summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
AgeCommit message (Collapse)AuthorFilesLines
2017-07-07Bug 1377933 - Remove trailing whitespace from all perl filesDylan William Hardison1-23/+23
2017-01-26Bug 1334158 - Lightbox images CSP error on bug modalDylan William Hardison1-3/+3
2017-01-25Bug 1286290 - CSP compliant bug modalDylan William Hardison1-2/+26
2016-10-03Bug 1297243 - JSON bugzilla attachment reports charset='' (two apostrophes, ↵Dylan William Hardison1-1/+1
which is an invalid parameter value) and can't be loaded.
2016-09-13Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵Dylan William Hardison1-35/+9
local symlink to data/ directory
2016-09-12Revert "Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to ↵Dylan William Hardison1-9/+35
bmo/master + local symlink to data/ directory" This reverts commit e6bf4cacb10f86077fe898349485f5c7ab9fb4b6.
2016-09-12Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵Dylan William Hardison1-35/+9
local symlink to data/ directory
2016-07-13Bug 1285835 - BMO sending bogus Content-Disposition filenames when the ↵Dylan Hardison1-15/+20
filename is not ASCII
2016-06-27Bug 1276820 - bmoattachments.org sends malformed content-type headerDavid Lawrence1-3/+6
2015-10-16Bug 1196626 - log all authenticated requestsDylan William Hardison1-0/+4
2015-08-19Bug 1195544 - Information Disclosure Vulnerability Permits Attacker Obtains ↵Byron Jones1-0/+2
The GitHub OAUTH Return Code
2015-07-21Bug 1175985 - Bugzilla Sensitive Information Disclosure VulnerabilityDylan William Hardison1-1/+17
2015-07-21Bug 1180572 - create attachment_storage parameterByron Jones1-4/+1
2015-04-01remove debugging codeByron Jones1-1/+0
2015-03-30Bug 1125987: asking for review in a restricted bug doesn't work as expected ↵Byron Jones1-1/+1
("You must provide a reviewer for review requests" instead of "That user cannot access that bug" error)
2015-03-24Bug 1096798: prototype modal show_bug viewByron Jones1-0/+1
2014-10-16Bug 1082887: comments made when setting a flag from the attachment details ↵Byron Jones1-4/+9
page are not included in the "flag updated" email
2014-10-06merged with upstream 4.2David Lawrence1-12/+11
2014-10-06Bug 1075578: [SECURITY] Improper filtering of CGI argumentsFrédéric Buclin1-4/+6
r=dkl,a=sgreen
2014-04-02Bug 986590: Confusing error message when not finding reviewerByron Jones1-0/+2
2014-03-31Bug 989650 - backport bug 294021 to bmo/4.2 to allow requestees to set ↵David Lawrence1-3/+27
attachment flags even if they don't have editbugs privs r=glob
2014-01-07Bug 956052 - backport upstream bug 945535 to bmo/4.2 for performance ↵Dave Lawrence1-3/+2
improvement in bugs with large number of attachments
2013-10-17merged with bugzilla/4.2Dave Lawrence1-8/+11
2013-10-16Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachmentsFrédéric Buclin1-8/+11
r=dkl a=sgreen
2013-10-15Bug 916906: attaching a file which just contains a github url should ↵Byron Jones1-0/+4
automatically redirect to it when viewing
2013-07-16Bug 888939: patches created by pasting the attachment content should use ↵Byron Jones1-3/+13
unix line endings
2012-11-28Bug 814411: Add a caching mechanism to Bugzilla::Object to avoid querying ↵Byron Jones1-3/+3
the database repeatedly for the same information
2012-10-23Bug 803600: Operators email address is exposed to anons on attachment deletionFrédéric Buclin1-1/+0
2012-09-09Merge from bugzilla/4.2Reed Loden1-2/+1
2012-09-09Bug 671612: Send "X-Content-Type-Options: nosniff" with every responseMatt Selsky1-2/+1
r/a=LpSolit
2012-07-24Bug 771107 - List of attachments in attachment details screen does not ↵Dave Lawrence1-2/+0
distinguish obsolete attachments r=glob, a=LpSolit
2011-11-22merged with bmo/4.2Dave Lawrence1-28/+5
2011-11-21Bug 703983 - CSRF vulnerability in attachment.cgi allows possible ↵Reed Loden1-28/+5
unauthorized attachment creation [r=LpSolit a=LpSolit]
2011-10-05more porting workDavid Lawrence1-1/+8
2011-08-04Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause ↵Byron Jones1-30/+99
XSS on this domain in IE 6-8 and Safari r/a=LpSolit
2011-04-28Bug 653404: Misleading error message when file to be attached is not ↵Frédéric Buclin1-1/+4
readable by browser r/a=LpSolit
2011-03-09Bug 633776: Automatic charset detection for text attachmentsByron Jones1-1/+7
r=mkanat, a=mkanat
2010-10-26Bug 607361: Creating an attachment without a "comment" param in the URL ↵Frédéric Buclin1-1/+2
causes an internal error a=LpSolit
2010-10-03Bug 414509: offer View All (non obsolete) attachmentsGuy Pyrzak1-0/+5
r=LpSolit, a=LpSolit
2010-08-04Bug 584110: Don't name attachment files "attachment.txt" by default, because ↵Frédéric Buclin1-1/+1
this confuses IE a=LpSolit
2010-08-03Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying ↵Reed Loden1-1/+2
attachments so IE8 doesn't try to sniff the content type. [r=LpSolit a=LpSolit]
2010-07-18Bug 119703: Create an attachment by pasting it into a text fieldFrédéric Buclin1-3/+2
r/a=mkanat
2010-07-08Bug 490930: Always store attachments locally if they are over X size (and ↵Frédéric Buclin1-1/+0
below some threshold!), don't ever display "Big File" checkbox r=mkanat a=LpSolit
2010-06-03Bug 567846: Modify set_status, set_resolution, and set_dup_id to useMax Kanat-Alexander1-1/+1
VALIDATOR_DEPENDENCIES, so that they don't need custom code in set_all.
2010-05-20Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin1-1/+1
ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
2010-05-17Bug 560281: Do not display deleted attachments in "View All"Frédéric Buclin1-0/+2
a=LpSolit
2010-05-07Bug 395451 - "Bugzilla::BugMail needs to use Bug objects internally instead ↵Reed Loden1-3/+3
of direct SQL" [r=mkanat a=mkanat]
2010-04-22Bug 560009: Use firstidx from List::MoreUtils instead of lsearchMax Kanat-Alexander1-4/+2
r=timello, a=mkanat
2010-04-06Bug 556429: Stop sending bugmail from inside the templateMax Kanat-Alexander1-4/+9
r=LpSolit, a=LpSolit
2010-03-28Bug 365926: Serve attachments without an explicit charset, and let the browserMax Kanat-Alexander1-0/+8
decide which charset to use r=LpSolit, a=LpSolit