summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Token.pm
AgeCommit message (Collapse)AuthorFilesLines
2013-10-16Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ↵Dave Lawrence1-5/+17
and allowing easier brute force r=LpSolit,a=glob
2011-12-13Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵Reed Loden1-2/+7
unauthorized account creation e-mail request [r=mkanat a=mkanat]
2011-08-17Bug 677522: IssueEmailChangeToken() should get the old login name from the ↵Frédéric Buclin1-4/+4
user object r=timello a=LpSolit
2011-08-15Bug 678959: Make GenerateUniqueToken work for all tablesByron Jones1-1/+1
r=LpSolit, a=LpSolit
2011-07-25Bug 589128: Adds a preference allowing users to choose between text or htmlByron Jones1-3/+3
for bugmail. r=LpSolit, a=LpSolit
2010-10-07Bug 602165: Change sql_interval to sql_date_math, in preparation forMax Kanat-Alexander1-14/+14
MS-SQL and SQLite support.
2010-03-01Bug 508823: Make it so that you don't ever have to reset template_inner (likeMax Kanat-Alexander1-3/+0
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit
2009-12-31Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxiesmkanat%bugzilla.org1-2/+2
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-02-09Bug 477513: md5_hex() fails if a saved search has UTF8 characters in it - ↵lpsolit%gmail.com1-1/+7
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-02-02Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making ↵lpsolit%gmail.com1-2/+52
bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-01-08Bug 452519: Fix timezones in emails - Patch by Frédéric Buclin ↵lpsolit%gmail.com1-7/+9
<LpSolit@gmail.com> r=wicked a=LpSolit
2008-04-03Bug 405946: Some emails are not sent in the language chosen by the addressee ↵lpsolit%gmail.com1-41/+42
- Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
2007-11-19Bug 399163: Bugzilla/*.pm should use transactions for database interaction - ↵lpsolit%gmail.com1-6/+2
Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat
2007-03-11Bug 366466 - "flag notification mail has canceled spelled incorrectly" ↵reed%reedloden.com1-3/+3
[p=reed r=timeless a=mkanat]
2006-11-21Fix nits about bug 316797lpsolit%gmail.com1-3/+3
2006-11-21Bug 316797: Token.pm needs POD - Patch by Frédéric Buclin ↵lpsolit%gmail.com1-0/+181
<LpSolit@gmail.com> r/a=myk
2006-10-21Bug 340538: Insecure dependency in exec while running with -T switch at ↵wurblzap%gmail.com1-1/+0
/usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
2006-10-15Bug 281181: [SECURITY] It's way too easy to delete ↵lpsolit%gmail.com1-3/+54
versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-26Bug 350120: undefined value when creating a new user account - Patch by ↵lpsolit%gmail.com1-1/+1
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-20Bug 87795: Creating an account should send token and wait for confirmation ↵lpsolit%gmail.com1-16/+46
(prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
2006-07-14Bug 343338: Eliminate "my" variables from the root level of modulesmkanat%bugzilla.org1-4/+4
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-07-04Bug 338375: Use Bugzilla->params everywhere instead of Param().mkanat%bugzilla.org1-1/+0
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-07-04Bug 342869: Use Bugzilla->params everywhere except templatesmkanat%bugzilla.org1-7/+8
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-06-21Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵lpsolit%gmail.com1-3/+0
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-06-02Bug 339862: Move Bugzilla::BugMail::MessageToMTA() in a separate module - ↵lpsolit%gmail.com1-5/+5
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave
2006-03-10I forgot a "fix on checkin" (useless whitespaces)lpsolit%gmail.com1-1/+1
2006-03-10Bug 300551: Eliminate deprecated Bugzilla::DB routines from User.pm and ↵lpsolit%gmail.com1-67/+60
Token.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
2006-01-03Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵lpsolit%gmail.com1-1/+5
logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave
2005-11-14Bug 301062: [PostgreSQL] whine.pl fails when using PostgreSQL 8.0.x - Patch ↵lpsolit%gmail.com1-1/+1
by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=manu a=justdave
2005-10-25Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵lpsolit%gmail.com1-7/+7
Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
2005-09-02Bug 304582: Move GenerateRandomPassword() out of globals.pl - Patch by ↵lpsolit%gmail.com1-2/+2
Frédéric Buclin <LpSolit@gmail.com> r=joel a=myk
2005-08-13Bug 303669: Bugzilla mis-uses perl subroutine prototypesmkanat%kerio.com1-3/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-08-10Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵lpsolit%gmail.com1-2/+2
r=mkanat,wicked a=justdave
2005-08-09Backout of bug 303669 which broke AppendComment and possibly a numberbugreport%peshkin.net1-3/+3
of other items.
2005-08-09Bug 303669: Bugzilla mis-uses perl subroutine prototypesmkanat%kerio.com1-3/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-07-08Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵mkanat%kerio.com1-1/+1
insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-07-01Bug 297646: Write helper functions for Bugzilla::Token.pmbugzilla%glob.com.au1-45/+80
Patch by Byron Jones <bugzilla@glob.com.au> r=LpSolit,a=justdave
2005-03-03Bug: 284244: DATE_SUB and DATE_ADD are not ANSI SQLmkanat%kerio.com1-2/+2
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=wicked, a=justdave
2005-02-20Bug 280502: Replace "INTERVAL" with Bugzilla::DB function callmkanat%kerio.com1-1/+2
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave
2005-02-20Bug 280499: Replace "TO_DAYS()" with Bugzilla::DB function callmkanat%kerio.com1-2/+3
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave
2005-02-19Bug 280497: Replace "LIMIT" with Bugzilla::DB function callmkanat%kerio.com1-2/+3
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=justdave
2005-02-18Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function callmkanat%kerio.com1-8/+14
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk
2005-01-01Bug 59351 - move all calls to sendmail to a central place. Patch by mkanat; ↵gerv%gerv.net1-14/+5
r=gerv,vladd; a=justdave.
2004-10-25Bug 250897: Enforce a 10 minute waiting period between password reset ↵justdave%bugzilla.org1-4/+12
attempts to prevent the user getting mailbombed if the form is submitted multiple times. Patch by Joel Peshkin <bugreport@peshkin.net> r=kiko, a=justdave
2004-03-18Bug 237864: clean up leftovers from the bug 192516 checkin (some occurances ↵justdave%syndicomm.com1-2/+2
of Token got missed) r= gerv, a= justdave
2004-03-18Bug 192516: Moving the loose .pm files into the Bugzilla directory, where ↵justdave%syndicomm.com1-1/+1
they belong. These files pre-date the Bugzilla directory, and would have gone there had it existed at the time. The four files in question were copied on the CVS server to preserve CVS history in the files. This checkin deletes them from the old location and modifies everything else to know where they are now. r= myk, gerv a= justdave
2003-09-14Bug 208699 - Move Throw{Code,Template}Error into Error.pmbbaetz%acm.org1-5/+6
r,a=justdave
2003-06-07Bug 205463 - Tokens aren't canceled after a successful login.bbaetz%acm.org1-1/+1
patch by 'Randall M! Gee', r=bbaetz, a=justdave
2003-03-22Bug 180642 - Move authentication code into a modulebbaetz%acm.org1-10/+11
r=gerv, justdave a=justdave
2003-03-14Bug 193989: EmailSuffix wasn't getting used for password change tokens. ↵justdave%syndicomm.com1-4/+1
Also removes real name from To: header which wasn't being escaped properly for RFC2822 specs. Patch by Jeff Lawson <jlawson-mozilla@bovine.net> r=justdave, a=justdave