summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
AgeCommit message (Collapse)AuthorFilesLines
2011-11-21Bug 703983 - CSRF vulnerability in attachment.cgi allows possible ↵Reed Loden1-28/+5
unauthorized attachment creation [r=LpSolit a=LpSolit]
2011-08-04Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause ↵Byron Jones1-30/+99
XSS on this domain in IE 6-8 and Safari r/a=LpSolit
2011-04-28Bug 653404: Misleading error message when file to be attached is not ↵Frédéric Buclin1-1/+4
readable by browser r/a=LpSolit
2011-03-09Bug 633776: Automatic charset detection for text attachmentsByron Jones1-1/+7
r=mkanat, a=mkanat
2010-10-26Bug 607361: Creating an attachment without a "comment" param in the URL ↵Frédéric Buclin1-1/+2
causes an internal error a=LpSolit
2010-10-03Bug 414509: offer View All (non obsolete) attachmentsGuy Pyrzak1-0/+5
r=LpSolit, a=LpSolit
2010-08-04Bug 584110: Don't name attachment files "attachment.txt" by default, because ↵Frédéric Buclin1-1/+1
this confuses IE a=LpSolit
2010-08-03Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying ↵Reed Loden1-1/+2
attachments so IE8 doesn't try to sniff the content type. [r=LpSolit a=LpSolit]
2010-07-18Bug 119703: Create an attachment by pasting it into a text fieldFrédéric Buclin1-3/+2
r/a=mkanat
2010-07-08Bug 490930: Always store attachments locally if they are over X size (and ↵Frédéric Buclin1-1/+0
below some threshold!), don't ever display "Big File" checkbox r=mkanat a=LpSolit
2010-06-03Bug 567846: Modify set_status, set_resolution, and set_dup_id to useMax Kanat-Alexander1-1/+1
VALIDATOR_DEPENDENCIES, so that they don't need custom code in set_all.
2010-05-20Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin1-1/+1
ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
2010-05-17Bug 560281: Do not display deleted attachments in "View All"Frédéric Buclin1-0/+2
a=LpSolit
2010-05-07Bug 395451 - "Bugzilla::BugMail needs to use Bug objects internally instead ↵Reed Loden1-3/+3
of direct SQL" [r=mkanat a=mkanat]
2010-04-22Bug 560009: Use firstidx from List::MoreUtils instead of lsearchMax Kanat-Alexander1-4/+2
r=timello, a=mkanat
2010-04-06Bug 556429: Stop sending bugmail from inside the templateMax Kanat-Alexander1-4/+9
r=LpSolit, a=LpSolit
2010-03-28Bug 365926: Serve attachments without an explicit charset, and let the browserMax Kanat-Alexander1-0/+8
decide which charset to use r=LpSolit, a=LpSolit
2009-12-30Bug 532518: Credentials are not checked correctly when viewing one ↵lpsolit%gmail.com1-21/+28
attachment from another bug's alternate host - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-12-18Bug 162060: Remove the relationship between "votestoconfirm" and whether or ↵mkanat%bugzilla.org1-1/+2
not the UNCONFIRMED status is available, by adding a checkbox to enable the UNCONFIRMED status in editproducts.cgi. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-12-13Bug 526734: Allow localization of the "From update of attachment" string in ↵mkanat%bugzilla.org1-7/+5
comments Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-12-04Bug 452919: Allow the "created an attachment" message in comments to be ↵mkanat%bugzilla.org1-5/+4
localized Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-10-24Bug 523495: Re-work attachment.cgi and the general attachment_base-checking ↵mkanat%bugzilla.org1-11/+12
code to prevent an infinite redirect loop when ssl_redirect is on and Bugzilla has an attachment_base set. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-10-01Bug 509053: Implement Bugzilla->feature (feature_enabled in the templates), ↵mkanat%bugzilla.org1-6/+0
and use it to detect when PatchReader is available. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-09-30Bug 328628: When attachments have UTF-8 characters in their name, they will ↵mkanat%bugzilla.org1-0/+7
now be downloaded with the correct name. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=Wurblzap, a=mkanat
2009-09-28Bug 140999: Users without edit permissions for an attachment should still be ↵lpsolit%gmail.com1-37/+45
able to make comments - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
2009-08-11Bug 509045: Make "use_keywords" a global template variable instead of having ↵mkanat%bugzilla.org1-3/+0
