summaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
AgeCommit message (Collapse)AuthorFilesLines
2004-10-25[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST ↵justdave%bugzilla.org1-1/+21
message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission). Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it. Patch by Myk Melez <myk@mozilla.org> r=gerv, a=justdave
2004-10-25Bug 254498: Check for comment required for time validation was too late.justdave%bugzilla.org1-32/+36
Patch by Tiago R. Mello <tiago@async.com.br> r=kiko, a=justdave
2004-08-05Bug 186093: Move CanSeeBug to User.pm and make User.pm usable by templatesbugreport%peshkin.net1-2/+3
r=kiko a=justdave
2004-08-03Patch for bug 253604: When commit a bug, validate timetracking before user ↵jocuri%softhome.net1-2/+10
match; patch by Tiago R. Mello <tiago@async.com.br>; r=kiko, a=justdave.
2004-07-31Patch for bug 253360: replace IF() with CASE WHEN for database ↵jocuri%softhome.net1-8/+8
compatibility; patch by Tomas Kopal <Tomas.Kopal@altap.cz>; r=vladd, a=justdave.
2004-07-29Fix for bug 216008: Time Tracking: default values cause change bugkiko%async.com.br1-1/+8
errors. Check if the time values haven't actually changed by using integer comparison (instead of string comparison). r=jouni, a=justdave.
2004-07-29Fix for bug 252789: Empty timetrackinggroup causes error "hours workedkiko%async.com.br1-15/+22
needs to be positive" when changing bug. Sanitizing the AddComment bits in process_bug.cgi to only touch work_time if user is in timetrackinggroup. Fixes regression introduced in bug 252159. r=jouni,joel; a=justdave.
2004-07-23Fix for bug 252159: centralize time validation. Adds a ValidateTimekiko%async.com.br1-13/+4
function to Bugzilla::Bug and uses it in relevant callsites. Patch by Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>. r=kiko, a=justdave.
2004-07-21Fix for bug 251935: Remove $COOKIE from process_bug.cgi. r=joel, a=myk.kiko%async.com.br1-9/+7
2004-07-18Bug 240093 - get canconfirm working again. Patch by gerv; r=joel, a=justdave.gerv%gerv.net1-6/+8
2004-06-01Patch for bug 242161: make process_bug.cgi contain patchviewer ("diff") link ↵jocuri%softhome.net1-0/+8
like show_bug.cgi; patch by GavinS <bugzilla@chimpychompy.org>; r=vladd; a=justdave.
2004-04-28Bug 237838 - make sure CheckCanChangeField() always gets correct resolution. ↵gerv%gerv.net1-0/+1
Patch by gerv and Tom Karzes; r, a=justdave.
2004-04-22Bug 192571 Empty default owner (assignee or QA) causes "Reassign bug to ↵timeless%mozdev.org1-4/+3
owner and QA contact of selected component to NOOP r=justdave a=justdave
2004-03-27Fix for bug 234175: Remove deprecated ConnectToDatabase() andkiko%async.com.br1-2/+1
quietly_check_login()/confirm_login() calls. Cleans up callsites (consisting of most of our CGIs), swapping (where appropriate) for calls to Bugzilla->login. Patch by Teemu Mannermaa <wicked@etlicon.fi>. r=bbaetz, kiko. a=justdave.
2004-03-18Bug 24496: Adds a parameter "noresolveonopenblockers" which when enabled, ↵justdave%syndicomm.com1-0/+11
prevents bugs from being closed if there are any bugs blocking it which are still open. Patch by Andreas Höfler <andreas.hoefler@bearingpoint.com> r= justdave, a= myk
2004-03-18Bug 192516: Moving the loose .pm files into the Bugzilla directory, where ↵justdave%syndicomm.com1-6/+5
they belong. These files pre-date the Bugzilla directory, and would have gone there had it existed at the time. The four files in question were copied on the CVS server to preserve CVS history in the files. This checkin deletes them from the old location and modifies everything else to know where they are now. r= myk, gerv a= justdave
2004-02-14Bug 233645 - fix a number of 'undef' warnings which were killing performance ↵gerv%gerv.net1-2/+8
for multiple bug change. Patch by gerv; r,a=justdave.
2003-11-07Bug 219475: The check for null db entries in process_bug.cgi is wrong; patch ↵jocuri%softhome.net1-1/+1
by Chuck Duvall <caduvall@glue.umd.edu>; r=bbaetz; a=justdave.
2003-10-28Bug 223854: masscc on change several bugs doesn't honor usermatchmode; patch ↵jocuri%softhome.net1-0/+1
by Jon <kniht@us.ibm.com>; r=myk; a=myk.
2003-10-19Bug 218977: "Table 'namedqueries' was not locked with LOCK TABLES" on ↵jocuri%softhome.net1-3/+2
ThrowUserError('product_edit_denied'); r=bbaetz; a=justdave.
