summaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
AgeCommit message (Collapse)AuthorFilesLines
2005-07-08Bug 293159: [SECURITY] Anyone can change flags and access bug summaries due ↵mkanat%kerio.com1-6/+5
to a bad check in Flag::validate() and Flag::modify() Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, a=justdave
2005-07-08Bug 240251: Bug::AppendComment() should receive the user ID as a 2nd ↵lpsolit%gmail.com1-2/+2
parameter - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=justdave
2005-07-07Bug 242318: "blocked" field is ignored in post_bug.cgi if the "dependson" ↵lpsolit%gmail.com1-66/+6
field isn't present - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave
2005-06-21Bug 298196: process_bug.cgi updates delta_ts even when no modifications are ↵lpsolit%gmail.com1-4/+3
made - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-06-21Bug 76507: Replace "owner" by "assignee" (and "initial" by "default") - ↵lpsolit%gmail.com1-6/+6
Patch by Tiago R. Mello <timello@async.com.br> r=LpSolit a=myk
2005-06-11Bug 277417: SQL error when reloading the page after changing the bug ↵lpsolit%gmail.com1-0/+10
resolution to duplicate - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
2005-06-09Bug 225042: If sendmail dies while processing a duplicate it corrupts the ↵lpsolit%gmail.com1-14/+20
duplicates table - Patch by Frédéric Buclin <LpSolit@gmail.com> r=vladd a=justdave
2005-05-22Bug 215320: Change several bugs at once causes extraneous messages in apache ↵lpsolit%gmail.com1-0/+1
log file - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave
2005-05-12Bug 287109: [SECURITY] Names of private products/components can be exposed ↵mkanat%kerio.com1-20/+22
on certain CGIs Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, r=joel, a=justdave
2005-05-11Bug 287487: User with no privs can not add comments to bugs that have a ↵lpsolit%gmail.com1-11/+11
deadline field set - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-05-07Bug 286160: possible invalid flag types when moving a bug to a different ↵lpsolit%gmail.com1-4/+3
product - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-05-04Bug 248386: Add support for Alias to post_bug.cgi - Patch by Albert Ting ↵lpsolit%gmail.com1-34/+4
<altlst@sonic.net> r=LpSolit a=justdave
2005-04-20Bug 272623: FindWrapPoint is misplaced in process_bug.cgi - Patch by ↵lpsolit%gmail.com1-19/+0
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-04-10Bug 225818: %FORM, %MFORM, and %COOKIE need to go away, in favor of the CGI ↵lpsolit%gmail.com1-9/+5
methods - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk
2005-04-09Bug 199048: Preference option to reverse sort the comments stack - Patch by ↵lpsolit%gmail.com1-1/+4
Shane H. W. Travis <shane.h.w.travis@gmail.com> r=mkanat a=myk
2005-04-08Bug 238876: remove %FORM from process_bug.cgi - Patch by Teemu Mannermaa ↵lpsolit%gmail.com1-205/+243
<wicked@etlicon.fi> r=LpSolit a=justdave
2005-04-08Bug 287947: Change CheckFormField/CheckFormFieldDefined subs in CGI.pl to ↵lpsolit%gmail.com1-20/+20
use CGI object instead FORM hash - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk
2005-04-08Bug 238878: Make hidden-fields template, User Matching and Flags use direct ↵lpsolit%gmail.com1-4/+5
CGI instead of [% form.foo %] - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
2005-04-05Bug 286235: Implicit joins should be replaced by explicit joins - installment Amkanat%kerio.com1-14/+14
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=joel, a=myk
2005-04-05Bug 288883: SQL crash when granting/denying a request - Patch by Frederic ↵lpsolit%gmail.com1-1/+1
Buclin <LpSolit@gmail.com> r=joel a=justdave
2005-03-18Bug 178157: Dependency emails don't get sent for status change during mass ↵lpsolit%gmail.com1-14/+9
change - Patch by Frederic Buclin <LpSolit@gmail.com> r=myk, a=myk
2005-03-15Bug 285534: bugs.qa_contact should allow NULLmkanat%kerio.com1-5/+17
Patch By Max Kanat-Alexander <mkanat@kerio.com> r=joel, a=justdave
2005-03-11Bug 284896 : QA contact never receives mail when removed from a bugtravis%sedsystems.ca1-1/+1
Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=justdave, a=justdave
2005-03-05Bug 277782: _throw_error should unlock tables when tables are locked, ↵mkanat%kerio.com1-10/+10
automatically Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=travis, r=LpSolit, a=justdave
2005-03-01Bug 283139 : Zero out 'hours remaining' field on certain state transitions ↵travis%sedsystems.ca1-30/+52
