aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking ↵Dylan William Hardison2018-02-162-0/+65
| | | | | | contents of certain fields due to regex search r=jfearn,a=dylan
* Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427623 by setting (#57)Quanah Gibson-Mount2018-01-041-0/+1
| | | the priority on import
* Significant update to jb2bz.py. (#58)Quanah Gibson-Mount2018-01-041-56/+65
| | | | | | | | | | | | | | | | | | | | | | | | Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427626 Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427638 Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427664 Convert jb2bz to use "email" module rather than rfc822, multifile, mimetools, and StringIO for easier manipulation of the mailbox objects. This fixed (among other things) 1427626 as the Subject of the email is now obtained correctly. Fix the date formatting throughout to always use UTC, which is what Bugzilla expects for the dates. This fixed 1427638. Fix attachment processing, which was using multifile rather than walking the parts of the email object. This fixed part of 1427664 Fix the fact that the process_reply_file function never checked for attachments in any followups. This fixed part of 1427664 Fix attachment processor to ignore various signatures and message/rfc822 multipart messages. For the latter, it sets "filename=" values to files that don't actually exist, which caused attachment processing to bomb.
* Bug 1301887 - File::Slurp triggers warnings on perl 5.24 (#53)Vitaly Belekhov2018-01-049-28/+44
| | | | | | | | | | * Bug 1301887 - File::Slurp triggers warnings on perl 5.24 and it is recommended to not use it (#21) r=mtyson * Fix for vrite in aa735d4 * Added https://gitweb.gentoo.org/proj/gentoo-bugzilla.git/commit/?id=ca7bfc9c485c959fad2aee1f7c1dbc0fb484553b
* Bug 1398100 - tiny tweaks to release notesGervase Markham2017-09-081-1/+2
|
* Revert "Bug 1306534 - Crash when pasting UTF8 text as an attachment"Dylan William Hardison2016-10-191-1/+0
| | | | This reverts commit 89cb60fe38a7962c876bce18368db90cedda84eb.
* Bug 1310728 - editflagtypes.cgi crashes when classifications are enabled and ↵Frédéric Buclin2016-10-171-1/+1
| | | | | | the user hasn't global editcomponents privs r/a=dkl
* Bug 1306534 - Crash when pasting UTF8 text as an attachmentMatt Tyson2016-10-111-0/+1
| | | | r=dylan
* nit: wrong method call in Bugzilla::MigrateDylan William Hardison2016-10-081-1/+1
|
* Bug 1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19)Dylan William Hardison2016-10-082-2/+2
|
* Bug 1303702 - bug history table 'when' column shows 00:00 only using sqliteAndrea Orsini2016-09-191-0/+1
| | | | r/a=dylan
* - New CI docker image for testingDavid Lawrence2016-09-071-17/+19
|
* Bug 1292510 - replace references to git.mozilla.org with references to ↵Gervase Markham2016-08-057-6/+18
| | | | github. r=dylan
* Fix the default API URLFrédéric Buclin2016-06-011-2/+2
|
* Bug 1269266 - API links for Bugzilla 5+ not working anymoreFrédéric Buclin2016-06-012-6/+5
|
* Bug 1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 ↵Frédéric Buclin2016-05-201-9/+8
| | | | | | upgrade r/a=dkl
* Bumped version post-releaseDavid Lawrence2016-05-161-1/+1
|
* Bumped version to 5.0.3David Lawrence2016-05-161-1/+1
|
* Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency ↵Frédéric Buclin2016-05-161-1/+7
| | | | | | graphs via bug summary r/a=dkl
* Bug 1269388 - Release notes for Bugzilla 5.0.3Frédéric Buclin2016-05-131-0/+34
| | | | r=dkl
* Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if ↵Dylan William Hardison2016-05-131-1/+1
