Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking ↵ | Dylan William Hardison | 2018-02-16 | 2 | -0/+65 |
| | | | | | | contents of certain fields due to regex search r=jfearn,a=dylan | ||||
* | Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427623 by setting (#57) | Quanah Gibson-Mount | 2018-01-04 | 1 | -0/+1 |
| | | | the priority on import | ||||
* | Significant update to jb2bz.py. (#58) | Quanah Gibson-Mount | 2018-01-04 | 1 | -56/+65 |
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427626 Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427638 Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427664 Convert jb2bz to use "email" module rather than rfc822, multifile, mimetools, and StringIO for easier manipulation of the mailbox objects. This fixed (among other things) 1427626 as the Subject of the email is now obtained correctly. Fix the date formatting throughout to always use UTC, which is what Bugzilla expects for the dates. This fixed 1427638. Fix attachment processing, which was using multifile rather than walking the parts of the email object. This fixed part of 1427664 Fix the fact that the process_reply_file function never checked for attachments in any followups. This fixed part of 1427664 Fix attachment processor to ignore various signatures and message/rfc822 multipart messages. For the latter, it sets "filename=" values to files that don't actually exist, which caused attachment processing to bomb. | ||||
* | Bug 1301887 - File::Slurp triggers warnings on perl 5.24 (#53) | Vitaly Belekhov | 2018-01-04 | 9 | -28/+44 |
| | | | | | | | | | | * Bug 1301887 - File::Slurp triggers warnings on perl 5.24 and it is recommended to not use it (#21) r=mtyson * Fix for vrite in aa735d4 * Added https://gitweb.gentoo.org/proj/gentoo-bugzilla.git/commit/?id=ca7bfc9c485c959fad2aee1f7c1dbc0fb484553b | ||||
* | Bug 1398100 - tiny tweaks to release notes | Gervase Markham | 2017-09-08 | 1 | -1/+2 |
| | |||||
* | Revert "Bug 1306534 - Crash when pasting UTF8 text as an attachment" | Dylan William Hardison | 2016-10-19 | 1 | -1/+0 |
| | | | | This reverts commit 89cb60fe38a7962c876bce18368db90cedda84eb. | ||||
* | Bug 1310728 - editflagtypes.cgi crashes when classifications are enabled and ↵ | Frédéric Buclin | 2016-10-17 | 1 | -1/+1 |
| | | | | | | the user hasn't global editcomponents privs r/a=dkl | ||||
* | Bug 1306534 - Crash when pasting UTF8 text as an attachment | Matt Tyson | 2016-10-11 | 1 | -0/+1 |
| | | | | r=dylan | ||||
* | nit: wrong method call in Bugzilla::Migrate | Dylan William Hardison | 2016-10-08 | 1 | -1/+1 |
| | |||||
* | Bug 1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19) | Dylan William Hardison | 2016-10-08 | 2 | -2/+2 |
| | |||||
* | Bug 1303702 - bug history table 'when' column shows 00:00 only using sqlite | Andrea Orsini | 2016-09-19 | 1 | -0/+1 |
| | | | | r/a=dylan | ||||
* | - New CI docker image for testing | David Lawrence | 2016-09-07 | 1 | -17/+19 |
| | |||||
* | Bug 1292510 - replace references to git.mozilla.org with references to ↵ | Gervase Markham | 2016-08-05 | 7 | -6/+18 |
| | | | | github. r=dylan | ||||
* | Fix the default API URL | Frédéric Buclin | 2016-06-01 | 1 | -2/+2 |
| | |||||
* | Bug 1269266 - API links for Bugzilla 5+ not working anymore | Frédéric Buclin | 2016-06-01 | 2 | -6/+5 |
| | |||||
* | Bug 1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 ↵ | Frédéric Buclin | 2016-05-20 | 1 | -9/+8 |
| | | | | | | upgrade r/a=dkl | ||||
* | Bumped version post-release | David Lawrence | 2016-05-16 | 1 | -1/+1 |
| | |||||
* | Bumped version to 5.0.3 | David Lawrence | 2016-05-16 | 1 | -1/+1 |
| | |||||
* | Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency ↵ | Frédéric Buclin | 2016-05-16 | 1 | -1/+7 |
| | | | | | | graphs via bug summary r/a=dkl | ||||
* | Bug 1269388 - Release notes for Bugzilla 5.0.3 | Frédéric Buclin | 2016-05-13 | 1 | -0/+34 |
| | | | | r=dkl | ||||
* | Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if ↵ | Dylan William Hardison | 2016-05-13 | 1 | -1/+1 |
| | | | | tab.link is user-controlled | ||||
* | Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵ | David Lawrence | 2016-05-02 | 1 | -6/+42 |
| | | | | to remove b2gtest from Treeherder results | ||||
* | Bug 1259881 - CSV export vulnerable to formulae injection (again) | Frédéric Buclin | 2016-04-25 | 1 | -3/+4 |
| | | | | r=sgreen a=dkl | ||||
* | Bug 542239 - Accept pronouns everywhere in query.cgi | Albert Ting | 2016-04-20 | 2 | -2/+3 |
| | | | | r=dkl,a=dkl | ||||
* | Bug 1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only ↵ | Frédéric Buclin | 2016-04-15 | 1 | -1/+1 |
| | | | | | | generated files r=gerv | ||||
* | Email::MIME::Attachment::Stripper is no longer used, see bug 437076 | Frédéric Buclin | 2016-04-10 | 1 | -2/+1 |
| | |||||
* | Fix an incorrect URL in the documentation | Frédéric Buclin | 2016-04-09 | 1 | -1/+1 |
| | |||||
* | Bug 1204957 - Locally compiled POD documentation is no longer accessible ↵ | Frédéric Buclin | 2016-04-09 | 4 | -12/+25 |
| | | | | | | from docs/en/html/api/ r=dkl | ||||
* | Bug 1246228 - Email addresses must not be encoded | Frédéric Buclin | 2016-04-06 | 2 | -14/+4 |
| | | | | r/a=dkl | ||||
* | Bug 1261124: When deleting a component, this component is listed again | Frédéric Buclin | 2016-04-05 | 1 | -1/+4 |
| | | | | r/a=dkl | ||||
* | Bug 1260027: Document how to compile the documentation on Windows | Frédéric Buclin | 2016-04-01 | 2 | -12/+32 |
| | | | | r=gerv | ||||
* | Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵ | Frédéric Buclin | 2016-04-01 | 1 | -16/+12 |
| | | | | | | single application r=gerv | ||||
* | Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl | Frédéric Buclin | 2016-03-27 | 1 | -0/+1 |
| | |||||
* | Bug 1255619: CGI scripts should not send duplicated headers | Frédéric Buclin | 2016-03-21 | 4 | -36/+7 |
| | | | | r/a=dkl | ||||
* | Bug 1230932: Providing a condition as an ID to the webservice results in a ↵ | Frédéric Buclin | 2016-03-19 | 4 | -3/+23 |
| | | | | | | taint error r/a=dkl | ||||
* | Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵ | Frédéric Buclin | 2016-03-15 | 1 | -0/+3 |
| | | | | | | long bug summaries are wrapped r/a=dkl | ||||
* | Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵ | Thorsten Schöning | 2016-03-09 | 1 | -2/+2 |
| | | | | | | bug depending or blocking another one r=LpSolit a=dkl | ||||
* | Bug 1234977: Replace \d+ by [0-9]+ in critical validation places | Frédéric Buclin | 2016-03-09 | 5 | -21/+22 |
| | | | | r=dylan a=dkl | ||||
* | IIS instructions work with Windows 10 too | Frédéric Buclin | 2016-03-06 | 1 | -1/+2 |
| | |||||
* | Bug 1250354: The "Forgot password" link should not be displayed if users ↵ | Frédéric Buclin | 2016-02-23 | 1 | -23/+25 |
| | | | | | | are not allowed to change it r/a=dkl | ||||
* | Bug 1250264: Extensions have no easy way to override favicon.ico | Frédéric Buclin | 2016-02-22 | 1 | -1/+2 |
| | | | | r/a=dkl | ||||
* | - task.expires needs to be greater than artifacts.expires | David Lawrence | 2016-02-22 | 1 | -0/+6 |
| | |||||
* | - Update artifact expiration date | David Lawrence | 2016-02-22 | 1 | -12/+12 |
| | |||||
* | Bug 1242263: The web server and SQL server sections are not correctly ↵ | Frédéric Buclin | 2016-02-17 | 5 | -19/+35 |
| | | | | | | referenced in the documentation r=gerv | ||||
* | Travis CI config file no longer necessary | David Lawrence | 2016-02-08 | 1 | -78/+0 |
| | |||||
* | Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵ | Frédéric Buclin | 2016-02-08 | 1 | -1/+1 |
| | | | | | | bugzilla.org r/a=dkl | ||||
* | Bug 1046241: All links to the documentation displayed besides error messages ↵ | Frédéric Buclin | 2016-02-08 | 3 | -79/+77 |
| | | | | | | are broken r=gerv a=dkl | ||||
* | Bug 1240752 - Attachment data submitted via REST API must always be base64 ↵ | David Lawrence | 2016-01-26 | 1 | -4/+2 |
| | | | | | | encoded r=gerv,a=dkl | ||||
* | Bug 1235271: Remove .htaccess from .gitignore | Frédéric Buclin | 2016-01-08 | 1 | -0/+1 |
| | | | | r/a=dkl | ||||
* | Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, ↵ | Frédéric Buclin | 2016-01-07 | 1 | -6/+5 |
| | | | | | | content_disposition, or filename r/a=dkl |