2003-10-17Correcting the previous backout attempt, apparrently typoed a version number ↵justdave%syndicomm.com1-5/+5
last time
2003-10-17Backing out patch from bug 108528 - failed to take i10n concerns into accountjustdave%syndicomm.com1-4/+4
2003-10-16Bug 108528 - knob is not defined doesn't explain to 2001110503 users what to dotimeless%mozdev.org1-1/+1
patch by caduvall@glue.umd.edu r=timeless a=justdave
2003-10-14Bug 220034: empty form after changing bug details; patch by ↵jocuri%softhome.net1-0/+3
wicked@etlicon.fi (Teemu Mannermaa); r=kiko, a=justdave.
2003-10-07Bug 221264 Making no changes shouldn't affect Last modifiedtimeless%mozdev.org1-4/+6
r=joel a=justdave
2003-09-14Bug 208699 - Move Throw{Code,Template}Error into Error.pmbbaetz%acm.org1-5/+3
r,a=justdave
2003-08-13Bug 215962: Missing {} around implied hash reference in params to ThrowUserErrorjustdave%syndicomm.com1-1/+1
patch by Eric Selberg <erik@selberg.com> r= justdave a= justdave
2003-07-24Bug 211435 - Fix "Table 'namedqueries' was not locked with LOCK TABLES" ↵preed%sigkill.com1-0/+1
error; Patch by jocuri@softhome.net (Vlad Dascalu), r=bbaetz, a=justdave
2003-07-18Fixes singed tinderbox trees; vladd: NO TABS in patches, please. Spaces only.preed%sigkill.com1-1/+1
2003-07-18Bug 82172 - Don't allow empty bug summaries. Patch by jocuri@softhome.net ↵preed%sigkill.com1-0/+4
(Vlad Dascalu), r=kiko, a=justdave
2003-06-03Bug 180635 - Enhance Bugzilla::User to store additional informationbbaetz%acm.org1-4/+6
r=myk,jake
2003-05-05Bug 201816 - use CGI.pm for header outputbbaetz%acm.org1-2/+5
r=joel, a=justdave
2003-04-25Fix for bug 179510: takes group restrictions into account when sending ↵myk%mozilla.org1-1/+14
request notifications r=bbaetz,jpreed a=justdave
2003-04-25Bug 193965: On product change, user can accidentally opt-out of required ↵justdave%syndicomm.com1-1/+2
group restriction Patch by Joel Peshkin <bugreport@peshkin.net> r= bbaetz, justdave a= justdave
2003-04-02Bug 199813 - Make all users of ThrowUserError pass $vars in explicitly.bbaetz%acm.org1-21/+29
r=gerv a=justdave
2003-03-27Bug 196433 - Bugzilla now uses /usr/bin/perl as the shebang linejake%bugzilla.org1-1/+1
r=justdave a=justdave
2003-02-23Bug 194394 - Internal error after turning useqacontact offbbaetz%acm.org1-1/+1
r,a=justdave
2003-02-16Bug 186994 - Unable to accept a new bug that has been assigned. Patch by ↵gerv%gerv.net1-8/+4
gerv; r=bbaetz, a=justdave.
2003-02-15Bug 193286: Field validation errors had the wrong page titlejustdave%syndicomm.com1-6/+3
r= gerv, a= justdave
2003-02-10Bug 192513: importxml.pl and move.pl now use the new mail routines ↵justdave%syndicomm.com1-4/+4
introduced in bug 124174 (they got broken when processmail was removed). Also fixes several comments referring to processmail (which no longer exists) in other files, and removes references to processmail from the .htaccess files and the executable file list in checksetup.pl. r= jaypee, a= justdave
2003-02-10Bug 124174 - make processmail a package (Bugzilla::BugMail), r=gerv, r=jth, ↵preed%sigkill.com1-37/+11
a=justdave
2003-02-08Bug 192340 - 'unknown_keyword' error doesn't mention keywordbbaetz%acm.org1-0/+1
r=myk, a=justdave
2003-02-05bug 191087 - process_bug.cgi: "Mid-air collision!" title when not allowed to ↵burnus%gmx.de1-1/+1
change a field r=gerv, a=justdave
2002-11-28Bug 171493 - make show_bug use Bug.pm and remove bug_form.plbbaetz%student.usyd.edu.au1-20/+28
r=justdave, joel a=justdave
2002-11-25Bug 147275 Rearchitect product groupsbugreport%peshkin.net1-58/+155
Patch by joel r=bbaetz,justdave a=justdave
2002-11-22Bug 180966 - warnings in webserver error log (take 2)bbaetz%student.usyd.edu.au1-20/+24
r=joel, a=justdave
2002-11-22Backing out the checkin for bug 180966 (fix warnings in web server error ↵justdave%syndicomm.com1-18/+15
log). This checkin caused commenting on bugs to fail if timetracking is not enabled.
2002-11-20Bug 180966 - fix misc warningsbbaetz%student.usyd.edu.au1-15/+18
r,a=myk
2002-11-18Bug 180545 - It was possible to change the product/component of a bug ↵jake%bugzilla.org1-3/+26
without having the editbugs permission. r=bbaetz a=justdave
2002-11-11Fix for bug 179334: updates the setter consistently. also fixes numerous ↵myk%mozilla.org1-4/+4
other bugs in the RT code. r=bbaetz a=myk