| | | | tab.link is user-controlled
* Add build.platform = linux64, machine.platform = linux64 to taskgraph.json ↵David Lawrence2016-05-021-6/+42
| | | | to remove b2gtest from Treeherder results
* Bug 1259881 - CSV export vulnerable to formulae injection (again)Frédéric Buclin2016-04-251-3/+4
| | | | r=sgreen a=dkl
* Bug 542239 - Accept pronouns everywhere in query.cgiAlbert Ting2016-04-202-2/+3
| | | | r=dkl,a=dkl
* Bug 1232171 - 'make clean' shouldn't delete rst/, images/ and Makefile, only ↵Frédéric Buclin2016-04-151-1/+1
| | | | | | generated files r=gerv
* Email::MIME::Attachment::Stripper is no longer used, see bug 437076Frédéric Buclin2016-04-101-2/+1
|
* Fix an incorrect URL in the documentationFrédéric Buclin2016-04-091-1/+1
|
* Bug 1204957 - Locally compiled POD documentation is no longer accessible ↵Frédéric Buclin2016-04-094-12/+25
| | | | | | from docs/en/html/api/ r=dkl
* Bug 1246228 - Email addresses must not be encodedFrédéric Buclin2016-04-062-14/+4
| | | | r/a=dkl
* Bug 1261124: When deleting a component, this component is listed againFrédéric Buclin2016-04-051-1/+4
| | | | r/a=dkl
* Bug 1260027: Document how to compile the documentation on WindowsFrédéric Buclin2016-04-012-12/+32
| | | | r=gerv
* Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵Frédéric Buclin2016-04-011-16/+12
| | | | | | single application r=gerv
* Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry PerlFrédéric Buclin2016-03-271-0/+1
|
* Bug 1255619: CGI scripts should not send duplicated headersFrédéric Buclin2016-03-214-36/+7
| | | | r/a=dkl
* Bug 1230932: Providing a condition as an ID to the webservice results in a ↵Frédéric Buclin2016-03-194-3/+23
| | | | | | taint error r/a=dkl
* Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵Frédéric Buclin2016-03-151-0/+3
| | | | | | long bug summaries are wrapped r/a=dkl
* Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵Thorsten Schöning2016-03-091-2/+2
| | | | | | bug depending or blocking another one r=LpSolit a=dkl
* Bug 1234977: Replace \d+ by [0-9]+ in critical validation placesFrédéric Buclin2016-03-095-21/+22
| | | | r=dylan a=dkl
* IIS instructions work with Windows 10 tooFrédéric Buclin2016-03-061-1/+2
|
* Bug 1250354: The "Forgot password" link should not be displayed if users ↵Frédéric Buclin2016-02-231-23/+25
| | | | | | are not allowed to change it r/a=dkl
* Bug 1250264: Extensions have no easy way to override favicon.icoFrédéric Buclin2016-02-221-1/+2
| | | | r/a=dkl
* - task.expires needs to be greater than artifacts.expiresDavid Lawrence2016-02-221-0/+6
|
* - Update artifact expiration dateDavid Lawrence2016-02-221-12/+12
|
* Bug 1242263: The web server and SQL server sections are not correctly ↵Frédéric Buclin2016-02-175-19/+35
| | | | | | referenced in the documentation r=gerv
* Travis CI config file no longer necessaryDavid Lawrence2016-02-081-78/+0
|
* Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵Frédéric Buclin2016-02-081-1/+1
| | | | | | bugzilla.org r/a=dkl
* Bug 1046241: All links to the documentation displayed besides error messages ↵Frédéric Buclin2016-02-083-79/+77
| | | | | | are broken r=gerv a=dkl
* Bug 1240752 - Attachment data submitted via REST API must always be base64 ↵David Lawrence2016-01-261-4/+2
| | | | | | encoded r=gerv,a=dkl
* Bug 1235271: Remove .htaccess from .gitignoreFrédéric Buclin2016-01-081-0/+1
| | | | r/a=dkl
* Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, ↵Frédéric Buclin2016-01-071-6/+5
| | | | | | content_disposition, or filename r/a=dkl