jake%acutex.net [Sat, 18 Aug 2001 03:18:33 +0000 (03:18 +0000)]
Fix for bug 95747 - CC List validation (for additions) wasn't happening until after the bug's changes were in the process of being commited. This caused problems if a typo was made in the e-mail address.
r= myk@mozilla.org
jake%acutex.net [Fri, 17 Aug 2001 19:42:34 +0000 (19:42 +0000)]
Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' not locked", fixed typo in lock tables command.
Patch by Myk Melez <myk@mozilla.org>
r= jake@acutex.net
Fix for bug 95743: the role-accessible checkboxes were getting cleared if a user with group access had to log in to make changes to a public bug.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' not locked", fixed typo in lock tables command.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org
Fix for bug 87779: thanks to the new password reset code, there was no clear way to create a new Bugzilla account from the login screen. There is now a link to createaccount.cgi from the login screen, and the text around the password reset button has been edited so it doesn't sound like you can get a new account by using it (because you can't)
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org
Fix for bug 92593: Changing a bugs product will no longer remove the votes from that bug unless the number of votes for a given user is beyond what is allowed per-bug on the new product. Only the per-bug vote count is checked. If the user is beyond the per-product vote limit for the new product, it is left alone, on the theory that it's better to preserve the votes on the bug. The user will be forced to reduce their votes to fit the product limit the next time they try to vote on something.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Re-fix for bug 95082: allow syncshadowdb to continue to make queries while Bugzilla is shut down.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 26194: There are now substitution parameters available for use in newchangedmail which will include the reason(s)
that the person is receiving the mail in either an email header, the body of the message, or both. The default newchangedmail
parameter includes these in it. If you have an existing installation you will need to either hit "reset" next to the
newchangedmail parameter, or add the substitution parameters where you like them according to the instructions given in
editparams.cgi viewed from the web.
Patch by Matthew Tuck <matty@chariot.net.au> and Zach Lipton <zach@zachlipton.com>
r= justdave@syndicomm.com
Fix for bug 39816: Anyone in CC, Reporter, QA Contact, or Asigned To fields can now be given access to view a bug even if the permissions on that bug are set to a group that would normally exclude those people.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 94618: remove restrictions on valid characters in passwords. If crypt() takes it, why shouldn't we?
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
fix for bug 66235: process_bug.cgi: multiple product change misses the groupset bit. Patch by Myk <myk@mozilla.org> r=Jake, oh, and it's my first checkin, yahoo!
Re-fix for bug 55161 - if data is partial in activity table, prepend a ? to indicate that we don't know for sure what got dropped.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
fix for bug 91903: insecure dependency in require in importxml.pl under taint mode only in Perl 5.005.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
re-fix bug 76154: permissions weren't being set correctly on the .htaccess files when checksetup.pl was run again. Also adding .htaccess to .cvsignore so it won't show up as ? in cvs diffs and updates.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net
Remove the code for rejecting the version of MySQL with broken encryption (as bugzilla no longer uses MySQL's encrypt routine). Also, point to mysql.com for downloading newer versions.
Patch by Myk Melez <myk@mozilla.org>
r= jake@acutex.net
re-fix for bug 55161: buglist works again if you search for change history on a bug
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 76154: Bugzilla can now optionally provide .htaccess files for Apache to help restrict viewing of private data
Patch by Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net
Fix for bug 84714 and bug 88797: You can now change bug groups from the "change several bugs" form even if the bugs aren't all in the same groups. Also, the groups are no longer cleared when you make a change from the "change several bugs" form (unless you tell it to)
Patch by Joe Robins <jmrobins@tgix.com> and Dave Miller <justdave@syndicomm.com>
r= zach@zachlipton.com
a= justdave@syndicomm.com
Fix for bug 84714 and bug 88797: You can now change bug groups from the "change several bugs" form even if the bugs aren't all in the same groups. Also, the groups are no longer cleared when you make a change from the "change several bugs" form (unless you tell it to)
Patch by Joe Robins <jmrobins@tgix.com> and Dave Miller <justdave@syndicomm.com>
r= zach@zachlipton.com
a= justdave@syndicomm.com
Re-fix for bug 77699: the undefined error affected other browsers than just IE5, so work around it for all browsers.
Patch by Stephen Lee <slee@uk.bnsmc.com>
r= afranke@ags.uni-sb.de
Fixing minor problem caused by the original bug 77473 checkin where an SQL error was being produced if you tried to log in
with an invalid username.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com, jake@acutex.net
Fix for bug 87701: Invalid username in bug changes echoed back without escaping HTML data
Patch by Gervase Markham <gervase.markham@univ.ox.ac.uk>
r= justdave@syndicomm.com
Fix for bug 59349: Processmail now runs in taint (perl -T and $db->{Taint}=1) mode. Hooks also added to globals.pl to make converting other files in Bugzilla to run in Taint mode easier.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 76183 and bug 71555: consolidates chmod activity in one place in checksetup.pl and also provides permission setting for bugzilla installations installed in a personal user directory as opposed to the server's main web space. (makes the files world-readable so the webserver can see them, since you can't set the group)
Patch by Christian Reis <kiko@async.com.br>
r= justdave@syndicomm.com
jake%acutex.net [Thu, 28 Jun 2001 22:42:29 +0000 (22:42 +0000)]
Refix bug 80289. Don't print header for groups if there aren't any groups to display (was printing a header without groups in rare instances).
