summaryrefslogtreecommitdiffstats
path: root/template
AgeCommit message (Collapse)AuthorFilesLines
2012-01-31(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can ↵Frédéric Buclin1-0/+5
lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319
2012-01-31Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email ↵Frédéric Buclin2-5/+3
addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit
2012-01-27Bug 720756 - Update release notes for Bugzilla 4.2rc2Dave Lawrence1-4/+8
r/a=LpSolit
2012-01-26Fix bustage due to bug 715514.Tiago Mello1-1/+1
2012-01-25Bug 715514: Fix showdependencytree misleading in "hide resolved" viewMatt Selsky1-2/+2
r=timello, a=LpSolit
2012-01-12Bug 717215: Remove references to url_quote filterSimon Green2-5/+1
r/a=LpSolit
2012-01-11Bug 717210: If all attachments are stored locally (maxattachmentsize = 0, ↵Simon Green2-3/+3
maxlocalattachment > 0), the link to attach files to bugs is not displayed r/a=LpSolit
2012-01-11Bug 715650 - User auto-completion does not work in request.cgi for requester ↵Dave Lawrence1-1/+2
and requestee as expected r=timello, a=LpSolit
2012-01-11Bug 716227: When checksetup.pl tells the admin that he should edit variables ↵Frédéric Buclin1-6/+8
in localconfig, the message should be red r=timello a=LpSolit
2012-01-10Bug 716283: Clickjacking in the attachment "Details" page allows to bypass ↵Frédéric Buclin2-0/+13
token checks r=dkl a=LpSolit
2012-01-06Bug 706753 about JSON::RPC 1.01 is now fixedFrédéric Buclin1-4/+0
2012-01-06Bug 695294: The See Also field is not visible in "Format for Printing"Matt Selsky1-0/+12
r/a=LpSolit
2012-01-06Bug 715705: User auto-completion doesn't work for watched users in the email ↵Frédéric Buclin1-1/+2
prefs tab r=timello a=LpSolit
2012-01-06Bug 714664: The content of the "emailregexpdesc" parameter is not escaped ↵Frédéric Buclin2-2/+2
when displayed to the user r=dkl a=LpSolit
2011-12-28user_autocompletion -> ajax_user_autocompletionFrédéric Buclin1-1/+1
https://bugzilla.mozilla.org/show_bug.cgi?id=713346
2011-12-28Bug 713346: Release notes for Bugzilla 4.2rc1Frédéric Buclin2-3418/+4037
r=mkanat a=LpSolit
2011-12-26Bug 683644: Foreign keys aren't renamed correctly when DB tables are renamedFrédéric Buclin1-1/+1
r=wicked a=LpSolit
2011-12-13Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible ↵Reed Loden1-0/+1
unauthorized account creation e-mail request [r=mkanat a=mkanat]
2011-12-05Bug 577854: URL field header caption does not link to field value ↵Matt Selsky2-10/+7
description (confusingly links to actual URL) r/a=mkanat
2011-11-29Bug 692737 - Main page icons are not centered.Marc Schumann1-16/+24
r/a=mkanat
2011-11-29Bug 686422: Fix custom search's history interaction on HTML4 browsersByron Jones1-1/+5
r=mkanat, a=mkanat
2011-11-28Bug 705393: Improve the error message thrown by Update.pm when ↵Frédéric Buclin1-5/+11
updates.bugzilla.org is unavailable r=glob a=LpSolit
2011-11-26Bug 255606: Do not let buglist.cgi return all bugs by defaultFrédéric Buclin3-4/+13
r/a=mkanat
2011-11-22Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized ↵Frédéric Buclin1-57/+0
bug creation r=mkanat a=LpSolit
2011-11-21Bug 703983 - CSRF vulnerability in attachment.cgi allows possible ↵Reed Loden1-48/+0
