summaryrefslogtreecommitdiffstats
path: root/Bugzilla
AgeCommit message (Collapse)AuthorFilesLines
2012-01-31merged with bugzilla/4.2Dave Lawrence4-20/+44
2012-01-31(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵Frédéric Buclin1-1/+13
lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319
2012-01-31Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email ↵Frédéric Buclin2-2/+2
addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit
2012-01-31Bug 714446: Product.create default behavior is broken and inconsistent with PODFrédéric Buclin1-17/+29
r=dkl a=LpSolit
2012-01-28merged with bugzilla/4.2Dave Lawrence3-5/+35
2012-01-27Bug 721715: URLs in the See Also field must be detainted before inserted ↵Frédéric Buclin1-4/+3
into the DB r=dkl a=LpSolit
2012-01-25Bug 717217: The regexp in Bugzilla::BugUrl::JIRA::should_handle() isn'tSimon Green1-1/+1
restrictive enough (min two letters required) r=timello, a=LpSolit
2012-01-25Bug 719526 - Add an extra mail header to messages containing a link to a ↵Dave Lawrence1-2/+10
first patch r=glob
2012-01-24Bug 718183: Rename duplicated series names before inserting the new index in ↵Frédéric Buclin1-0/+31
the series table r=dkl a=LpSolit
2012-01-24merged with bugzilla/4.2Dave Lawrence2-4/+21
2012-01-24Bug 715870: [Oracle] Related sequences and triggers must be removed when ↵Frédéric Buclin1-1/+19
dropping a table r=mkanat a=LpSolit
2012-01-24Bug 633061: Require Apache2::SizeLimit 0.96 for proper operation on LinuxMax Kanat-Alexander1-3/+2
r=dkl a=mkanat
2012-01-23Bug 719363: add instant searchByron Jones1-2/+2
2012-01-17merged with bugzilla/4.2Dave Lawrence9-4/+27
2012-01-12Bug 715731 - profile_search.user_id should have a FK pointing to profiles.useridDave Lawrence1-1/+4
r/a=LpSolit
2012-01-12Bug 717502: remove pdf from bugzilla/constantsByron Jones1-1/+0
2012-01-12Bug 717502: add PDF to the list of selectable content-typesReed Loden1-0/+1
2012-01-12Bug 715902: Do not log personal common activities in audit_logFrédéric Buclin8-3/+23
r=dkl a=LpSolit
2012-01-12Bug 715467 - Inconsistency in patch option linksDave Lawrence1-1/+1
2012-01-11Bug 714370 - Add accessors to the Flag.pm object for modification_date and ↵Dave Lawrence1-0/+13
creation_date r=glob
2012-01-11Bug 715806: deal with theschwartz sendmail errors correctlyByron Jones2-1/+98
2012-01-11merged with bugzilla/4.2Dave Lawrence1-3/+6
2012-01-11Bug 716227: When checksetup.pl tells the admin that he should edit variables ↵Frédéric Buclin1-3/+6
in localconfig, the message should be red r=timello a=LpSolit
2012-01-09715477: Inactive but set flags are no longer visible when editing a bugDave Lawrence3-5/+10
https://bugzilla.mozilla.org/show_bug.cgi?id=715477
2012-01-09merge with bugzilla/4.2Dave Lawrence1-1/+12
2012-01-09merge with bugzilla/4.2Dave Lawrence14-61/+212
2012-01-05Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due ↵Frédéric Buclin1-1/+12
to non-backward compatibility r=dkl r=mkanat a=LpSolit
2011-12-29Bump the version number post-releaseDave Lawrence1-1/+1
2011-12-29Bump version for 4.2rc1Dave Lawrence1-1/+1
2011-12-28Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵Frédéric Buclin3-19/+45
WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=dkl a=LpSolit
2011-12-28Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or ↵Byron Jones1-1/+1
tabular and graphical reports in debug mode r=gerv, a=LpSolit
2011-12-28Bug 713144: The SQL query to remove older searches from the profile_search ↵Frédéric Buclin1-6/+8
table should be more robust r=dkl a=LpSolit
2011-12-26Bug 683644: Foreign keys aren't renamed correctly when DB tables are renamedFrédéric Buclin6-29/+120
r=wicked a=LpSolit
2011-12-21merged with bmo/4.0Dave Lawrence1-2/+2
2011-12-19Bug 711925: Update from 4.0 or older to 4.2 or trunk fails when bug_see_also ↵Frédéric Buclin2-2/+2
field is populated r=wicked a=LpSolit
2011-12-16Last Comment Bug 685611 - delta_ts is updated even when no changes are made ↵Dave Lawrence3-3/+35
to bugs created via WebServices r/a=LpSolit
2011-12-15merged with bugzilla/4.2Dave Lawrence2-15/+19
2011-12-13Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵Reed Loden1-2/+7
unauthorized account creation e-mail request [r=mkanat a=mkanat]
2011-12-09Bug 644281: When the sort order of a buglist is modified, the "Show next bug ↵Frédéric Buclin1-13/+12
in my list" user pref still uses the original sort order to decide which bug to display next r=glob a=LpSolit
2011-12-08merged with bugzilla/4.2Dave Lawrence6-46/+37
2011-12-06Bug 657290: Bug.add_attachment() stores truncated timestamps in the DB ↵Frédéric Buclin1-1/+4
(seconds are missing) r=dkl a=mkanat
2011-12-05Bug 692354: Incorrect parameter type in WebServices documentation for ↵Matt Selsky1-1/+1
Bug.add_comment r/a=mkanat
2011-12-05Forgot to fix all occurences of $cache->{search_columns}->{$user->id}, see ↵Frédéric Buclin1-2/+2
bug 550299
2011-12-05Bug 550299: User fields are left blank in buglists and whines when local ↵Frédéric Buclin5-40/+24
user accounts are used (i.e. they have no @company.com suffix) r/a=mkanat
2011-12-05Bug 707594: Fix broken account lockout notificationsByron Jones1-1/+2
2011-12-05Bug 707594: Fix broken account lockout notificationsByron Jones1-1/+2
r=LpSolit, a=LpSolit
2011-12-05Bug 701350: Oracle crashes if the 'maxattachmentsize' parameter is set to a ↵Frédéric Buclin1-2/+6
too small value r/a=mkanat
2011-11-30merged with bugzilla/4.2Dave Lawrence2-66/+35
2011-11-30Bug 696005: Fix encoding of emails when modified by extensionsByron Jones1-19/+19
2011-11-30Bug 301656: Adds a preference to CC flag requestees to bugsByron Jones2-8/+22