Patch for bug 258355: remove 1x1.gif and use CSS instead in order to create suitable spacing; patch by Frédéric Buclin <LpSolit@netscape.net>; r=kiko, a=justdave.
[SECURITY] Bug 250605: Changes to the metadata (filename, description, mime type, review flags) on attachments which were flagged as private get displayed to users who are not members of the group allowed to see private attachments when receiving bug change notification mails. This only affects sites that use the 'insidergroup' feature.
Patch by Joel Peshkin <bugreport@peshkin.net>
r=kiko,justdave, a=justdave
[SECURITY] Bug 253544: Changes to the metadata (filename, description, mime type, review flags) on attachments which were flagged as private get displayed to users who are not members of the group allowed to see private attachments when viewing the bug activity log. This only affects sites that use the 'insidergroup' feature.
Patch by Joel Peshkin <bugreport@peshkin.net>
r=zach,justdave, a=justdave
[SECURITY] Bug 263780: Exporting a bug to XML exposes user comments and attachment summaries which are marked as private to users who are not members of the group allowed to see private comments and attachments. XML export is not exposed in the user interface, but is available to anyone who knows the correct URL to invoke it. This only affects sites that use the 'insidergroup' feature.
Patch by Joel Peshkin <bugreport@peshkin.net>
r=vladd,justdave, a=justdave
[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission). Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it.
Patch by Myk Melez <myk@mozilla.org>
r=gerv, a=justdave
Bug 250897: Enforce a 10 minute waiting period between password reset attempts to prevent the user getting mailbombed if the form is submitted multiple times.
Patch by Joel Peshkin <bugreport@peshkin.net>
r=kiko, a=justdave
Documentation patch for bug 143490: Update documentation regarding code changes needed when running Bugzilla under win32 (some are no longer required since checksetup.pl no longer calls unsupported functions when running on Windows); patch by GavinS <bugzilla@chimpychompy.org>, r=vladd.
Patch for bug 192218: Ability to use a hyphen as a way to filter specifically for requests with no requestee; patch by Frédéric Buclin <LpSolit@netscape.net>; r=myk, a=myk.
Patch for bug 252137: tabular reports shouldn't be broken if a row/col/tbl header begins with an underscore; patch by Rob Siklos <rsiklos@adexa.com>; r=gerv, a=justdave.
Patch for bug 232155: Remove uninitialized value warning from Pperl's Cookie.pm and unify code by removing redundancy; patch by Christian Reis <kiko@async.com.br> backported to 2.18 by Rob Siklos <rsiklos@adexa.com>; r=vladd,kiko, a=justdave.
Patch for bug 264003: Include the DBI error in the error message if 'createdb' fails; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=kiko, a=justdave.
Patch for bug 199811: Implement UI for 'contains none of the strings' search operator; patch by Marc Schumann <wurblzap@gmail.com>, r=kiko, a=justdave.
Patch for bug 261434: implement functionality to delete a user semi-properly (only works for users with no bugs/comments); patch by Ivan Todoroski <grnch@gmx.net>; r=justdave, a=justdave.
Patch for bug 251338: Installation section should mention that you need an MTA installed; patch by Colin S. Ogilvie <colin.ogilvie@gmail.com>; r=vladd, a=justdave.
Patch for bug 263165: Make Bugzilla specify table type as MyISAM when creating tables; patch by Byron Jones (glob) <bugzilla@glob.com.au>, r=kiko, a=justdave.
Patch for bug 256567: Harmonize descriptions of classifications and products in terms of 'FILTER html'; patch by Marc Schumann <wurblzap@gmail.com>; r=justdave, kiko, a=justdave.
Patch for bug 237769: use Administrator instead of root for super-user name in Windows, and change the ppm repository from Apache to the one maintained on landfill; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd, a=myk.
Patch for bug 261993: fix uninitialized value error in webserver log when accessing buglist.cgi (generated by the fix for bug 255512); patch by Marc Schumann <wurblzap@gmail.com>; r=justdave, a=myk.
Fix for bug 252739: moves inclusion/exclusion action names to button name instead of button value so that button values (which are also used as labels) will be localizable; patch by Marc Schumann; r=kiko,myk; a=justdave
Patch for bug 255512: For bz_secure, distinguish between mandatory and non-mandatory groups and create distinct CSS classes to enable customizations by the admin; patch by Marc Schumann <wurblzap@gmail.com>; r=kiko, r=joel, a=justdave.
