summaryrefslogtreecommitdiffstats
path: root/relogin.cgi
AgeCommit message (Collapse)AuthorFilesLines
2015-02-17Bug 1132887: When starting a sudo session, the password is not validatedFrédéric Buclin1-0/+3
r=dkl a=glob
2014-10-06Bug 1075578: [SECURITY] Improper filtering of CGI argumentsFrédéric Buclin1-17/+14
r=dkl,a=sgreen
2014-08-13Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modulesFrédéric Buclin1-1/+3
r=dkl a=sgreen
2014-04-17Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protectionFrédéric Buclin1-0/+13
r=dkl a=justdave
2014-02-15Bug 966676: The 'sudo' cookie should not be accessible from JavaScriptFrédéric Buclin1-3/+10
r=dkl a=justdave
2012-09-01Bug 787529: Use |use 5.10.1| everywhereFrédéric Buclin1-0/+1
r=wicked a=LpSolit
2012-01-11Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin1-21/+5
add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
2011-07-25Bug 589128: Adds a preference allowing users to choose between text or htmlByron Jones1-1/+1
for bugmail. r=LpSolit, a=LpSolit
2011-07-18Bug 670128: Missing explicit exit after calls to $cgi->redirect(), making ↵Frédéric Buclin1-0/+1
the rest of the scripts to be executed r=dkl a=LpSolit
2010-09-07Bug 593881: Assignment to $[ has been deprecated in Perl 5.12.0Frédéric Buclin1-1/+1
r/a=mkanat
2010-08-04Bug 450013: (CVE-2010-2757) [SECURITY] Can sudo a user without sending emailFrédéric Buclin1-2/+6
r=glob a=LpSolit
2010-05-20Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin1-1/+1
ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
2010-03-01Bug 508823: Make it so that you don't ever have to reset template_inner (likeMax Kanat-Alexander1-1/+0
Bugzilla->template_inner("")). r=LpSolit, a=LpSolit
2009-04-15Bug 480862: relogin.cgi now just throws an error by default (should redirect ↵lpsolit%gmail.com1-2/+6
to index.cgi) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit
2009-03-02Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi.mkanat%bugzilla.org1-15/+1
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2008-04-03Bug 405946: Some emails are not sent in the language chosen by the addressee ↵lpsolit%gmail.com1-4/+4
- Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
2007-10-19Bug 399954: Make Bugzilla able to hold its dependencies in a local directorymkanat%bugzilla.org1-1/+1
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2006-10-15Bug 281181: [SECURITY] It's way too easy to delete ↵lpsolit%gmail.com1-2/+2
versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-11Bug 347291: Make Bugzilla::User use Bugzilla::Objectmkanat%bugzilla.org1-1/+1
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-06-21Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵lpsolit%gmail.com1-2/+0
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-06-02Bug 339862: Move Bugzilla::BugMail::MessageToMTA() in a separate module - ↵lpsolit%gmail.com1-2/+2
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave
2006-05-12Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN blockmkanat%bugzilla.org1-3/+2
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-04-07Bug 332906: Wrong parameters passed to sudo sessions when trying to bypass ↵lpsolit%gmail.com1-2/+2
validation checks - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=justdave
2006-02-24Patch for bug 328379: Fix spelling: 'visitng' -> 'visiting' in relogin.cgi; ↵jocuri%softhome.net1-1/+1
r=LpSolit, a=myk.
