summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
AgeCommit message (Collapse)AuthorFilesLines
2004-05-23Bug 224021: taint issues in editusers.cgijouni%heikniemi.net1-0/+1
Patch by byron jones <bugzilla@glob.com.au> r=jouni, a=justdave
2004-05-23Bug 141006: Run edit*.cgis in taint mode.jouni%heikniemi.net1-1/+1
Patch by byron jones <bugzilla@glob.com.au> r=jouni, a=justdave
2004-04-14Bug 240439: "Edit user again" link didn't work if the user had a + in their ↵justdave%syndicomm.com1-4/+4
email address R= timeless, vladd; a= justdave
2004-03-27Bug 235265: Getting rid of some unwanted form value dumps.justdave%syndicomm.com1-4/+0
Patch by Jouni Heikniemi <jouni@heikniemi.net> r= justdave, kiko; a= justdave
2004-03-27Fix for bug 234175: Remove deprecated ConnectToDatabase() andkiko%async.com.br1-2/+2
quietly_check_login()/confirm_login() calls. Cleans up callsites (consisting of most of our CGIs), swapping (where appropriate) for calls to Bugzilla->login. Patch by Teemu Mannermaa <wicked@etlicon.fi>. r=bbaetz, kiko. a=justdave.
2004-03-27Fix for bug 226764: Move InvalidateLogins into Bugzilla::Auth::CGI.kiko%async.com.br1-4/+4
Consolidates the logout code into Bugzilla::Auth::CGI, and provides simple front-end wrappers in Bugzilla.pm for use in the CGIs we have. r=bbaetz, joel; a=justdave. Adds a set of constants to the logout() API which allow specifying "how much" we should log out -- all sessions, the current session, or all sessions but the current one. Fixes callsites to use this new API; cleans and documents things a bit while we're at it. Part I in the great COOKIE apocalypse.
2004-03-21Patch for bug 238033: eliminate HTML closing tags that haven't been opened ↵jocuri%softhome.net1-3/+1
and fix an identation issue; patch by Rudolf Ramler <rudolf.ramler@scch.at>; r=vlad, a=justdave.
2004-03-17Fix for bug 232397: .bz_obsolete shouldn't specify "underline". Definekiko%async.com.br1-2/+2
specific bz_obsolete/closed/inactive classes (that don't specify underline, but line-through instead) and additional Template filters for conveniently applying them. Change occurences of <strike> to use new classes and clean up callsites. Patch by byron jones <bugzilla@glob.com.au>. r=myk, gerv. a=myk.
2004-03-14Bug 214457 Updated user page is uselesstimeless%mozdev.org1-10/+28
r=justdave a=justdave
2003-11-11Bug 225234: Wrong comment in editusers.cgi; r=timeless; a=myk.jocuri%softhome.net1-1/+1
2003-09-27Bug 65316: Typos on edit*.cgi. Change use of PutTrailer() (and thekiko%async.com.br1-5/+7
default output, in certain cases) in the edit pages. Patch by Vlad Dascalu <jocuri@softhome.net>, r=kiko, a=justdave
2003-07-20Bug 178935: Eliminating the "Add another user" link on the confirmation ↵justdave%syndicomm.com1-2/+5
screen after editing a user if the user doing the editing doesn't have permission to add users. Patch by kniht@us.ibm.com r= justdave, a= justdave
2003-06-03Bug 180635 - Enhance Bugzilla::User to store additional informationbbaetz%acm.org1-4/+9
r=myk,jake
2003-05-05Bug 201816 - use CGI.pm for header outputbbaetz%acm.org1-1/+1
r=joel, a=justdave
2003-04-25Bug 201018 - editusers.cgi never calls DeriveGroup prior to changing a bugbbaetz%acm.org1-0/+3
patch mostly by justdave, bits by me r=bbaetz,justdave,myk a=justdave
2003-03-27Bug 196433 - Bugzilla now uses /usr/bin/perl as the shebang linejake%bugzilla.org1-1/+1
r=justdave a=justdave
2003-03-22Bug 180642 - Move authentication code into a modulebbaetz%acm.org1-10/+8
r=gerv, justdave a=justdave
2002-09-23bug 157756 - Groups_20020716_Branch Tracking : > 55 groups now supportedbugreport%peshkin.net1-150/+136
r=bbaetz, gerv
2002-08-26Bug 76923 - Don't |use diagnostics| (its really expensive at startup time)bbaetz%student.usyd.edu.au1-1/+0
r=joel x2
2002-08-12Bug 43600 - Convert products/components to use ids instead of names.bbaetz%student.usyd.edu.au1-6/+8
Initial attempt by jake@bugzilla.org, updated by me r=joel, preed
2002-06-17Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledbbaetz%student.usyd.edu.au1-0/+1
early enough r=mattyt, jouni
2002-06-01Bug 147486 - Fixes cross site scripting issues; first checked in on the ↵preed%sigkill.com1-2/+2
2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz); patch=preed, r=bbaetz,myk
2002-05-02Bug 141557 - modification to user deletion code in editusers.cgi - prevent ↵gerv%gerv.net1-0/+2
allowuserdeletion being bypassed. Patch by gerv; 2xr=myk.
