Age | Commit message (Expand) | Author | Files | Lines |
2014-10-06 | Bug 1075578: [SECURITY] Improper filtering of CGI arguments | Frédéric Buclin | 1 | -1/+1 |
2013-10-16 | Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy ... | Dave Lawrence | 1 | -0/+3 |
2013-08-09 | Bug 897264 - letters_numbers_specialchars password restriction is incorrect | Simon Green | 1 | -15/+15 |
2013-01-17 | Bug 752946 - Moving a bug into another product lists inactive components, mil... | Dave Lawrence | 1 | -0/+5 |
2013-01-03 | Bug 824616: The urlbase field in global/header.html.tmpl must be filtered | Matt Selsky | 1 | -1/+1 |
2012-11-13 | Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see a... | Frédéric Buclin | 1 | -2/+1 |
2012-10-11 | Bug 798994: Fix incorrect double escaping when displaying saved queries URLs | Simon Green | 1 | -1/+1 |
2012-09-11 | Bug 790215 - Flag names are not properly escaped when displayed on confirm us... | Reed Loden | 1 | -1/+1 |
2012-09-03 | Bug 786889: Add missing 'Summary (first 60 chars)' header to CSV output | Matt Tyson | 1 | -0/+1 |
2012-08-20 | Bug 698068: The "There is no saved search named ..." page has a "forget" link | Frédéric Buclin | 1 | -1/+1 |
2012-05-28 | Bug 756314: Fix dropping of unique matches when the "confirm page" page is di... | Byron Jones | 1 | -4/+4 |
2012-04-30 | Bug 749074: Throw an error message instead of syntax error on invalid search ... | Byron Jones | 1 | -0/+4 |
2012-04-17 | Bug 745197: Add a hook in Bugzilla::Error::_throw_error() so that extensions ... | Frédéric Buclin | 1 | -4/+2 |
2012-03-29 | Bug 554819: Quicksearch should be using Text::ParseWords instead of custom co... | Frédéric Buclin | 1 | -0/+21 |
2012-02-22 | Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API... | Dave Lawrence | 1 | -0/+5 |
2012-01-31 | (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can le... | Frédéric Buclin | 1 | -0/+5 |
2012-01-31 | Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email a... | Frédéric Buclin | 2 | -5/+3 |
2012-01-10 | Bug 716283: Clickjacking in the attachment "Details" page allows to bypass to... | Frédéric Buclin | 1 | -0/+3 |
2012-01-06 | Bug 714664: The content of the "emailregexpdesc" parameter is not escaped whe... | Frédéric Buclin | 2 | -2/+2 |
2011-11-26 | Bug 255606: Do not let buglist.cgi return all bugs by default | Frédéric Buclin | 1 | -0/+4 |
2011-11-01 | Fix missing-space bugs in error messages. a=LpSolit. | Gervase Markham | 3 | -6/+6 |
2011-10-24 | Bug 685552 - Email auto-completion causes server to thrash | David Lawrence | 1 | -2/+2 |
2011-10-01 | Bug 582529: Ambiguous error message "You did not specify a file to attach" wh... | Frédéric Buclin | 1 | -0/+4 |
2011-08-29 | Bug 637648 - Rename the "tags" table to "tag" | Stephanie Daugherty | 1 | -1/+1 |
2011-08-16 | Bug 678844: When trying to edit a non-existent classification, the error mess... | Frédéric Buclin | 1 | -2/+4 |
2011-08-10 | Bug 677187: If the attachment filename contains a newline, an error is thrown... | Frédéric Buclin | 1 | -2/+3 |
2011-08-04 | Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XS... | Byron Jones | 1 | -0/+5 |
2011-08-04 | Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creati... | Frédéric Buclin | 1 | -20/+8 |
2011-08-04 | Bug 676237: The traceback in code-error.html.tmpl is displayed on a single line | Frédéric Buclin | 1 | -1/+1 |
2011-08-01 | Bug 634812: Having a very large number of custom fields can make displaying s... | Frédéric Buclin | 1 | -1/+3 |
2011-08-01 | Bug 674574: When all components or versions are disabled, you cannot enter bu... | Frédéric Buclin | 1 | -2/+2 |
2011-07-26 | Bug 674089: Add a new hook 'end_object_name' in user-error.html.tmpl template | Tiago Mello | 1 | -0/+1 |
2011-07-26 | Bug 674117: Add a new hook 'auth_failure_object' in user-error.html.tmpl temp... | Tiago Mello | 1 | -0/+2 |
2011-07-25 | Bug 642388: Description of field days_elapsed missing from global/field-descs... | Frédéric Buclin | 1 | -0/+1 |
2011-07-25 | Bug 589128: Adds a preference allowing users to choose between text or html | Byron Jones | 1 | -0/+3 |
2011-07-05 | Bug 658929 - User autocomplete is very slow when there are lots of users in t... | David Lawrence | 1 | -0/+2 |
2011-07-01 | Revert wrong indentation, see bug 652427 | Frédéric Buclin | 1 | -1/+1 |
2011-06-29 | Bug 652427: Going back to the new bug page loses the description if possible ... | Guy Pyrzak | 1 | -1/+2 |
2011-05-30 | Bug 660464: Linkify the tag name in the confirmation message when tagging bugs | Frédéric Buclin | 1 | -1/+2 |
2011-05-10 | Bug 28849: Block users from CCing other users if they do not have editbugs privs | Byron Jones | 1 | -0/+4 |
2011-05-06 | Bug 653341: Bug.create() fails to error out if an invalid group is passed | Frédéric Buclin | 1 | -0/+7 |
2011-04-29 | Bug 653406: fix escaping of url vars in error messages | Byron Jones | 1 | -8/+8 |
2011-04-28 | Bug 423612 - Allow editing extern_id for users from the admin interface | Jochen Wiedmann | 2 | -0/+10 |
2011-04-25 | Bug 652405: All user fields (assignee, QA contact, Add CC) have the page titl... | Frédéric Buclin | 1 | -3/+3 |
2011-04-02 | Bug 647466: Allow Search.pm to take the new URL syntax for custom search | Max Kanat-Alexander | 1 | -0/+7 |
2011-03-09 | Bug 634310: Remove WCAG 2.0 violations from the index.cgi to make it | Francisco Donalisio | 2 | -2/+2 |
2011-03-09 | Bug 639371: Include the charset into HTML pages when the utf8 param is true | Bjoern Jacke | 1 | -0/+4 |
2011-03-03 | Bug 638489 - Make all boolean charts work with longdescs.isprivate | Max Kanat-Alexander | 1 | -0/+4 |
2011-03-02 | Bug 624414: BUGZILLA.value_descs was always empty in the JS, and display_value | Max Kanat-Alexander | 4 | -21/+41 |
2011-03-01 | Bug 616341: Make "tag" a valid search field in Search.pm, for the new | Max Kanat-Alexander | 1 | -0/+1 |