bugzilla - Bugzilla

Age	Commit message (Collapse)	Author	Files	Lines
2014-07-24	Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to ↵	Simon Green	1	-2/+3
	avoid swf content type sniff vulnerability r=glob,a=sgreen
2013-12-05	Bug 942599: Documentation about possible_duplicates() lists 'products' as ↵	Frédéric Buclin	1	-1/+1
	argument instead of 'product' r=dkl a=justdave
2013-07-24	Bug 880653 - Add POD for Bug.possible_duplicates webservice	Dave Lawrence	1	-0/+53
	r=LpSolit,a=sgreen
2013-07-15	Bug 787328 - xmlrpc.cgi doesn't send any security-related headers	Dave Lawrence	1	-2/+10
	r=glob,a=justdave
2013-05-04	Bug 859118 - Bug.search called with no arguments returns all visible bugs, ↵	Dave Lawrence	2	-11/+48
	ignoring max_search_results and search_allow_no_criteria r/a=LpSolit
2012-11-20	Bug 640756 - Make the documentation clearer that attachments created with ↵	Dave Miller	1	-1/+3
	Bug.add_attachment must by of type 'base64' when non-ASCII . r=LpSolit, a=LpSolit
2012-11-13	Bug 781850 (CVE-2012-4198): [SECURITY] Do not leak the existence of groups ↵	Frédéric Buclin	2	-6/+21
	when using User.get() r=dkl a=LpSolit
2012-10-13	Fix typo	Frédéric Buclin	1	-1/+1

2012-10-12	Bug 793826: Prevent private web service methods from being called	Koosha Khajeh Moogahi	1	-1/+3
	r=dkl a=LpSolit
2012-08-03	Bug 682317 - Bug.create is incorrectly documented as ignoring invalid ↵	Koosha Khajeh Moogahi	1	-2/+3
	fields; it should say it produces an error r=dkl, a=LpSolit
2012-05-24	Bug 744691: Throw an error early when calling a method from a non-existent class	Byron Jones	1	-0/+1
	r=dkl, a=LpSolit
2012-03-22	Bug 733458: The "creator" argument is listed twice for the Bug.search ↵	Matt Selsky	1	-7/+3
	WebService method r/a=LpSolit
2012-02-29	Bug 731219: Fix XMLRPC breakage when content-type contains a charset	Byron Jones	1	-1/+4
	r=dkl, a=LpSolit
2012-02-22	Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC ↵	Dave Lawrence	2	-0/+16
	API when using mod_perl r/a=LpSolit
2012-02-15	Bug 724464 - JSON-RPC support shouldn't require SOAP::Lite	Dave Lawrence	1	-0/+14
	r/a=LpSolit
2012-02-14	Bug 727240: The POD for Bug.attachments is wrong about the format of the ↵	Frédéric Buclin	1	-16/+10
	returned data r=dkl a=LpSolit
2012-01-31	(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵	Frédéric Buclin	1	-1/+13
	lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319
2012-01-31	Bug 714446: Product.create default behavior is broken and inconsistent with POD	Frédéric Buclin	1	-17/+29
	r=dkl a=LpSolit
2012-01-05	Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due ↵	Frédéric Buclin	1	-1/+12
	to non-backward compatibility r=dkl r=mkanat a=LpSolit
2011-12-28	Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵	Frédéric Buclin	2	-19/+8
	WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=dkl a=LpSolit
2011-12-06	Bug 657290: Bug.add_attachment() stores truncated timestamps in the DB ↵	Frédéric Buclin	1	-1/+4
	(seconds are missing) r=dkl a=mkanat
2011-12-05	Bug 692354: Incorrect parameter type in WebServices documentation for ↵	Matt Selsky	1	-1/+1
	Bug.add_comment r/a=mkanat
2011-10-15	Bug 689862: Fix Product.get to only return the Classification name,	Tiago Mello	1	-17/+2
	instead of all the classification info. r/a=LpSolit
2011-10-15	Bug 691243: Fix typo	Matt Selsky	1	-1/+1
	r/a=LpSolit
2011-09-27	Bug 655652: Remove "internals" field from Product.get	Frédéric Buclin	1	-9/+35
	r=glob a=LpSolit
2011-09-18	Fix typo in comments	Frédéric Buclin	1	-2/+2