2002-04-30Bug 140784 - edit*.cgi need a use lib "." on Win32/IIS w/ taint. Patch by ↵gerv%gerv.net1-0/+1
jouni@heikniemi.net; r=bbaetz, gerv.
2002-04-23Bug 139051 - fix misspelling of "privilege". Patch by mental ↵gerv%gerv.net1-2/+2
<xor@ivwnet.com>, 2xr=bbaetz.
2002-04-02Remaining pieces of Bug 23067 from yesterday... no idea why the first ↵justdave%syndicomm.com1-1/+1
commit didn't pick these up.
2002-03-18Bug 92905 - perl error when editing user and no groups definedbbaetz%student.usyd.edu.au1-20/+20
r=justdave x 2
2002-02-04Bug 95732 - remove logincookies.cryptpassword, and invalidate cookies frombbaetz%student.usyd.edu.au1-2/+6
the db when required instead. (Also fixes bug 58242 as a side effect) r=myk, kiko
2001-11-08Fix for bug 108821: Prevent users with any blessgroupset privileges from ↵myk%mozilla.org1-1/+4
blessing any group set. Patch by Jake <jake@acutex.net> and Bradley <bbaetz@cs.mcgill.ca>. r=jake,myk for Bradley's portion, r=bbaetz,myk for Jake's portion.
2001-10-27Bug 81594 - SQL error after editing user entry when changing numerous things ↵jake%acutex.net1-1/+1
at once (including the login name). Patch by Matthew Tuck <matty@chariot.net.au> r= dkl@redhat.com, jake@acutex.net
2001-10-13Fix for bug 104516: No code changes in this patch, all this checkin does is ↵justdave%syndicomm.com1-99/+99
remove all tabs from the bugzilla source and replace it with the appropriate number of spaces (in most cases 8) to line up with existing code. This is part of the effort to bring the existing codebase up to par with our style guidelines. Patch by Jake Steehagen <jake@acutex.net> r= justdave x2
2001-10-10partial backout of the checkin from bug 103121, because it collided with the ↵justdave%syndicomm.com1-1/+1
patch from bug 51519. This should satifactorily meet the goals of both patches. patch by kiko, r= justdave
2001-10-10Bugzilla Bug 103121 editusers.cgi needs an Add link on the query page.timeless%mac.com1-1/+2
patch by dkl. r=kiko
2001-10-06Fix for bug 57821 - Empty regular expression causes a software error.jake%acutex.net1-2/+7
Patch by Nick Hibma <n_hibma@qubesoft.com> r= jake@acutex.net
2001-07-11Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored ↵justdave%syndicomm.com1-30/+34
in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net
2001-05-31Fix for bug 45164 - New users created by the admin were not subject to the ↵jake%acutex.net1-60/+88
userregexp for groupsets. Patch by Joe Robins <jmrobins@tgix.com> r= jake@acutex.net
2001-05-24Bug 71552 - Remove oldemailtech from Bugzillajake%acutex.net1-48/+9
r= justdave@syndicomm.com
2001-04-17Correcting my email address in the commentsjustdave%syndicomm.com1-1/+1
2001-02-23fix for 66876: Using userids (mediumint) for initialowner and initialqacontactcyeh%bluemartini.com1-2/+2
based on patch submitted by baulig@suse.de (Martin Baulig).
2001-01-25patch from bug 17464 to give user some control over what sorts of bug mail ↵dmose%mozilla.org1-24/+38
get sent to an account. Original patch by al_raetz@yahoo.com and lots of additional hacking by me; r=donm@bluemartini.com
2000-09-16front end fix for 31456: Editing a superuser clears their access flagscyeh%bluemartini.com1-20/+26
patch by jmrobin@tgix.com
2000-09-16fixes for 51184, 51185, 51186: allow for ldap authentication. patchescyeh%bluemartini.com1-6/+25
by jmrobins@tgix.com (Joe Robins). LDAP sections haven't been tested yet, but the code is arranged such that it shouldn't disturb existing user authentication system.
2000-09-07Fix for bug 51519: Links to index are too specific. Patch bydave%intrec.com1-1/+1
john.beranek@pace.co.uk (John Beranek)
2000-08-05Removing a couple lines from the patch for bug 31336 that got left in bydave%intrec.com1-2/+0
accident.
2000-07-26Landing Adam Spiers' contributions for security and small functional issuestara%tequilarista.org1-0/+1
2000-07-20Fix for bug 31336 (separate bug groups from access groups in user editor)dave%intrec.com1-8/+43
2000-07-19Fix for bug 42037 (user passwords visible in editusers.cgi). Patchdave%intrec.com1-1/+1
submitted by JRobertson@medevolve.com (Jon Robertson)
2000-07-18Fix for bug 32971, patch submitted by mtakacs@pacbell.netdave%intrec.com1-1/+2
2000-06-24checkin to fix Bug 25010 "Need a way to edit the list of available groups".cyeh%bluemartini.com1-13/+22
Patches and work contributed by dave@intrec.com (Dave Miller). Some cleanup work needs to be done with regards to permissions and bit-twiddling see other bugs that are dependent on 25010 for details.
2000-02-18Was crashing when logging profile activity.terry%mozilla.org1-3/+6