Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bug 340538: Insecure dependency in exec while running with -T switch at ↵ | wurblzap%gmail.com | 2006-10-21 | 1 | -1/+0 |
| | | | | | | | /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk | ||||
* | Bug 281181: [SECURITY] It's way too easy to delete ↵ | lpsolit%gmail.com | 2006-10-15 | 1 | -3/+54 |
| | | | | versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 350120: undefined value when creating a new user account - Patch by ↵ | lpsolit%gmail.com | 2006-08-26 | 1 | -1/+1 |
| | | | | Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 87795: Creating an account should send token and wait for confirmation ↵ | lpsolit%gmail.com | 2006-08-20 | 1 | -16/+46 |
| | | | | (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk | ||||
* | Bug 343338: Eliminate "my" variables from the root level of modules | mkanat%bugzilla.org | 2006-07-14 | 1 | -4/+4 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | ||||
* | Bug 338375: Use Bugzilla->params everywhere instead of Param(). | mkanat%bugzilla.org | 2006-07-04 | 1 | -1/+0 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | ||||
* | Bug 342869: Use Bugzilla->params everywhere except templates | mkanat%bugzilla.org | 2006-07-04 | 1 | -7/+8 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | ||||
* | Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵ | lpsolit%gmail.com | 2006-06-21 | 1 | -3/+0 |
| | | | | Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 339862: Move Bugzilla::BugMail::MessageToMTA() in a separate module - ↵ | lpsolit%gmail.com | 2006-06-02 | 1 | -5/+5 |
| | | | | Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave | ||||
* | I forgot a "fix on checkin" (useless whitespaces) | lpsolit%gmail.com | 2006-03-10 | 1 | -1/+1 |
| | |||||
* | Bug 300551: Eliminate deprecated Bugzilla::DB routines from User.pm and ↵ | lpsolit%gmail.com | 2006-03-10 | 1 | -67/+60 |
| | | | | Token.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave | ||||
* | Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵ | lpsolit%gmail.com | 2006-01-03 | 1 | -1/+5 |
| | | | | logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave | ||||
* | Bug 301062: [PostgreSQL] whine.pl fails when using PostgreSQL 8.0.x - Patch ↵ | lpsolit%gmail.com | 2005-11-14 | 1 | -1/+1 |
| | | | | by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=manu a=justdave | ||||
* | Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵ | lpsolit%gmail.com | 2005-10-25 | 1 | -7/+7 |
| | | | | Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave | ||||
* | Bug 304582: Move GenerateRandomPassword() out of globals.pl - Patch by ↵ | lpsolit%gmail.com | 2005-09-02 | 1 | -2/+2 |
| | | | | Frédéric Buclin <LpSolit@gmail.com> r=joel a=myk | ||||
* | Bug 303669: Bugzilla mis-uses perl subroutine prototypes | mkanat%kerio.com | 2005-08-13 | 1 | -3/+3 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | ||||
* | Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵ | lpsolit%gmail.com | 2005-08-10 | 1 | -2/+2 |
| | | | | r=mkanat,wicked a=justdave | ||||
* | Backout of bug 303669 which broke AppendComment and possibly a number | bugreport%peshkin.net | 2005-08-09 | 1 | -3/+3 |
| | | | | of other items. | ||||
* | Bug 303669: Bugzilla mis-uses perl subroutine prototypes | mkanat%kerio.com | 2005-08-09 | 1 | -3/+3 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | ||||
* | Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵ | mkanat%kerio.com | 2005-07-08 | 1 | -1/+1 |
| | | | | | | insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | ||||
* | Bug 297646: Write helper functions for Bugzilla::Token.pm | bugzilla%glob.com.au | 2005-07-01 | 1 | -45/+80 |
| | | | | Patch by Byron Jones <bugzilla@glob.com.au> r=LpSolit,a=justdave | ||||
* | Bug: 284244: DATE_SUB and DATE_ADD are not ANSI SQL | mkanat%kerio.com | 2005-03-03 | 1 | -2/+2 |
| | | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=wicked, a=justdave | ||||
* | Bug 280502: Replace "INTERVAL" with Bugzilla::DB function call | mkanat%kerio.com | 2005-02-20 | 1 | -1/+2 |
| | | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave | ||||
* | Bug 280499: Replace "TO_DAYS()" with Bugzilla::DB function call | mkanat%kerio.com | 2005-02-20 | 1 | -2/+3 |
| | | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat, a=justdave | ||||
* | Bug 280497: Replace "LIMIT" with Bugzilla::DB function call | mkanat%kerio.com | 2005-02-19 | 1 | -2/+3 |
| | | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=justdave | ||||
* | Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function call | mkanat%kerio.com | 2005-02-18 | 1 | -8/+14 |
| | | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk | ||||
* | Bug 59351 - move all calls to sendmail to a central place. Patch by mkanat; ↵ | gerv%gerv.net | 2005-01-01 | 1 | -14/+5 |
| | | | | r=gerv,vladd; a=justdave. | ||||
* | Bug 250897: Enforce a 10 minute waiting period between password reset ↵ | justdave%bugzilla.org | 2004-10-25 | 1 | -4/+12 |
| | | | | | | | attempts to prevent the user getting mailbombed if the form is submitted multiple times. Patch by Joel Peshkin <bugreport@peshkin.net> r=kiko, a=justdave | ||||