Landing fix for bug 260411: MS IE breaks png alpha channel padlock. Adds
a new PNG file with a 1-bit alpha layer. File by Jason Pyeron
<jpyeron@pyerotechnics.com> r=kiko, a=myk.
Fix for bug 245075: command-line script that sends bug mail so installations can push bug mail out if it's been missed by the code that sends mail when changes are made; written by Dave Miller
Bug 257534: Require Perl 5.8.1 or later when running on Windows with ActiveState Perl (there is no official CGI ppm build with a new enough version for Bugzilla on any earlier version of ActiveState Perl)
Patch by Byron Jones <bugzilla@glob.com.au>
r=justdave, a=justdave
Bug 252295: Ensure that the "Edit Search" link goes back to the same form the search was created on when running a saved search that was saved before we had multiple search forms.
r=gerv, a=justdave
Bug 257593 - make chart.cgi use Bugzilla::CGI for headers, meaning that if you log in via chart.cgi it doesn't get lost. Patch by wurblzap@gmail.com; r=gerv.
Bug 255913: mailto link on show_bug.cgi wasn't honoring emailsuffix. Bugzilla->user->email now includes emailsuffix in the result.
Patch by Marc Schumann <wurblzap@gmail.com>
r=justdave,tobias, a=justdave
Bug 255664: Wait until buglist is ready to be displayed before closing the "please wait" page when using server push, so any errors that occur can actually be seen by the user instead of getting a blank page.
r=myk, a=myk
Fix for bug 215319: changes "flag requester" field in boolean charts to "flag requestee" field, which is what it should have been ("flag requester" can be queried via the "flag setter" field)
r=justdave
Fix for bug 254360: lists the rules governing who can edit which fields in 2.16 and 2.18 and the differences in those rules between the two versions. Contributed by Nick Barnes.
Patch for bug 257303: convert lastused field in logincookies from timestamp to datetime; patch by Tomas Kopal <Tomas.Kopal@altap.cz>; r=vladd, a=justdave.
Patch for bug 254729: fix editproducts.cgi generated warnings in the error log when creating new products; patch by GavinS <bugzilla@chimpychompy.org>; r=vladd, a=justdave.
Patch for bug 211188: Make testing suite check for any #! lines that are not /usr/bin/perl; patch by Marc Schumann <wurblzap@gmail.com>; r=vladd, a=justdave.
Bug 250591: Conversion of boolean conditions in SQL statements for better db independence (take 2); patch by David Lawrence <dkl@redhat.com>; r=vladd, a=justdave.
Patch for bug 257419: make checksetup.pl quote database name in 'show table status' command; patch by Marc Schumann <wurblzap@gmail.com>; r=kiko, a=myk.
Bug 257267: allow trimming leading zeros when typing the test number in the testing suite; patch by GavinS <bugzilla@chimpychompy.org>; r=vladd, a=myk.
Patch for bug 257106: Make testing suite know about new directory levels in Bugzilla/Auth; patch by Marc Schumann <wurblzap@gmail.com>; r=vladd, a=myk.
Patch for bug 254371: include Flag Types in create new attachments form; patch by Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>; r=jouni, a=myk.
Patch for bug 254146: make the error message clear if servertest.pl failed to find the GID for HTTPD; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=joel, a=justdave.
Patch for bug 235061: move CSS stylings in global.css if they are used across multiple pages; patch by Marc Schumann <marcschum@web.de>; r=kiko, a=myk.
Patch for bug 216572: 002goodperl.t shouldn't add an extra test for every additional Throw*Error violation in the same file; patch by Marc Schumann <marcschum@web.de>; r=kiko, a=justdave.
Fix for bug 254587: group description not displayed on delete group
confirm page. Fix typo? Patch by GavinS <bugzilla@chimpychompy.org>.
r=kiko, a=myk.
Patch for bug 252810: p1, critical not displayed in red when groups are
used for bug. Roundabout patch that adds a padlock icon next to the bug
ID to bug listings, and does even/odd striping of the buglist. r,a=myk.
Fix for bug 253562: Hours Worked (actual_time) is being listed as 1.
Cleans up Bugzilla::Bug::actual_time to do things the right way (dbi,
Bugzilla->user) and apparently fixes a problem limited to some
platforms. r=joel, a=justdave.
projects / thirdparty / bugzilla.git / log