r.t. throwing an error saying it's not zeroed out. Patch by Shane H. W. Travis <travis@sedsystems.ca> r=LpSolit a=justdave
2005-02-25Bug 282748: uninitialized value in localtime in Format.pmmkanat%kerio.com1-1/+11
Patch By Frederic Buclin <LpSolit@gmail.com> r=wurblzap, a=myk
2005-02-24Bug 212940 : Can't use an undefined value as an ARRAY reference at ↵travis%sedsystems.ca1-14/+20
/http/bugzilla/process_bug.cgi line 866. Patch by Frederic Buclin <LpSolit@gmail.com> r=wurblzap a=justdave
2005-02-19Bug 280497: Replace "LIMIT" with Bugzilla::DB function callmkanat%kerio.com1-1/+1
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=justdave
2005-02-18Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function callmkanat%kerio.com1-13/+14
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk
2005-02-17Bug 281592: "use Bugzilla::RelationSet" in globals.pl and process_bug.cgi is ↵mkanat%kerio.com1-1/+0
dead code r=vladd, a=myk
2005-02-09Bug 257315 : type of delta_ts in bugs table should not be timestamptravis%sedsystems.ca1-7/+12
Patch by Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, LpSolit a=justdave
2005-02-09Bug 276838 : Eliminate use of $::unconfirmedstatetravis%sedsystems.ca1-5/+4
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=wurblzap a=justdave
2005-02-02Bug 279740 : Move CountOpenDependencies out of globals.pltravis%sedsystems.ca1-1/+1
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=wurblzap a=justdave
2005-02-01Bug 279700 : Move GetComments from globals.pl into Bugzilla::Bugtravis%sedsystems.ca1-1/+1
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
2005-01-30Backing out the checking from bug 257315 until it gets corrected. It ↵justdave%bugzilla.org1-9/+6
prevents new bugs from being filed. a=justdave
2005-01-29Bug 257315 : type of delta_ts in bugs table should not be timestamptravis%sedsystems.ca1-6/+9
Patch by Tomas Kopal <Tomas.Kopal@altap.cz> r=vladd, LpSolit a=justdave
2005-01-28Bug 218771 : The error message should be more accurate on who can change fieldstravis%sedsystems.ca1-26/+32
Patch by Frederic Buclin <LpSolit@gmail.com> r=myk a=myk
2005-01-24Bug 34488: Add a checkbox to add self to CC listtravis%sedsystems.ca1-5/+8
Patch by GavinS <bugzilla@chimpychompy.org> r=vladd, myk a=myk
2005-01-21Bug 266579 : Users without privs can confirm bugs by assigning to themselves ↵travis%sedsystems.ca1-122/+161
first, without having canconfirm privs Patch by LpSolit@gmail.com r=myk a=justdave
2005-01-16Patch for bug 103636: Support specifying a date on which a bug is expected ↵jocuri%softhome.net1-0/+11
to be resolved; patch by Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>, r=jouni, a=myk.
2005-01-16Patch for bug 277622: Move DiffStrings() out of globals.pl into ↵jocuri%softhome.net1-2/+3
Bugzilla/Util.pm; patch by Max K-A <mkanat@kerio.com>, r=vladd, a=myk.
2005-01-15Bug 277621 : Uninitialized value message when changing timetracking fieldstravis%sedsystems.ca1-2/+2
Patch by Marc Schumann <wurblzap@gmail.com> r=justdave a=justdave
2004-12-21Bug 264601 - Bugzilla will now tell a user which field contained an "invalid ↵jake%bugzilla.org1-34/+18
bug number or alias." Patch by Frédéric Buclin <LpSolit@netscape.net> r=myk, a=justdave
2004-12-14Patch for bug 274236: Variable component overlaps in ThrowCodeError; patch ↵jocuri%softhome.net1-1/+1
by me, r=wurblzap (Marc), a=justdave.
2004-12-09Patch for bug 271797: avoid making target_milestone empty if ↵jocuri%softhome.net1-26/+21
usetargetmilestone=1; patch by Frédéric Buclin <LpSolit@netscape.net>, r=justdave, a=justdave.
2004-12-07Patch for bug 258711: move.pl should honour emailsuffix; patch by Marc ↵jocuri%softhome.net1-1/+1
Schumann <wurblzap@gmail.com>, r=justdave, a=justdave.
2004-11-20Patch for bug 267560: CheckCanChangeField in process_bug.cgi shouldn't ↵jocuri%softhome.net1-0/+1
request the bug owner, QA contact and reporter too many times; patch by Frédéric Buclin <LpSolit@netscape.net>, r=justdave, a=justdave.
2004-11-05Patch for bug 267774: Remove unused variable in process_bug.cgi; patch by ↵jocuri%softhome.net1-1/+0
Frédéric Buclin <LpSolit@netscape.net>; r=kiko, a=justdave.
2004-10-25[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST ↵justdave%bugzilla.org1-1/+21
message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission). Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it. Patch by Myk Melez <myk@mozilla.org> r=gerv, a=justdave
2004-10-25Bug 254498: Check for comment required for time validation was too late.justdave%bugzilla.org1-32/+36
Patch by Tiago R. Mello <tiago@async.com.br> r=kiko, a=justdave