Fix for bug 108385: it was possible to add comments as someone else. User identity is checked now, and the form values
suggesting the username are now ignored.
r=jake
jake%acutex.net [Wed, 14 Nov 2001 11:44:07 +0000 (11:44 +0000)]
We don't really need to look for fragments that are pulled in by [% INCLUDE %] or [% PROCESS %]. While removing this code bit doesn't allow us to seperatly check that those fragments exist and compile, they'll be checked atomatically when the the template that wants them is run through the process() routine by the 004template.t test. This issue was raised because bug 98707 introduced a [% BLOCK %] element and the syntax for using that is the same as for including a template fragment.
jake%acutex.net [Mon, 12 Nov 2001 21:43:59 +0000 (21:43 +0000)]
Fix for bug 86300 - If a bug didn't exist and GetBugLink() tried to create a tooltip for it, you'd get uninitialized variables warnings in your error log. This path also introduces a cache so if the same bug # is mentioned more than once during the same running of the script, it only has to query the database once.
r= mattyt, gerv
Fix for bug 99519: timestamps were not being set correctly in the activity table in some situations, and the delta_ts on the
bug itself was not always being updated if dependencies or CCs changed.
Patch by Dave Miller <justdave@syndicomm.com>
r= bbaetz, jake
myk%mozilla.org [Thu, 8 Nov 2001 10:43:55 +0000 (10:43 +0000)]
Fix for bug 104652: Duplicate bugs in the dependency tree now get marked with the message "This bug appears elsewhere in this tree." so users know why the bug does not appear to have dependencies.
Patch by Gerv <gerv@mozilla.org>.
r=jake@acutex.net,myk@mozilla.org
myk%mozilla.org [Thu, 8 Nov 2001 08:52:13 +0000 (08:52 +0000)]
Fix for bug 108821: Prevent users with any blessgroupset privileges from blessing any group set.
Patch by Jake <jake@acutex.net> and Bradley <bbaetz@cs.mcgill.ca>.
r=jake,myk for Bradley's portion, r=bbaetz,myk for Jake's portion.
Require (temporarily) mysql >= 3.23.5 for the ~ operator, needed for the
fix to bug 107718. This should be removed when the group stuff lands (bug
60822).
SECURITY FIX see bug 108385: Due to trusting of passed form fields that shouldn't have been trusted, it was possible to add a comment to a bug pretending to be someone else if you edited the HTML by hand before submitting. The bug form did not include the field in question, but due to legacy processing code, the field was still trusted if it was present.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake x2
SECURITY FIX see bug 108516: Due to trusting of passed form fields that shouldn't have been trusted, it was possible to file a
bug pretending to be someone else if you edited the HTML by hand before submitting.
Patch by Dave Miller <justdave@syndicomm.com>
r= bbaetz, jake
Fix for bug 96675: checksetup should require admin e-mail address satisfy emailregexp. This fix has
checksetup.pl use the emailregexp set in params if the params file exists, or ensures that it matches the
default emailregexp from defparams.pl.
jake%acutex.net [Sat, 27 Oct 2001 22:27:31 +0000 (22:27 +0000)]
A few enhancements to the template test:
* If there's a compilation error, report what it is
* Don't try to compile a template if it doesn't exist
- We already tested for that and issued an ERROR
* Define the 'url' FILTER
jake%acutex.net [Sat, 27 Oct 2001 01:35:04 +0000 (01:35 +0000)]
Bug 81594 - SQL error after editing user entry when changing numerous things at once (including the login name).
Patch by Matthew Tuck <matty@chariot.net.au>
r= dkl@redhat.com, jake@acutex.net
jake%acutex.net [Thu, 25 Oct 2001 21:46:58 +0000 (21:46 +0000)]
Bug 104065 - Stop uninitilized string warnings from getting into the error log when the login cookie doesn't exist.
Patch by Dave Miller <justdave@syndicomm.com>
r= gerv@mozilla.org, jake@acutex.net
jake%acutex.net [Thu, 25 Oct 2001 01:41:49 +0000 (01:41 +0000)]
Don't rely on the TEST_VERBOSE environment variable (no longer exported from runtests.sh) and instead print to the TESTOUT file handle pulled in from Test::More. This will allow the testing backend to check for verbosity rather than having to handle it in the .t files.
jake%acutex.net [Wed, 24 Oct 2001 20:29:49 +0000 (20:29 +0000)]
Bug 106424 - We weren't going orange on warnings such as "used only once". This script now properly outputs the --WARNING and fails on such a condition.
myk%mozilla.org [Wed, 24 Oct 2001 08:31:09 +0000 (08:31 +0000)]
Fix for bug 106315: Link on bug list for emailing QA contacts.
Patch by Dave Miller <justdave@syndicomm.com>.
r=myk@mozilla.org, no second review needed.
Bug 97469 - Assignee/QA/Reporter/CC don't get email on restricted bugs.
Also fixes seeing bugs in the buglist (bug 95024), dependancy lists,
tooltips, duplicates, and everywhere else I could see which checked group
bugs.groupset == 0.
jake%acutex.net [Tue, 23 Oct 2001 21:45:45 +0000 (21:45 +0000)]
Bug 63249 - The Bug Counts report was running very slowly due to unneeded fields/joins in the SQL query.
