summaryrefslogtreecommitdiffstats
path: root/Bugzilla
AgeCommit message (Collapse)AuthorFilesLines
2012-04-18Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed ↵Frédéric Buclin3-5/+117
by altering the X-FORWARDED-FOR header r=glob a=LpSolit
2012-04-18Bug 746547: SMALLSERIAL is of type INT2, not INT1Frédéric Buclin1-1/+1
r=timello a=LpSolit
2012-04-17Bug 745197: Add a hook in Bugzilla::Error::_throw_error() so that extensions ↵Frédéric Buclin2-44/+80
can control the way to throw errors r=dkl a=LpSolit
2012-04-17Bug 745320: Shared queries do not work when tags are part of the queryFrédéric Buclin1-3/+3
r=dkl a=LpSolit
2012-04-13Move doc of the admin_editusers_action hook at its right placeFrédéric Buclin1-24/+24
2012-04-12Bug 737436: Relative dates do not work correctly with the deadline fieldFrédéric Buclin1-5/+11
r=dkl a=LpSolit
2012-04-12Fix typoFrédéric Buclin1-1/+1
2012-04-11Bug 663377: Quicksearch using "status:" field doesn't work--it is defeated ↵Frédéric Buclin1-42/+30
by the default status selection r=dkl a=LpSolit
2012-04-10Bug 743991: Need a new hook to update Bugzilla::Search::COLUMN_JOINSrojanu2-1/+51
r/a=LpSolit
2012-04-04Bug 58179: End date not included in the Search By Change History sectionFrédéric Buclin1-0/+5
r=dkl a=LpSolit
2012-03-31Search for start-of-time-interval in date fields is (partially?) broken.Marc Schumann1-1/+1
r/a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=715270
2012-03-30Fix bustage: Perl 5.8.x doesn't understand \g1 in regexp (must use \1 instead)Frédéric Buclin1-1/+1
2012-03-29Bug 554819: Quicksearch should be using Text::ParseWords instead of custom ↵Frédéric Buclin2-95/+95
code in splitString Also fixes QS with accented characters (bug 730207) r=dkl a=LpSolit
2012-03-28Bug 730984: A single whitespace in the Status Whiteboard field generates an ↵Frédéric Buclin1-1/+5
invalid SQL query r=dkl a=LpSolit
2012-03-22Bug 733458: The "creator" argument is listed twice for the Bug.search ↵Matt Selsky1-7/+3
WebService method r/a=LpSolit
2012-03-10Bug 731163: Search.pm can use undefined alias in ORDER BY clauseFrédéric Buclin1-1/+1
r=dkl a=LpSolit
2012-03-09Fixed comma in documentationDave Lawrence1-1/+1
2012-03-09Bug 730794 - Need new hook edituser pageFrancisco Donalisio1-0/+24
r=dkl, a=LpSolit
2012-02-29Bug 731219: Fix XMLRPC breakage when content-type contains a charsetByron Jones1-1/+4
r=dkl, a=LpSolit
2012-02-28Bug 731055: get_enterable_products() is very slow when a product has many ↵Frédéric Buclin1-6/+8
components or versions r/a=mkanat
2012-02-27Bug 730598: Running checksetup.pl twice deletes the DEFAULT value of the ↵Frédéric Buclin1-1/+1
bug_see_also.class column r=timello a=LpSolit
2012-02-22Bumped version number post-releaseDave Lawrence1-1/+1
2012-02-22Bumped version to 4.2Dave Lawrence1-1/+1
2012-02-22Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC ↵Dave Lawrence2-0/+16
API when using mod_perl r/a=LpSolit
2012-02-16Bug 723944: Plain-text only emails are mangled when they contain non-ASCII ↵Frédéric Buclin1-1/+5
characters r=glob a=LpSolit
2012-02-15Bug 724464 - JSON-RPC support shouldn't require SOAP::LiteDave Lawrence2-20/+14
r/a=LpSolit
2012-02-15Bug 722113: The profile_search table has a wrong index nameFrédéric Buclin2-1/+7
r=glob a=LpSolit
2012-02-14Bug 727240: The POD for Bug.attachments is wrong about the format of the ↵Frédéric Buclin1-16/+10
returned data r=dkl a=LpSolit
2012-02-01Bump the version number post-releaseDave Lawrence1-1/+1
2012-01-31Bumped to version 4.2rc2Dave Lawrence1-1/+1
2012-01-31(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵Frédéric Buclin1-1/+13
lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319
2012-01-31Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email ↵Frédéric Buclin2-2/+2
addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit
2012-01-31Bug 714446: Product.create default behavior is broken and inconsistent with PODFrédéric Buclin1-17/+29
r=dkl a=LpSolit
2012-01-27Bug 721715: URLs in the See Also field must be detainted before inserted ↵Frédéric Buclin1-4/+3
into the DB r=dkl a=LpSolit
2012-01-25Bug 717217: The regexp in Bugzilla::BugUrl::JIRA::should_handle() isn'tSimon Green1-1/+1
restrictive enough (min two letters required) r=timello, a=LpSolit
2012-01-24Bug 718183: Rename duplicated series names before inserting the new index in ↵Frédéric Buclin1-0/+31
the series table r=dkl a=LpSolit
2012-01-24Bug 715870: [Oracle] Related sequences and triggers must be removed when ↵Frédéric Buclin1-1/+19
dropping a table r=mkanat a=LpSolit
2012-01-24Bug 633061: Require Apache2::SizeLimit 0.96 for proper operation on LinuxMax Kanat-Alexander1-3/+2
r=dkl a=mkanat
2012-01-12Bug 715731 - profile_search.user_id should have a FK pointing to profiles.useridDave Lawrence1-1/+4
r/a=LpSolit
2012-01-12Bug 715902: Do not log personal common activities in audit_logFrédéric Buclin8-3/+23
r=dkl a=LpSolit
2012-01-11Bug 716227: When checksetup.pl tells the admin that he should edit variables ↵Frédéric Buclin1-3/+6
in localconfig, the message should be red r=timello a=LpSolit
2012-01-05Bug 706753: Bugzilla will not work with newest version of JSON::RPC 1.01 due ↵Frédéric Buclin1-1/+12
to non-backward compatibility r=dkl r=mkanat a=LpSolit
2011-12-29Bump the version number post-releaseDave Lawrence1-1/+1
2011-12-29Bump version for 4.2rc1Dave Lawrence1-1/+1
2011-12-28Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵Frédéric Buclin3-19/+45
WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=dkl a=LpSolit
2011-12-28Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or ↵Byron Jones1-1/+1
tabular and graphical reports in debug mode r=gerv, a=LpSolit
2011-12-28Bug 713144: The SQL query to remove older searches from the profile_search ↵Frédéric Buclin1-6/+8
table should be more robust r=dkl a=LpSolit
2011-12-26Bug 683644: Foreign keys aren't renamed correctly when DB tables are renamedFrédéric Buclin6-29/+120
r=wicked a=LpSolit
2011-12-19Bug 711925: Update from 4.0 or older to 4.2 or trunk fails when bug_see_also ↵Frédéric Buclin2-2/+2
field is populated r=wicked a=LpSolit
2011-12-16Last Comment Bug 685611 - delta_ts is updated even when no changes are made ↵Dave Lawrence3-3/+35
to bugs created via WebServices r/a=LpSolit