to pass it to templates all the time Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-08-06Bug 305993: The requestee field may be omitted even when a requestee is ↵lpsolit%gmail.com1-2/+8
already set - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
2009-08-05Bug 415541: Implement $bug->set_flags() and $attachment->set_flags() - Patch ↵lpsolit%gmail.com1-34/+15
by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
2009-04-15Bug 486685: MIME type override for attachments lost in HTTP redirect - Patch ↵lpsolit%gmail.com1-0/+4
by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
2009-04-09Bug 454251: Implement Bugzilla::Attachment->create() and ↵lpsolit%gmail.com1-148/+85
$attachment->update() - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit (module owner)
2009-03-31Bug 477420 - "Rename some of the token names used in attachment.cgi" [p=reed ↵reed%reedloden.com1-6/+6
r=LpSolit a=LpSolit]
2009-03-30Bug 476603 - "[SECURITY] Editing attachments doesn't have any CSRF ↵reed%reedloden.com1-0/+9
protection" [p=reed r=LpSolit a=LpSolit]
2009-02-02Bug 472206: [SECURITY] Bugzilla should optionally not allow the user to view ↵lpsolit%gmail.com1-1/+3
possibly harmful attachments - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=justdave a=LpSolit
2009-02-02Bug 38862: [SECURITY] attachments should be at a different hostname - Patch ↵lpsolit%gmail.com1-9/+95
by Byron Jones <bugzilla@glob.com.au> and Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2008-12-17Bug 467171: Editing attachments doesn't update the Last-Modified bug ↵lpsolit%gmail.com1-0/+13
timestamp - Patch by A.A. Shimono <shimono@mozilla.gr.jp> r/a=LpSolit
2008-09-18Bug 452734: Remove the keyword chooser, because it's a usability regressionmkanat%bugzilla.org1-3/+0
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2008-09-09Bug 388251: Implement 'new Bugzilla::Attachment' - Patch by Frédéric ↵lpsolit%gmail.com1-5/+4
Buclin <LpSolit@gmail.com> a=LpSolit
2008-09-08Bug 453743: Decrease the number of calls to the DB about flags when viewing ↵lpsolit%gmail.com1-19/+1
a bug - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2008-06-30Bug 440612 – Use Bugzilla::Bug->check everywhere instead of ValidateBugIDmkanat%bugzilla.org1-11/+10
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2008-06-28Bug 422691 – Attachment gets added twice after hitting "Back" and "Refresh"dkl%redhat.com1-0/+31
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit
2008-04-03Bug 410902: Some characters are mangled in diff and interdiff modes when ↵lpsolit%gmail.com1-3/+1
viewing patches - Patch by Frédéric Buclin <LpSolit@gmail.com> r=shimono, r=mkanat a=LpSolit
2008-02-05Bug 414604: After inserting/editing/deleting an attachment, the Keywords ↵lpsolit%gmail.com1-0/+7
field is unavailable - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks r=mkanat a=mkanat
2008-02-04Bug 415155: Remove $cgi from the list of arguments when calling ↵lpsolit%gmail.com1-2/+2
Bugzilla::Flag subroutines - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
2008-02-04Bug 413772: Eliminate sqlify_criteria() in Bugzilla::Flag and replace ↵lpsolit%gmail.com1-2/+2
match() there with Bugzilla::Object::match() - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r/a=LpSolit
2008-01-21Bug 373281: Remove AppendComment entirely in favor of ↵lpsolit%gmail.com1-31/+33
Bugzilla::Bug->add_comment - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2008-01-20Bug 413222: Implement $attachment->remove_from_db - Patch by Frédéric ↵lpsolit%gmail.com1-9/+1
Buclin <LpSolit@gmail.com> a=LpSolit
2008-01-06Bug 408446: Non-text attachments were mangled by "binmode STDOUT, ':utf8'"mkanat%bugzilla.org1-0/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2007-11-30Bug 99215: Attachments have no midair collision protection - Patch by ↵lpsolit%gmail.com1-2/+24
Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=justdave a=justdave
2007-11-15Bug 403824: Replace table locks in most Bugzilla files with transactions - ↵lpsolit%gmail.com1-16/+6
Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat
2007-11-122nd part of bug 398428: After creating or editing an attachment, immediately ↵lpsolit%gmail.com1-0/+4
display the bug it belongs to - Patch by me, a=LpSolit