Patch by Joe Robins <jmrobins@tgix.com>
r= jake@acutex.net
Fix for bug 80289: Group restrictions are now identified with checkboxes instead of select widgets. Also, product groups are now only offered if they are either already set, or match the current product (i.e. the option to set a product bit for a product other than the one the bug is in is no longer available) This results in much less clutter for the admin folks on sites with lots of products.
Patch by Joe Robbins <jmrobins@tgix.com>
r= justdave@syndicomm.com
Re-fix for bug 28458: AddFDef always replaces the fielddefs every time you run checksetup.pl, so the change to them during doeditparams was nullified if you updated. Other recent changes have nullified the reason for changing it in editparams anyway, so just backing that part out.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 47914: buglist.cgi always had a not-logged-in footer if you were unlucky enough to have a login cookie that got corrupted in the shadow database. This patch makes buglist.cgi switch back to the primary database before looking up your login cookie for the footer.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 85833: show_bug.cgi (and probably others) now allow leading or trailing spaces in the bug id, to allow for user input error. This used to work, and recent bug validation changes broke it.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 45918: the old password field on the userprefs page is now used to log you back in if you try to change your password with cookies turned off, which avoids the confusing login screen after entering your new password in which you used to have to enter your old password one more time in order to let it set your new password (yes, it used to be as confusing as that just sounded :)
r= tara@tequilarista.org
jake%acutex.net [Tue, 19 Jun 2001 09:05:08 +0000 (09:05 +0000)]
Running a query using the Added Comment option was very slow (bug 57350).
Patch by Myk Melez <myk@mozilla.org> and Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net
jake%acutex.net [Fri, 15 Jun 2001 03:02:31 +0000 (03:02 +0000)]
Checking in the cleaner version of the fix for "No Available Products". This was attached to bug 65311.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net
Fix for bug 84596: Syncshadowdb wasn't using the db_user and db_pass from localconfig, which meant that it previously wouldn't run unless it was running under a user that had access to the bugs and shadowbugs dbs and didn't have a password. It now looks for db_user and db_pass and specifies them on the command line to mysqldump and mysql if they're in use.
r= tara
Re-fix for bug 21253: fix calling conventions for syncshadowdb so that a phony parameter to get past the multi-param system() test in tinderbox actually works.
r= tara
jake%acutex.net [Fri, 8 Jun 2001 20:12:13 +0000 (20:12 +0000)]
Give a logical error message if no products are available to a user for bug entry (bug 84285).
Patch by Paul Thomas <paul.thomas@sse.ie>
r= jake@acutex.net
Hopefully the fix for bug 77778: component lists, etc stuttering due to corruption in data/versioncache.
Patch design by Terry Weissman <terry@mozilla.org>
Patch implemented by Dave Miller <justdave@syndicomm.com>
r= tara@tequilarista.org
Fix for bug 15980: Password is no longer shown in the location bar on the first page you load after logging in.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net
Fix for bug 83872: Bugzilla no longer requires the Mysql Perl module, but the DBD::mysql Perl module, and has been this way for a while. Fixing the version checks in checksetup.pl to check the correct module. Also eliminates a DBD::mysql-specific database function call that is depricated in the current version of DBD_mysql.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake@acutex.net, tara@tequilarista.org
Fix for bug 39557: doeditvotes.cgi will no longer create a vote record for a nonexistant bug if the HTML is tampered with or other bugs cause bad bug numbers in the submitted form.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Fix for bug 82781: describecomponents.cgi now checks viewing permissions to make sure you can see a product
Patch by Myk Melez <myk@mozilla.org>
r= tara@tequilarista.org
Fix for bug 28458: "NEW" bugs were not getting CC or QA Contact information displayed.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
Fix for bug 75482: adding the capability to deactivate a group without deleting it (prevent new bugs from being placed into that group, but don't remove the group restriction from bugs already in it).
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
jake%acutex.net [Sat, 2 Jun 2001 21:24:45 +0000 (21:24 +0000)]
sanitycheck.cgi was able to be run by anybody - even people without Bugzilla accounts. It is now restricted to only people with the editbugs permission (bug 54556).
Patch by Myk Melez <myk@mozilla.org>
r= jake@acutex.net
Fix for bug 65190: add comparison type "all words as substrings" and "any words as substrings" to the text fields in query.cgi
Patch by Andreas Franke <afranke@ags.uni-sb.de>
r= justdave@syndicomm.com
Fix for bug 78407: extra safeguard against overpopping the email list when pruning people who aren't supposed to get mail.
Patch by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
jake%acutex.net [Thu, 31 May 2001 22:52:23 +0000 (22:52 +0000)]
Bugzilla was leaking information about bugs marked secure (using bug groups). This checkin fixes bugs 39524, 39527, 39531, and 39533.
Patches by Myk Melez <myk@mozilla.org>.
r= jake@acutex.net
jake%acutex.net [Wed, 30 May 2001 22:47:30 +0000 (22:47 +0000)]
Fix for bug 45164 - New users created by the admin were not subject to the userregexp for groupsets.
Patch by Joe Robins <jmrobins@tgix.com>
r= jake@acutex.net
Dummy commit so I can put the attributions I forgot in the previous one.
Patch from bug 65290 was by Jake Steenhagen <jake@acutex.net>
r= justdave@syndicomm.com
projects / thirdparty / bugzilla.git / log