unauthorized attachment creation [r=LpSolit a=LpSolit]
2011-11-18Fix bustage due to bug 643411.Tiago Mello1-2/+2
2011-11-18Bug 643411: New default bug limit makes time summary results confusingTiago Mello1-0/+9
r/a=mkanat
2011-11-01Fix missing-space bugs in error messages. a=LpSolit.Gervase Markham3-6/+6
https://bugzilla.mozilla.org/show_bug.cgi?id=698737
2011-10-24Bug 685552 - Email auto-completion causes server to thrashDavid Lawrence2-2/+5
r/a=mkanat
2011-10-23Bug 690173: Cannot delete user accounts due to FK on audit_logmiketosh1-1/+10
r/a=mkanat
2011-10-15Bug 674416: Custom searches in query.cgi are lost when clicking the "Back" ↵Max Kanat-Alexander1-1/+4
button in Firefox when viewing a buglist r=glob a=mkanat
2011-10-15Bug 691697: There is no link pointing to the new bug in HTML bugmailsFrédéric Buclin1-1/+7
r=pyrzak a=LpSolit
2011-10-03Bug 615636: Labels are badly aligned when editing versions and milestones in ↵Matt Selsky4-15/+14
admin pages r/a=LpSolit
2011-10-01Bug 582529: Ambiguous error message "You did not specify a file to attach" ↵Frédéric Buclin1-0/+4
when deleting an existing attachment filename a=LpSolit
2011-09-29Bug 686786: Decreasing votestoconfirm in editproducts.cgi crashes BugzillaFrédéric Buclin1-4/+4
r/a=mkanat
2011-09-13Bug 685316: Change Simple Search template to use field_descs for StatusTiago Mello1-2/+2
Product. r/a=mkanat
2011-09-12Bug 686246: When editing the inclusion and exclusion lists of a flagtype, ↵Frédéric Buclin1-1/+1
empty grant and request groups are replaced by "" instead of "(no group)" in the drop-down menu a=LpSolit
2011-09-07Fix bustage due to bug 604237Frédéric Buclin1-2/+2
2011-09-07Bug 604237 - Clean up the format of HTML EmailsGuy Pyrzak1-20/+21
r=mkanat, a=mkanat
2011-08-30Bug 680780: Advanced Search: help for field Comment is missing a spaceFrédéric Buclin1-1/+1
r=wicked a=LpSolit
2011-08-29Bug 637648 - Rename the "tags" table to "tag"Stephanie Daugherty1-1/+1
r=LpSolit, a=LpSolit
2011-08-16Bug 679449: Add a link to duplicates.cgi from report.cgiFrédéric Buclin1-0/+4
r=dkl a=LpSolit
2011-08-16Bug 678844: When trying to edit a non-existent classification, the error ↵Frédéric Buclin1-2/+4
message has missing words r=glob a=LpSolit
2011-08-16Bug 460074: Make post_bug.cgi use should_set for array fields, so theyMax Kanat-Alexander1-0/+1
are undef in Bugzilla::Bug->create if not passed to post_bug. This fixes a bug with the guided bug form creating bugs without any groups. r=LpSolit, a=mkanat
2011-08-15Bug 537759: The "Description" field for attachments should be highlighted as ↵Kent Rogers1-2/+3
being mandatory r/a=LpSolit
2011-08-10Bug 677187: If the attachment filename contains a newline, an error is ↵Frédéric Buclin1-2/+3
thrown when trying to download the attachment r/a=mkanat
2011-08-04Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause ↵Byron Jones1-0/+5
XSS on this domain in IE 6-8 and Safari r/a=LpSolit
2011-08-04Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when ↵Frédéric Buclin1-20/+8
creating or editing a bug r=mkanat a=LpSolit
2011-08-04Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment ↵Reed Loden1-1/+1
containing newline are corrupt [r=LpSolit a=LpSolit]
2011-08-04Fix bustage due to bug 660382Frédéric Buclin1-4/+0