summaryrefslogtreecommitdiffstats
path: root/token.cgi
AgeCommit message (Collapse)AuthorFilesLines
2006-10-21Bug 340538: Insecure dependency in exec while running with -T switch at ↵wurblzap%gmail.com1-20/+20
/usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
2006-10-15Bug 281181: [SECURITY] It's way too easy to delete ↵lpsolit%gmail.com1-1/+1
versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-08-26Bug 349349: Use ->create from Bugzilla::Object instead of insert_new_user ↵mkanat%bugzilla.org1-25/+7
for Bugzilla::User Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-08-20Bug 87795: Creating an account should send token and wait for confirmation ↵lpsolit%gmail.com1-0/+87
(prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
2006-07-06Bug 173629: Clean up "my" variable scoping issues for mod_perlmkanat%bugzilla.org1-3/+3
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-06-21Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵lpsolit%gmail.com1-9/+3
Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-06-20Spelling in code comments patch: 'methids' -> 'methods'; patch by Vlad ↵vladd%bugzilla.org1-1/+1
Dascalu <vladd@bugzilla.org>.
2006-05-12Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN blockmkanat%bugzilla.org1-1/+1
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-05-08Bug 332598: Move ValidatePassword() and DBNameToIdAndCheck() from globals.pl ↵lpsolit%gmail.com1-2/+2
into User.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-10-25Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵lpsolit%gmail.com1-4/+4
Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
2005-10-24Bug 312307: Misused Throw*Error tags in code and templates - Patch by Dennis ↵lpsolit%gmail.com1-4/+2
Melentyev <dennis.melentyev@infopulse.com.ua> r=LpSolit a=justdave
2005-10-12Bug 303697: Eliminate deprecated Bugzilla::DB routines from token.cgi - ↵lpsolit%gmail.com1-40/+42
Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
2005-08-19Bug 304583: Remove all remaining need to rederive inherited groupsbugreport%peshkin.net1-2/+2
Patch by Joel Peshkin <bugreport@peshkin.net> r=mkanat, a=justdave
2005-08-16Bug 304653: remove 'use Bugzilla::Error' from Util.pm - Patch by Frédéric ↵lpsolit%gmail.com1-3/+4
Buclin <LpSolit@gmail.com> r=mkanat a=myk
2005-08-10Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵lpsolit%gmail.com1-1/+1
r=mkanat,wicked a=justdave
2005-07-21Bug 301453: Move CheckEmailSyntax out of CGI.pl - Patch by Frédéric Buclin ↵lpsolit%gmail.com1-1/+1
<LpSolit@gmail.com> r=mkanat a=myk
2005-07-13Bug 300336: Bugzilla::Auth should not contain any exported subroutinesmkanat%kerio.com1-1/+1
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-07-08Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵mkanat%kerio.com1-1/+3
insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2005-02-18Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function callmkanat%kerio.com1-8/+13
Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk
2005-02-09Bug 280994 : Move ValidateNewUser out of globals.pltravis%sedsystems.ca1-1/+1
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
2005-02-01Bug 278792 : Move Crypt() to Bugzilla::Authtravis%sedsystems.ca1-1/+2
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
2004-07-21Bug 241900: Allow Bugzilla::Auth to have multiple login and validation stylesbugreport%peshkin.net1-1/+8
patch by erik r=joel, kiko a=myk
2004-03-27Fix for bug 234175: Remove deprecated ConnectToDatabase() andkiko%async.com.br1-3/+3
quietly_check_login()/confirm_login() calls. Cleans up callsites (consisting of most of our CGIs), swapping (where appropriate) for calls to Bugzilla->login. Patch by Teemu Mannermaa <wicked@etlicon.fi>. r=bbaetz, kiko. a=justdave.
2004-03-27Fix for bug 226764: Move InvalidateLogins into Bugzilla::Auth::CGI.kiko%async.com.br1-1/+1
Consolidates the logout code into Bugzilla::Auth::CGI, and provides simple front-end wrappers in Bugzilla.pm for use in the CGIs we have. r=bbaetz, joel; a=justdave. Adds a set of constants to the logout() API which allow specifying "how much" we should log out -- all sessions, the current session, or all sessions but the current one. Fixes callsites to use this new API; cleans and documents things a bit while we're at it. Part I in the great COOKIE apocalypse.
