mkanat%kerio.com [Thu, 12 May 2005 09:08:34 +0000 (09:08 +0000)]
Bug 287109: [SECURITY] Names of private products/components can be exposed on certain CGIs
Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, a=justdave
mkanat%kerio.com [Thu, 12 May 2005 08:54:08 +0000 (08:54 +0000)]
Bug 287436: [SECURITY] After having logged in, links to change the report type contain username and password
Patch By Marc Schumann <wurblzap@gmail.com> r=gerv, a=justdave
Bug 288663: The inclusion and exclusion lists behave incorrectly when a product or a component is called "Any" - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave
mkanat%kerio.com [Wed, 30 Mar 2005 22:35:55 +0000 (22:35 +0000)]
Bug 287880: [SECURITY] Comments on secure bugs still available to templates... show_bug leaks
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=justdave, a=justdave
Bug 276543: createaccount.cgi should not be displayed if account creation is disabled - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
mkanat%kerio.com [Sat, 19 Mar 2005 19:22:53 +0000 (19:22 +0000)]
Bug 280911: Global symbol "$person" requires explicit package name at Bugzilla/BugMail.pm line 879 (Fix Win32 SMTP)
Patch By Marc Schumann <wurblzap@gmail.com> r=mkanat, a=justdave
Bug 223706 : process_bug.cgi can spew "use of unitialized value in 'eq' " into error logs
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=LpSolit a=justdave
Bug 286311: print "Content-type..." is used instead of print $cgi->header() (cookies aren't sent in header) - Patch by Frederic Buclin <LpSolit@gmail.com> (original author: Jacob Steenhagen) r=justdave, a=justdave
Bug 283085 : post_bug.cgi can be used to know which products do not exist and which ones are not accessible
Patch by Frederic Buclin <LpSolit@gmail.com> r=myk a=myk
Bug 212940 : Can't use an undefined value as an ARRAY reference at /http/bugzilla/process_bug.cgi line 866.
Patch by Frederic Buclin <LpSolit@gmail.com> r=wurblzap a=justdave
Bug 281411 : The "Remaining Time" value should not be negative for too large "Hours Worked" values
Patch by Frederic Buclin <LpSolit@gmail.com> r=wurblzap a=justdave
Bug 233592 : Apache config section: missing info, extraneous info, generally confusing.
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=colin.ogilvie
Bug 274173 : The Params that are listed in section 3.1 (parameters) should use a <varlist/>
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=colin.ogilvie
Bug 281845 : Possible to delete users who are initial QA contacts (Regression from bug 43600)
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=justdave, a=justdave
Bug 277723 : Add comments why checksetup uses slow code to check for spaces and commas in flags
Patch by Nick.Barnes@pobox.com r=wurblzap by inspection a=justdave
Bug 258494 : checksetup fails with out-of-sync DBD::mysql modues - document fix and workaround
Patch by Shane H. W. Travis <travis@sedsystems.ca> r=justdave
Bug 280747 : Syntax for terms in variables.none.tmpl not fully correct (= signs instead of => signs)
Patch by Marc Schumann <wurblzap@gmail.com> r=vladd a=justdave
Patch for bug 277210: Testserver.pl should find apache2/httpd2 as well when it looks for webservers; patch by Kieran Lal <kieran@gmail.com> and Colin S. Ogilvie <colin.ogilvie@gmail.com>, r=wurblzap, r=vladd, a=justdave.
Bug 276907: Don't linkify javascript: or data: URLs in the URL field on a bug.
Patch by Gervase Markham <gerv@mozilla.org>
r= justdave,vladd, a= justdave
Bug 239852 - Documentation changes for Windows support
Patch by bruce.armstrong@teamsybase.com, cleaned up by travis@sedsystems.ca
r=bugzilla@glob.com.au
Patch for bug 277389: Modify flag notification code so it doesn't append emailsuffix to CC list's addresses; patch by Marc Schumann <wurblzap@gmail.com>, r=wurblzap, a=justdave.
Patch for bug 277013: provides a fix for the SQL error that appears when a user's vote confirms a bug; patch by Frédéric Buclin <LpSolit@netscape.net>, r=wurblzap, a=justdave.
Patch for bug 240250: Shouldn't receive an unfriendly error when editing groupset for a product that doesn't exist; patch by Frédéric Buclin <LpSolit@netscape.net>, r=mkanat, a=justdave.
Patch for bug 277303: checksetup.pl shouldn't emit a syntax error when trying to fix indexes on the milestones table; patch by Max K-A <mkanat@kerio.com>, r=wurblzap, a=justdave.
Bug 108870: Bugzilla does not set email prefs for new user until user visits userprefs.cgi
Patch: travis r=mkanat a=justdave
Also includes fixes for
Bug 109573: New bugzilla accounts should by default have 'CC field changes' turned off, and
Bug 275599: flag request email prefs not behaving correctly
Patch for bug 275631: Only the first column (not all) should have excess CSS padding-left; patch by byron jones (glob) <bugzilla@glob.com.au>, r=gerv, r=vladd, a=justdave.
Patch for bug 275788: Provide a line of code that defines legal query formats for other scripts to use; patch by Colin S. Ogilvie <colin.ogilvie@gmail.com>, r=vladd, a=justdave.
Patch for bug 232328: Update CSS file in order to fix the display of columns in stagger headers mode using Internet Explorer; patch by Frédéric Buclin <LpSolit@netscape.net>, r=myk, r=glob, a=justdave.
Patch for bug 273339: Make attachment.cgi consistent with its activity log timestamps; patch by GavinS <bugzilla@chimpychompy.org>, r=vladd, a=justdave.
Documentation patch for bug 274220: Provide additional documentation about creating custom templates; patch by Shane H. W. Travis <travis@sedsystems.ca>, r=vladd.
Patch for bug 251911: Add missing variables in ThrowUserError from attachment.cgi (related code clean-up included); patch by Christian Reis <kiko@async.com.br>, r=joel, a=justdave.
projects / thirdparty / bugzilla.git / log
