aboutsummaryrefslogtreecommitdiffstats
path: root/token.cgi
Commit message (Collapse)AuthorAgeFilesLines
* Bug 355596: Your password should be requested to confirm your email address ↵Koosha Khajeh Moogahi2012-05-281-5/+11
| | | | | | change r/a=LpSolit
* Bug 752303: It is no longer possible to cancel an email address change when ↵Koosha Khajeh Moogahi2012-05-181-14/+5
| | | | | | this one has already been confirmed r/a=LpSolit
* Bug 319953: Missing real email syntax checkFrédéric Buclin2012-01-231-3/+1
| | | | r=glob a=LpSolit
* Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin2012-01-111-20/+5
| | | | | | add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
* Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵Frédéric Buclin2011-12-281-0/+4
| | | | | | WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=glob a=LpSolit
* Fix complains from 012throwables.t due to bug 677901Frédéric Buclin2011-08-161-8/+9
|
* Bug 677901: Bugzilla crashes when no token is passed to token.cgi but the ↵Frédéric Buclin2011-08-161-161/+101
| | | | | | script expects one, because tokens are incorrectly validated r/a=mkanat
* Bug 658929 - User autocomplete is very slow when there are lots of users in ↵David Lawrence2011-07-051-1/+1
| | | | | | the profiles table r/a=mkanat
* Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin2010-05-201-5/+2
| | | | | | ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
* Bug 514913: Eliminate ssl="authenticated sessions"mkanat%bugzilla.org2009-10-091-8/+0
| | | | Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
* Bug 508189: (CVE-2009-3166) [SECURITY] Logging in after changing your ↵mkanat%bugzilla.org2009-09-111-0/+4
| | | | | | password would expose your new password in the URL Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
* Bug 349336: Automatically log in the user when he chooses his password to ↵lpsolit%gmail.com2009-08-111-2/+6
| | | | create his new account - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
* 496856 - correct patchbbaetz%acm.org2009-06-121-1/+1
| | | | (original patch r/a=mkanat)
* Bug 496856 - Fix token.cgi transaction handlingbbaetz%acm.org2009-06-101-5/+9
|
* Bug 452519: Fix timezones in emails - Patch by Frédéric Buclin ↵lpsolit%gmail.com2009-01-081-1/+2
| | | | <LpSolit@gmail.com> r=wicked a=LpSolit
* Bug 455814: token.cgi should reject password change requests for disabled ↵lpsolit%gmail.com2008-09-201-0/+6
| | | | accounts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit
* Bug 455815: Remove global variables from token.cgi - Patch by Frédéric ↵lpsolit%gmail.com2008-09-191-65/+70
| | | | Buclin <LpSolit@gmail.com> r/a=mkanat
* Bug 428659 – Setting SSL param to 'authenticated sessions' only ↵dkl%redhat.com2008-08-181-2/+3
| | | | | | | protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
* Backing out these patches as they cause a regression. More informationdkl%redhat.com2008-07-291-3/+5
| | | | | | | | | | | in the respective bug reports. Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
* Bug 428659 – Setting SSL param to 'authenticated sessions' only ↵dkl%redhat.com2008-07-101-5/+3
| | | | | | protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
* Bug 405946: Some emails are not sent in the language chosen by the addressee ↵lpsolit%gmail.com2008-04-021-11/+7
| | | | - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
* Bug 403834: Replace table locks with database transactions in tokens, votes, ↵lpsolit%gmail.com2007-11-191-8/+4
| | | | and sanitycheck - Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat
* Bug 399954: Make Bugzilla able to hold its dependencies in a local directorymkanat%bugzilla.org2007-10-191-1/+1
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 238651 (a&b) Include the login name (in <code>) for "account_inexistent" ↵timeless%mozdev.org2007-07-231-1/+1
| | | | | | error r=lpsolit a=lpsolit
* Bug 365472 rename 'token_inexistent' to 'token_does_not_exist' or somethingtimeless%mozdev.org2007-07-101-1/+1
| | | | r=lpsolit a=lpsolit
* Bug 366466 - "flag notification mail has canceled spelled incorrectly" ↵reed%reedloden.com2007-03-111-5/+5
| | | | [p=reed r=timeless a=mkanat]
* Bug 340538: Insecure dependency in exec while running with -T switch at ↵wurblzap%gmail.com2006-10-211-20/+20
| | | | | | | /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
* Bug 281181: [SECURITY] It's way too easy to delete ↵lpsolit%gmail.com2006-10-151-1/+1
| | | | versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
* Bug 349349: Use ->create from Bugzilla::Object instead of insert_new_user ↵mkanat%bugzilla.org2006-08-261-25/+7
| | | | | | for Bugzilla::User Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
* Bug 87795: Creating an account should send token and wait for confirmation ↵lpsolit%gmail.com2006-08-201-0/+87
| | | | (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk
* Bug 173629: Clean up "my" variable scoping issues for mod_perlmkanat%bugzilla.org2006-07-061-3/+3
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
* Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵lpsolit%gmail.com2006-06-211-9/+3
| | | | Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
* Spelling in code comments patch: 'methids' -> 'methods'; patch by Vlad ↵vladd%bugzilla.org2006-06-191-1/+1
| | | | Dascalu <vladd@bugzilla.org>.
* Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN blockmkanat%bugzilla.org2006-05-121-1/+1
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
* Bug 332598: Move ValidatePassword() and DBNameToIdAndCheck() from globals.pl ↵lpsolit%gmail.com2006-05-081-2/+2
| | | | into User.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
* Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵lpsolit%gmail.com2005-10-251-4/+4
| | | | Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
* Bug 312307: Misused Throw*Error tags in code and templates - Patch by Dennis ↵lpsolit%gmail.com2005-10-241-4/+2
| | | | Melentyev <dennis.melentyev@infopulse.com.ua> r=LpSolit a=justdave
* Bug 303697: Eliminate deprecated Bugzilla::DB routines from token.cgi - ↵lpsolit%gmail.com2005-10-121-40/+42
| | | | Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
* Bug 304583: Remove all remaining need to rederive inherited groupsbugreport%peshkin.net2005-08-191-2/+2
| | | | | Patch by Joel Peshkin <bugreport@peshkin.net> r=mkanat, a=justdave
* Bug 304653: remove 'use Bugzilla::Error' from Util.pm - Patch by Frédéric ↵lpsolit%gmail.com2005-08-161-3/+4
| | | | Buclin <LpSolit@gmail.com> r=mkanat a=myk
* Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵lpsolit%gmail.com2005-08-101-1/+1
| | | | r=mkanat,wicked a=justdave
* Bug 301453: Move CheckEmailSyntax out of CGI.pl - Patch by Frédéric Buclin ↵lpsolit%gmail.com2005-07-211-1/+1
| | | | <LpSolit@gmail.com> r=mkanat a=myk
* Bug 300336: Bugzilla::Auth should not contain any exported subroutinesmkanat%kerio.com2005-07-131-1/+1
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
* Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case ↵mkanat%kerio.com2005-07-081-1/+3
| | | | | | insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
* Bug 280503: Replace "LOCK/UNLOCK TABLES" with Bugzilla::DB function callmkanat%kerio.com2005-02-181-8/+13
| | | | Patch By Tomas Kopal <Tomas.Kopal@altap.cz> r=mkanat,a=myk
* Bug 280994 : Move ValidateNewUser out of globals.pltravis%sedsystems.ca2005-02-091-1/+1
| | | | Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
* Bug 278792 : Move Crypt() to Bugzilla::Authtravis%sedsystems.ca2005-02-011-1/+2
| | | | Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
* Bug 241900: Allow Bugzilla::Auth to have multiple login and validation stylesbugreport%peshkin.net2004-07-211-1/+8
| | | | | | patch by erik r=joel, kiko a=myk
* Fix for bug 234175: Remove deprecated ConnectToDatabase() andkiko%async.com.br2004-03-271-3/+3
| | | | | | | quietly_check_login()/confirm_login() calls. Cleans up callsites (consisting of most of our CGIs), swapping (where appropriate) for calls to Bugzilla->login. Patch by Teemu Mannermaa <wicked@etlicon.fi>. r=bbaetz, kiko. a=justdave.
* Fix for bug 226764: Move InvalidateLogins into Bugzilla::Auth::CGI.kiko%async.com.br2004-03-271-1/+1
| | | | | | | | | | | | | Consolidates the logout code into Bugzilla::Auth::CGI, and provides simple front-end wrappers in Bugzilla.pm for use in the CGIs we have. r=bbaetz, joel; a=justdave. Adds a set of constants to the logout() API which allow specifying "how much" we should log out -- all sessions, the current session, or all sessions but the current one. Fixes callsites to use this new API; cleans and documents things a bit while we're at it. Part I in the great COOKIE apocalypse.