2004-03-19Bug 237517 inconsistent spelling of cancelled or canceledtimeless%mozdev.org1-1/+1
r=kiko a=justdave
2004-03-18Bug 237864: clean up leftovers from the bug 192516 checkin (some occurances ↵justdave%syndicomm.com1-3/+3
of Token got missed) r= gerv, a= justdave
2004-03-18Bug 192516: Moving the loose .pm files into the Bugzilla directory, where ↵justdave%syndicomm.com1-8/+8
they belong. These files pre-date the Bugzilla directory, and would have gone there had it existed at the time. The four files in question were copied on the CVS server to preserve CVS history in the files. This checkin deletes them from the old location and modifies everything else to know where they are now. r= myk, gerv a= justdave
2004-02-29Patch for bug 234876; removes %FORM from token.cgi; patch by Teemu Mannermaa ↵jocuri%softhome.net1-20/+21
<wicked@etlicon.fi>; r=kiko, a=justdave.
2003-09-24Bug 177449: When changing email address, old email address confirmation was ↵justdave%syndicomm.com1-1/+1
case sensitive patch by Vlad Dascalu <jocuri@softhome.net> r= kiko, a= justdave
2003-09-14Bug 208699 - Move Throw{Code,Template}Error into Error.pmbbaetz%acm.org1-1/+1
r,a=justdave
2003-06-03Bug 180635 - Enhance Bugzilla::User to store additional informationbbaetz%acm.org1-2/+16
r=myk,jake
2003-05-05Bug 201816 - use CGI.pm for header outputbbaetz%acm.org1-7/+9
r=joel, a=justdave
2003-04-02Bug 199813 - Make all users of ThrowUserError pass $vars in explicitly.bbaetz%acm.org1-2/+2
r=gerv a=justdave
2003-03-27Bug 196433 - Bugzilla now uses /usr/bin/perl as the shebang linejake%bugzilla.org1-1/+1
r=justdave a=justdave
2002-11-27Bug 173761 Need ability to always require loginbugreport%peshkin.net1-1/+1
patch by joel r=gerv, a=justdave
2002-10-06Bug 163114 - Templatise all calls to DisplayError. Patch D (the last one). ↵gerv%gerv.net1-5/+1
Patch by gerv; r=burnus.
2002-09-30Bug 164038 - token.cgi: Cancel token messages should be moved into the ↵gerv%gerv.net1-42/+25
templates. Patch by burnus; r=gerv.
2002-09-23bug 157756 - Groups_20020716_Branch Tracking : > 55 groups now supportedbugreport%peshkin.net1-0/+2
r=bbaetz, gerv
2002-08-26Bug 76923 - Don't |use diagnostics| (its really expensive at startup time)bbaetz%student.usyd.edu.au1-1/+0
r=joel x2
2002-08-10Bug 159901 - token.cgi: localize strings send to message.html.tmpl. Patch by ↵gerv%gerv.net1-12/+4
burnus; r=gerv.
2002-06-17Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledbbaetz%student.usyd.edu.au1-0/+1
early enough r=mattyt, jouni
2002-04-24Bug 138588 - change to use new template structure. Patch by gerv, r=myk, ↵gerv%gerv.net1-16/+9
afranke.
2002-04-02Remaining pieces of Bug 23067 from yesterday... no idea why the first ↵justdave%syndicomm.com1-1/+128
commit didn't pick these up.
2002-03-16Bug 126789 - templatise token.cgi. r=bbaetz, mattyt.gerv%gerv.net1-61/+29
2002-02-04Bug 95732 - remove logincookies.cryptpassword, and invalidate cookies frombbaetz%student.usyd.edu.au1-0/+2
the db when required instead. (Also fixes bug 58242 as a side effect) r=myk, kiko
2002-01-20Fix for bug 108982: enable taint mode for all user-facing CGI files.justdave%syndicomm.com1-1/+3
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
2001-08-17Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' ↵jake%acutex.net1-1/+1
not locked", fixed typo in lock tables command. Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
2001-07-11Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored ↵justdave%syndicomm.com1-0/+243
in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net