summaryrefslogtreecommitdiffstats
path: root/buglist.cgi
AgeCommit message (Collapse)AuthorFilesLines
2013-02-19Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence ↵Simon Green1-1/+4
of products and components you cannot access r/a=LpSolit
2012-09-17Bug 761046: Don't redirect when hitting buglist.cgi directly to avoid ↵Byron Jones1-1/+0
duplicate cgi->header calls r=LpSolit, a=LpSolit
2012-08-29Bug 786310: Remove tokens when saving the default queryByron Jones1-0/+2
r= LpSolit, a=LpSolit
2012-08-28Bug 772953: Remove the token from buglist urlsByron Jones1-1/+2
r=dkl, a=LpSolit
2012-08-20Bug 698068: The "There is no saved search named ..." page has a "forget" linkFrédéric Buclin1-1/+1
r=glob a=LpSolit
2012-06-27Bug 768870: The "Un-forget the search" link has no tokenFrédéric Buclin1-1/+3
r=glob a=LpSolit
2012-05-29Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized ↵Reed Loden1-0/+2
setting of default search options [r=LpSolit a=LpSolit]
2012-04-18Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits ↵Frédéric Buclin1-10/+0
attackers to access all bugs that the victim can see r=glob a=LpSolit
2012-04-17Bug 745320: Shared queries do not work when tags are part of the queryFrédéric Buclin1-4/+9
r=dkl a=LpSolit
2011-12-09Bug 644281: When the sort order of a buglist is modified, the "Show next bug ↵Frédéric Buclin1-18/+13
in my list" user pref still uses the original sort order to decide which bug to display next r=glob a=LpSolit
2011-11-26Bug 255606: Do not let buglist.cgi return all bugs by defaultFrédéric Buclin1-1/+1
r/a=mkanat
2011-08-17Bug 678357: Fix 'limit' parameter in the saved searches resultsTiago Mello1-1/+1
r/a=mkanat
2011-05-31Bug 647649: Change the old "Boolean Charts" UI into the new AND/ORMax Kanat-Alexander1-13/+0
"Custom Search" UI. r=timello, a=mkanat
2011-03-02Bug 632718: Only return 500 search results unless the user specificallyMax Kanat-Alexander1-0/+11
requests to see more. r=dkl, a=mkanat
2011-02-14Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST ↵Frédéric Buclin1-1/+1
cookie, because colons are HTML-escaped, making the cookie bigger than the 4k limit r=mkanat a=LpSolit
2011-02-14Bug 417551: Make it possible for CSV headers to be the field descriptionMichael J Tosh1-0/+4
instead of the field name, and have the buglist.cgi link give you CSV like this by default. r=mkanat, a=mkanat
2011-02-12Bug 535571: Allow Search.pm to accept "limit" and "offset" as parameters.Max Kanat-Alexander1-12/+4
r=mkanat, a=mkanat (module owner)
2011-01-30Bug 616185: Move tags (aka lists of bugs) to their own DB tablesFrédéric Buclin1-90/+35
r/a=mkanat
2011-01-07Bug 621090 - [SECURITY] Adding saved searches lacks CSRF protectionDavid Lawrence1-0/+2
r/a=mkanat
2010-12-27Bug 615574: Make every search done by buglist.cgi create a list_id, so thatMax Kanat-Alexander1-23/+1
even Saved Searches get "last list" support. r=LpSolit, a=LpSolit
2010-08-31Bug 77193 - Add the ability to retire (disable) old versions, components and ↵Dave Lawrence1-4/+4
milestones r/a=mkanat
2010-08-02Bug 581622: When a quicksearch includes the "content" field, it is limited ↵Frédéric Buclin1-1/+0
to 200 bugs r/a=mkanat
2010-07-16Bug 398308: Make Search.pm take a hashref for its "params" argumentMax Kanat-Alexander1-1/+1
instead of taking a CGI object. r=mkanat, a=mkanat (module owner)
2010-07-15Bug 577800: Finish the cleanup of Search.pm's "init" function by removingMax Kanat-Alexander1-1/+1
it and having its work be done by a new "sql" accessor instead. Also adds some comments, moves functions around into sections, and creates a new _user accessor. r=mkanat, a=mkanat (module owner)
2010-06-16Bug 24896: Make the First/Last/Prev/Next navigation on bugs work withMax Kanat-Alexander1-33/+40
multiple buglists at once r=glob, a=mkanat
2010-05-20Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin1-1/+1
ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
2010-05-12Bug 486050: Bugzilla should prefill quicksearch box when showing search ↵David Lawrence1-0/+3
results from a quicksearch r/a=mkanat
2010-04-22Bug 560009: Use firstidx from List::MoreUtils instead of lsearchMax Kanat-Alexander1-7/+7
r=timello, a=mkanat
2010-03-03Bug 513989 - large search query causing internal server error (500) but ↵Dave Lawrence1-3/+5
valid redirect 302 returned r=mkanat, a=mkanat
2010-03-02Bug 286041 - Allow people to undo "forget search"Kent Rogers1-5/+4
r=mkanat, a=mkanat
2010-02-28Bug 537834 - "Buglist results using atom ctype do not display users with ↵Reed Loden1-0/+2
empty real names" [r=LpSolit a=LpSolit]
2010-02-16Bug 372979: Make voting into an extensionMax Kanat-Alexander1-18/+0
r=mkanat, a=mkanat, a=LpSolit
2010-01-06Bug 535675: Typing +foo in the QuickSearch box throws an "uninitialized ↵lpsolit%gmail.com1-1/+3
value" warning (missing 'order' parameter) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
2009-11-10Bug 505039: Use $user->is_timetracker instead of ↵lpsolit%gmail.com1-1/+1
$user->in_group(Bugzilla->params->{'timetrackinggroup'}) - Patch by XqueZme <xquezme@gmail.com> r/a=LpSolit
2009-11-03Bug 526271: Uninitialized value in can_enter_product() due to a missing ↵lpsolit%gmail.com1-1/+1
argument - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit
2009-10-29Bug 524234: When there are no search results, include helpful linksmkanat%bugzilla.org1-16/+29
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-10-26Bug 524395: Boolean charts And, Or, "add another chart" buttons do no work ↵lpsolit%gmail.com1-12/+13
with JS turned off - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-08-21Bug 449705: Make buglist.cgi's LookupNamedQuery use Bugzilla::Search::Savedmkanat%bugzilla.org1-52/+13
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-08-11Bug 509045: Make "use_keywords" a global template variable instead of having ↵mkanat%bugzilla.org1-5/+8
to pass it to templates all the time Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-07-07Bug 491467: Make Search.pm and buglist.cgi consistently take column ids for ↵mkanat%bugzilla.org1-156/+36
the "fields" and "order" arguments, to prevent problems with using SQL fragments in the order and columnlist. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=wicked, a=mkanat
2009-07-07Bug 502641: Fix various problems that would occur when you would log in from ↵mkanat%bugzilla.org1-11/+11
buglist.cgi Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-05-25Bug 494643: Do not pass the same columns twice to the SQL query - Patch by ↵lpsolit%gmail.com1-2/+4
Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
2009-05-25Bug 494369: Do not throw an error if the 'order' parameter contains invalid ↵lpsolit%gmail.com1-12/+7
columns for buglists - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
2009-05-22Back out bug 441496: it breaks Safari and Google Chromelpsolit%gmail.com1-7/+4
2009-05-14Bug 290631 - iCalendar export should include prioritybbaetz%acm.org1-0/+11
r/a=mkanat
2009-05-06Bug 491679: Do not store the buglist sort order of shared saved searches in ↵lpsolit%gmail.com1-1/+1
cookies - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit
2009-03-06Remove the unused 'unconfirmedstate' variable (as mentioned in the release ↵lpsolit%gmail.com1-2/+0
notes for Bugzilla 2.20) - r=mkanat on IRC
2009-02-05 Bug 476943 - Edit multiple issues token after switching to shadow DBghendricks%novell.com1-0/+4
patch by ghendricks@novell.com r=mkanat a=mkanat
2009-02-02Bug 466748: [SECURITY] Shared/saved searches can be deleted without user ↵lpsolit%gmail.com1-5/+14
confirmation using predictable URL - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-02-02Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making ↵lpsolit%gmail.com1-0/+2
bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit