uses perl subroutine prototypes | mkanat%kerio.com | 1 | -3/+3 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2005-08-10 | Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵ | lpsolit%gmail.com | 1 | -2/+2 | |
r=mkanat,wicked a=justdave | |||||
2005-08-09 | Backout of bug 303669 which broke AppendComment and possibly a number | bugreport%peshkin.net | 1 | -3/+3 | |
of other items. | |||||
2005-08-09 | Bug 303669: Bugzilla mis-uses perl subroutine prototypes | mkanat%kerio.com | 1 | -3/+3 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2005-07-08 | Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵ | mkanat%kerio.com | 1 | -1/+1 | |
insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2005-07-01 | Bug 297646: Write helper functions for Bugzilla::Token.pm | bugzilla%glob.com.au | 1 | -45/+80 | |
Patch by Byron Jones <bugzilla@glob.com.au> r=LpSolit,a=justdave | |||||
2005-03-03 | Bug: 284244: DATE_SUB and DATE_ADD are not ANSI SQL | mkanat%kerio.com | 1 | -2/+2 | |
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=wicked, a=justdave | |||||
2005-02-20 | Bug 280502: Replace "INTERVAL" with Bugzilla::DB function call | mkanat%kerio.com | 1 | -1/+2 | |
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave | |||||
2005-02-20 | Bug 280499: Replace "TO_DAYS()" with Bugzilla::DB function call | mkanat%kerio.com | 1 | -2/+3 | |
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave | |||||
2005-02-19 | Bug 280497: Replace "LIMIT" with Bugzilla::DB function call | mkanat%kerio.com | 1 | -2/+3 | |
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=justdave | |||||
2005-02-18 | Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function call | mkanat%kerio.com | 1 | -8/+14 | |
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk | |||||
2005-01-01 | Bug 59351 - move all calls to sendmail to a central place. Patch by mkanat; ↵ | gerv%gerv.net | 1 | -14/+5 | |
r=gerv,vladd; a=justdave. | |||||
2004-10-25 | Bug 250897: Enforce a 10 minute waiting period between password reset ↵ | justdave%bugzilla.org | 1 | -4/+12 | |
attempts to prevent the user getting mailbombed if the form is submitted multiple times. Patch by Joel Peshkin <bugreport@peshkin.net> r=kiko, a=justdave | |||||
2004-03-18 | Bug 237864: clean up leftovers from the bug 192516 checkin (some occurances ↵ | justdave%syndicomm.com | 1 | -2/+2 | |
of Token got missed) r= gerv, a= justdave | |||||
2004-03-18 | Bug 192516: Moving the loose .pm files into the Bugzilla directory, where ↵ | justdave%syndicomm.com | 1 | -1/+1 | |
they belong. These files pre-date the Bugzilla directory, and would have gone there had it existed at the time. The four files in question were copied on the CVS server to preserve CVS history in the files. This checkin deletes them from the old location and modifies everything else to know where they are now. r= myk, gerv a= justdave | |||||
2003-09-14 | Bug 208699 - Move Throw{Code,Template}Error into Error.pm | bbaetz%acm.org | 1 | -5/+6 | |
r,a=justdave | |||||
2003-06-07 | Bug 205463 - Tokens aren't canceled after a successful login. | bbaetz%acm.org | 1 | -1/+1 | |
patch by 'Randall M! Gee', r=bbaetz, a=justdave | |||||
2003-03-22 | Bug 180642 - Move authentication code into a module | bbaetz%acm.org | 1 | -10/+11 | |
r=gerv, justdave a=justdave | |||||
2003-03-14 | Bug 193989: EmailSuffix wasn't getting used for password change tokens. ↵ | justdave%syndicomm.com | 1 | -4/+1 | |
Also removes real name from To: header which wasn't being escaped properly for RFC2822 specs. Patch by Jeff Lawson <jlawson-mozilla@bovine.net> r=justdave, a=justdave |