2005-11-22Bug 315524: When an invalid action is passed to relogin.cgi, ↵lpsolit%gmail.com1-0/+5
ThrowTemplateError() is called instead of ThrowCodeError() - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
2005-11-20Bug 312441: relogin.cgi allows you to impersonate user accounts you are not ↵karl%kornel.name1-93/+62
allowed to see when 'usevisibilitygroups' is on - Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave
2005-11-05Bug 312439: The user being impersonated has "moral" rights to keep informed ↵karl%kornel.name1-7/+24
- Patch by A. Karl Kornel <karl@kornel.name> r=LpSolit a=justdave
2005-10-24Bug 312307: Misused Throw*Error tags in code and templates - Patch by Dennis ↵lpsolit%gmail.com1-1/+1
Melentyev <dennis.melentyev@infopulse.com.ua> r=LpSolit a=justdave
2005-10-14Bug 204498 Add su (setuser) functionbugreport%peshkin.net1-12/+186
Patch by A. Karl Kornel <karl@kornel.name> r=joel, a=justdave
2005-08-13Bug 302644: relogin.cgi may ask you to login... before logging you out - ↵lpsolit%gmail.com1-1/+2
Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=justdave
2005-08-10Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵lpsolit%gmail.com1-4/+4
r=mkanat,wicked a=justdave
2004-03-27Fix for bug 234175: Remove deprecated ConnectToDatabase() andkiko%async.com.br1-4/+2
quietly_check_login()/confirm_login() calls. Cleans up callsites (consisting of most of our CGIs), swapping (where appropriate) for calls to Bugzilla->login. Patch by Teemu Mannermaa <wicked@etlicon.fi>. r=bbaetz, kiko. a=justdave.
2003-11-27Bug 226324: Move relogin.cgi code to Bugzilla::Auth::CGI. Provide akiko%async.com.br1-25/+3
logout() method that is proxied through Bugzilla.pm's logout(), and fix callers to use it. r=justdave, bbaetz, a=justdave
2003-06-03Bug 180635 - Enhance Bugzilla::User to store additional informationbbaetz%acm.org1-1/+3
r=myk,jake
2003-05-05Bug 201816 - use CGI.pm for header outputbbaetz%acm.org1-6/+8
r=joel, a=justdave
2003-03-27Bug 196433 - Bugzilla now uses /usr/bin/perl as the shebang linejake%bugzilla.org1-1/+1
r=justdave a=justdave
2002-08-26Bug 76923 - Don't |use diagnostics| (its really expensive at startup time)bbaetz%student.usyd.edu.au1-1/+0
r=joel x2
2002-07-27Bug 158658 - relogin.cgi should use a template. This also adds the ability ↵gerv%gerv.net1-12/+6
to localise messages. Patch by gerv; r=burnus.
2002-05-08Bug 140437 - clean up parameters. Patch by gerv; 2xr=justdave.gerv%gerv.net1-2/+0
2002-05-08Bug 140435 - Templatise GetCommandMenu. Patch by gerv; r=bbaetz, justdave.gerv%gerv.net1-0/+1
2002-04-24Bug 138588 - change to use new template structure. Patch by gerv, r=myk, ↵gerv%gerv.net1-2/+1
afranke.
2002-02-24Bug 126791 - templatise relogin.cgigerv%gerv.net1-11/+14
2002-02-04Bug 95732 - remove logincookies.cryptpassword, and invalidate cookies frombbaetz%student.usyd.edu.au1-0/+19
the db when required instead. (Also fixes bug 58242 as a side effect) r=myk, kiko
2002-01-20Fix for bug 108982: enable taint mode for all user-facing CGI files.justdave%syndicomm.com1-1/+3
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
2002-01-19Fix for bug 120817 - Log Out and %commandmenu% in bannerhtml, r=justdave,dkldkl%redhat.com1-2/+5
2001-10-13Fix for bug 19910: Bugzilla installs on the same server would interfere with ↵justdave%syndicomm.com1-4/+3
each others' cookies. Cookies now have a path value that can be set to indicate which bugzilla install they belong to. Browsers will only send the cookie to the appropriate installation. The path can be set in the 'cookiepath' parameter in editparams.cgi. Patch by Dave Lawrence <dkl@redhat.com> r= myk, justdave
2000-01-18Footer wasn't displaying new state after clicking "log out".terry%mozilla.org1-0/+4
2000-01-15Patch by Ramon Felciano <felciano@ingenuity.com>, with many tweaks byterry%mozilla.org1-1/+1
me. Added a footer to every page. Add some options to do things like display checkboxes instead of scrolling lists, and a new formatting for email diffs, and show list items capitalized instead of all upper case.
1999-11-02updated license boilerplatedmose%mozilla.org1-14/+15
1999-09-24Patch by holger@holger.om.org (Holger Schurig) -- put the fancy header on ↵terry%mozilla.org1-1/+4
several pages that were missing it.