Patch by Matthew Tuck <matty@chariot.net.au>
r= gerv@mozilla.org, jake@acutex.net
jake%acutex.net [Sat, 20 Oct 2001 20:03:14 +0000 (20:03 +0000)]
Bug 71840 - Make comments referenceable using a #c4 to get the fourth comment.
Patch by Gerv <gerv@mozilla.org> and Myself.
r= jake@acutex.net, gerv@mozilla.org, justdave@syndicomm.com
jake%acutex.net [Sat, 20 Oct 2001 07:50:27 +0000 (07:50 +0000)]
Bug 105480 - Use the friendly name from the fielddefs table when reporting strictvalue errors if it's available.
Patch by James A. Laska <jlaska@us.ibm.com>
r= justdave@syndicomm.com, jake@acutex.net
jake%acutex.net [Sat, 20 Oct 2001 07:22:52 +0000 (07:22 +0000)]
Bug 104340 - Changing the UI of the toolbar for hiding bugs in the dependency tree.
Patch by Christian Reis <kiko@async.com.br>
r= justdave@syndicomm.com, gerv@mozilla.org
jake%acutex.net [Sat, 20 Oct 2001 06:49:37 +0000 (06:49 +0000)]
Bug 73180 - We now put a notice at the top of the versioncache file saying that it should not be edited.
Patch by Matthew Tuck <matty@chariot.net.au>
r= gerv@mozilla.org, jake@acutex.net
jake%acutex.net [Sat, 20 Oct 2001 05:39:46 +0000 (05:39 +0000)]
Bug 103664 - Tests should "use strict;" and not contain any tabs. We should also use the TEST_VERBOSE environment variable instead of VERBOSE.
Patch by David D. Kilzer <ddkilzer@theracingworld.com>
Additional edits by myself to add the emacs mode line. Also, the change to runtests.sh was done by me.
jake%acutex.net [Tue, 16 Oct 2001 02:12:46 +0000 (02:12 +0000)]
The recommended style for perl (which is the styleguide Bugzilla will use) specifies that else should not be cuddled. This guide, while not specifically saying it, elluded to cuddling else. Fixing that problem.
Fix for bug 104516: No code changes in this patch, all this checkin does is remove all tabs from the bugzilla source and replace it with the appropriate number of spaces (in most cases 8) to line up with existing code. This is part of the effort to bring the existing codebase up to par with our style guidelines.
Patch by Jake Steehagen <jake@acutex.net>
r= justdave x2
Fix for bug 19910: Bugzilla installs on the same server would interfere with each others' cookies. Cookies now have a path value that can be set to indicate which bugzilla install they belong to. Browsers will only send the cookie to the appropriate installation. The path can be set in the 'cookiepath' parameter in editparams.cgi.
Patch by Dave Lawrence <dkl@redhat.com>
r= myk, justdave
Fix for bug 101056: multiple form values of the same name were not getting correctly stashed if the user had to log in as part
of a form submit.
Patch by Myk Melez <myk@mozilla.org>
r= gerv, justdave
jake%acutex.net [Fri, 12 Oct 2001 02:51:33 +0000 (02:51 +0000)]
Fix for bug 104180 - should only be used in the display for a saved query w/a space, not in the URL.
Patch by Christian Reis <kiko@async.com.br>
r= jake@acutex.net
jake%acutex.net [Fri, 12 Oct 2001 02:44:46 +0000 (02:44 +0000)]
Fix for bug 103592 - e-mail addresses that are longer than 30 characters will be truncated in the bug list.
Patch by Christian Reis <kiko@async.com.br>
r= gerv@mozilla.org, afranke@ags.uni-sb.de, jake@acutex.net
jake%acutex.net [Fri, 12 Oct 2001 02:07:00 +0000 (02:07 +0000)]
Fix for bug 104117 - The editkeywords.cgi link was broken as a result of the fix for bug 103554.
Patch by Christian Reis <kiko@async.com.br>
r= jake@acutex.net
Fix for bug 97784: comments in attachment update form are now properly word-wrapped. This is a server-side implementation to
do the word-wrapping, which will probably eventually be used in the main comments area on the bug form as well.
Patch by Myk Melez <myk@mozilla.org>
r= gerv, justdave
Fix for bug 103554: HTML generated by the PutHeader and GetCommandMenu subroutines now validates as HTML 4.01 at W3C.
Patch by Christian Reis <kiko@async.com.br>
r= caillon, gerv, justdave
myk%mozilla.org [Thu, 11 Oct 2001 02:50:02 +0000 (02:50 +0000)]
Fix for bug 27420: Gives the Component and Target Milestone fields extra space in the long list display of bugs.
Patch by Randall Whitman <randall.whitman@solipsa.com>.
r=justdave@syndicomm.com, no second review needed
jake%acutex.net [Wed, 10 Oct 2001 20:26:28 +0000 (20:26 +0000)]
Fix for bug 65164 - Bugzilla wasn't sending </html> at the end of its pages.
Patch by Christian Reis <kiko@async.com.br>
r= gerv@mozilla.org, jake@acutex.net
partial backout of the checkin from bug 103121, because it collided with the patch from bug 51519. This should satifactorily
meet the goals of both patches. patch by kiko, r= justdave
jake%acutex.net [Sun, 7 Oct 2001 01:59:32 +0000 (01:59 +0000)]
Test that scans Bugzilla's code looking for used templates then checks to make sure that:
a) All the required templates exist
b) They all have good syntax
No review needed for tests at this time. NOT PART OF BUILD
projects / thirdparty / bugzilla.git / log