2011-09-16	Fix typo in POD	Frédéric Buclin	1	-2/+2

2011-08-04	Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when ↵	Frédéric Buclin	1	-2/+1
	creating or editing a bug r=mkanat a=LpSolit
2011-07-20	Bug 600810: Use XMLRPC::Transport::HTTP:Apache as base class under mod_perl	Teemu Mannermaa	1	-1/+5
	r/a=mkanat
2011-07-05	Bug 658929 - User autocomplete is very slow when there are lots of users in ↵	David Lawrence	1	-2/+2
	the profiles table r/a=mkanat
2011-05-17	Bug 655229: Adds components, versions and milestones to Product.get	Byron Jones	2	-36/+233
	r=mkanat, a=mkanat
2011-05-06	Bug 653341: Bug.create() fails to error out if an invalid group is passed	Frédéric Buclin	2	-4/+11
	r/a=mkanat
2011-04-17	Bug 469195: New WebService function, Group.create.	Carole Pryfer	2	-1/+149
	r=mkanat, a=mkanat
2011-04-08	Improve the POD for Product.create.	Max Kanat-Alexander	1	-11/+17
	https://bugzilla.mozilla.org/show_bug.cgi?id=469193
2011-04-07	Bug 469193: WebService function to create new products (Product.create)	Julien Heyman	2	-0/+124
	r/a=mkanat
2011-03-08	Bug 622513 - Email-related regexp checking should be case-insensitive. a=mkanat.	Gervase Markham	1	-1/+1

2011-03-06	Bug 639151: Fix the webservice Bug.get method to return the correct see	Tiago Mello	1	-1/+2
	also url list. r/a=mkanat
2011-02-14	Bug 633055: Make Bug.legal_values explicitly throw an error if you pass "undef"	Max Kanat-Alexander	1	-0/+4
	for the "field" parameter r=dkl, a=mkanat
2011-02-14	Bug 609538: Make the JSON-RPC interface support UTF-8 when a recent version	Max Kanat-Alexander	1	-1/+16
	of LWP is installed r=dkl, a=mkanat
2011-02-14	Bug 633422: Fix the documentation for User.get's include_disabled parameter	Max Kanat-Alexander	1	-2/+9
	and make User.get check that its required parameters are passed. r=LpSolit, a=mkanat
2011-02-11	Fix a POD compilation error.	Max Kanat-Alexander	1	-1/+1
	https://bugzilla.mozilla.org/show_bug.cgi?id=633041
2011-02-11	Fix the POD of Bug.add_attachment to reflect that it now automatically	Max Kanat-Alexander	1	-3/+2
	picks the content_type of text/plain when you set is_patch to true. https://bugzilla.mozilla.org/show_bug.cgi?id=633041
2011-02-11	Bug 633041: Add an error code for zero_length_file and fill in content_type	Max Kanat-Alexander	2	-0/+5
	for patches when content_type is missing in Bug.add_attachment in the WebService r=LpSolit, a=LpSolit
2011-01-27	Bug 622679 - Autocomplete suggests inactive/disabled accounts as matches	David Lawrence	1	-1/+11
	r/a=mkanat
2010-12-27	Bug 588013: Fix typo	timeless	1	-1/+1
	r/a=mkanat
2010-12-13	Bug 617477: Fix numerous consistency and behavior issues surroudning Bug.update	Max Kanat-Alexander	3	-17/+127
	and Bugzilla::Bug. See https://bugzilla.mozilla.org/show_bug.cgi?id=617477#c2 for details. r=LpSolit, a=LpSolit
2010-12-06	Bug 617030 - Add an error code for json_rpc_invalid_callback, and fix the	Max Kanat-Alexander	2	-1/+2
	regex used by _bz_callback in Bugzilla::WebService::Server::JSONRPC to accept numbers other than 0 or 1. r=LpSolit, a=mkanat
2010-11-04	Bug 605573: List all available WebService methods at the top of the POD	Frédéric Buclin	5	-77/+35
	r/a=mkanat
2010-10-28	Bug 607966: Use of qw(...) as parentheses is deprecated since Perl 5.13.5	Frédéric Buclin	1	-1/+1
	r=gerv a=LpSolit
2010-10-27	Bug 602458: Add is_mandatory to Bug.fields output.	Max Kanat-Alexander	1	-0/+9
	r=timello, a=mkanat