* | Bug 237864: clean up leftovers from the bug 192516 checkin (some occurances ↵ | justdave%syndicomm.com | 2004-03-18 | 1 | -2/+2 |
| | | | | | | of Token got missed) r= gerv, a= justdave | ||||
* | Bug 192516: Moving the loose .pm files into the Bugzilla directory, where ↵ | justdave%syndicomm.com | 2004-03-18 | 1 | -1/+1 |
| | | | | | | | they belong. These files pre-date the Bugzilla directory, and would have gone there had it existed at the time. The four files in question were copied on the CVS server to preserve CVS history in the files. This checkin deletes them from the old location and modifies everything else to know where they are now. r= myk, gerv a= justdave | ||||
* | Bug 208699 - Move Throw{Code,Template}Error into Error.pm | bbaetz%acm.org | 2003-09-14 | 1 | -5/+6 |
| | | | | r,a=justdave | ||||
* | Bug 205463 - Tokens aren't canceled after a successful login. | bbaetz%acm.org | 2003-06-07 | 1 | -1/+1 |
| | | | | patch by 'Randall M! Gee', r=bbaetz, a=justdave | ||||
* | Bug 180642 - Move authentication code into a module | bbaetz%acm.org | 2003-03-22 | 1 | -10/+11 |
| | | | | | r=gerv, justdave a=justdave | ||||
* | Bug 193989: EmailSuffix wasn't getting used for password change tokens. ↵ | justdave%syndicomm.com | 2003-03-14 | 1 | -4/+1 |
| | | | | | | | Also removes real name from To: header which wasn't being escaped properly for RFC2822 specs. Patch by Jeff Lawson <jlawson-mozilla@bovine.net> r=justdave, a=justdave | ||||
* | Bug 164038 - token.cgi: Cancel token messages should be moved into the ↵ | gerv%gerv.net | 2002-09-30 | 1 | -2/+1 |
| | | | | templates. Patch by burnus; r=gerv. | ||||
* | Bug 163829 - move pref code into a separate package | bbaetz%student.usyd.edu.au | 2002-08-29 | 1 | -6/+8 |
| | | | | r=joel, preed | ||||
* | Bug 76923 - Don't |use diagnostics| (its really expensive at startup time) | bbaetz%student.usyd.edu.au | 2002-08-26 | 1 | -1/+0 |
| | | | | r=joel x2 | ||||
* | Fix for bug 150925: make email address changes work. | myk%mozilla.org | 2002-07-09 | 1 | -4/+3 |
| | | | | 2xr=bbaetz | ||||
* | Bug 135836 - change requests should include expiration details. Patch by ↵ | gerv%gerv.net | 2002-05-03 | 1 | -4/+25 |
| | | | | zeroJ@null.net; r=gerv, justdave. | ||||
* | Bug 135817 - update template filename. Oops. | gerv%gerv.net | 2002-04-26 | 1 | -1/+2 |
| | |||||
* | Bug 135814 - templatise Token.pm. Patch by zeroj; 2xr=bbaetz. | gerv%gerv.net | 2002-04-26 | 1 | -29/+14 |
| | |||||
* | Bug 136180 - use uri/url_quote filters correctly. Patch by ddk; 2xr=gerv. | gerv%gerv.net | 2002-04-25 | 1 | -3/+3 |
| | |||||
* | Bug 138588 - change to use new template structure. Patch by gerv, r=myk, ↵ | gerv%gerv.net | 2002-04-24 | 1 | -9/+6 |
| | | | | afranke. | ||||
* | Remaining pieces of Bug 23067 from yesterday... no idea why the first ↵ | justdave%syndicomm.com | 2002-04-02 | 1 | -18/+100 |
| | | | | commit didn't pick these up. | ||||
* | Fix for bug 125516: the recent fix for emails truncating when a period ↵ | justdave%syndicomm.com | 2002-02-17 | 1 | -2/+2 |
| | | | | | | | | occurred on a line by itself broke Exim because it needs the -t and -i as separate parameters instead of stacked (the original patch had -ti) Patch by Tobias Burnus <burnus@gmx.de> r= justdave, gerv | ||||
* | Fix for bug 117055: Emails were being truncated if they contained a line ↵ | justdave%syndicomm.com | 2002-02-06 | 1 | -2/+2 |
| | | | | | | | | | with nothing but a period on them. We now pass -i to sendmail and its clones to tell it to ignore periods (since we close the pipe when we're done, rather than signalling it with a period). Has been tested with sendmail and postfix. Patch by Dave Miller <justdave@syndicomm.com> r= afranke, bugzilla@bkor.dhs.org, jake | ||||
* | Fix for bug 108982: enable taint mode for all user-facing CGI files. | justdave%syndicomm.com | 2002-01-20 | 1 | -1/+0 |
| | | | | | Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave | ||||
* | Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' ↵ | justdave%syndicomm.com | 2001-08-17 | 1 | -2/+2 |
| | | | | | | | not locked", fixed typo in lock tables command. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com | ||||
* | Fix for bug 95535: the token generator for password resets is allowing the & ↵ | justdave%syndicomm.com | 2001-08-16 | 1 | -0/+1 |
| | | | | | | | character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password. Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org | ||||
* | Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored ↵ | justdave%syndicomm.com | 2001-07-11 | 1 | -0/+184 |
in plaintext in the database. Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function. The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5). Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column. As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead. The user is emailed a temporary identifying token, with a link back to Bugzilla. They click on the link or paste it into their browser and Bugzilla allows them to change their password. Patch by Myk Melez <myk@mozilla.org> r= justdave@syndicomm.com, jake@acutex.net |