aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Bug 1200010: The Quick Start doc should stop assuming Bugzilla is your ↵Frédéric Buclin2016-04-011-16/+12
| | | | | | single application r=gerv
* Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry PerlFrédéric Buclin2016-03-271-0/+1
|
* Bug 1255619: CGI scripts should not send duplicated headersFrédéric Buclin2016-03-214-36/+7
| | | | r/a=dkl
* Bug 1230932: Providing a condition as an ID to the webservice results in a ↵Frédéric Buclin2016-03-194-3/+23
| | | | | | taint error r/a=dkl
* Bug 1253267: Possible DOT injection vulnerability in dependency graphs if ↵Frédéric Buclin2016-03-151-0/+3
| | | | | | long bug summaries are wrapped r/a=dkl
* Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵Thorsten Schöning2016-03-091-2/+2
| | | | | | bug depending or blocking another one r=LpSolit a=dkl
* Bug 1234977: Replace \d+ by [0-9]+ in critical validation placesFrédéric Buclin2016-03-095-21/+22
| | | | r=dylan a=dkl
* IIS instructions work with Windows 10 tooFrédéric Buclin2016-03-061-1/+2
|
* Bug 1250354: The "Forgot password" link should not be displayed if users ↵Frédéric Buclin2016-02-231-23/+25
| | | | | | are not allowed to change it r/a=dkl
* Bug 1250264: Extensions have no easy way to override favicon.icoFrédéric Buclin2016-02-221-1/+2
| | | | r/a=dkl
* - task.expires needs to be greater than artifacts.expiresDavid Lawrence2016-02-221-0/+6
|
* - Update artifact expiration dateDavid Lawrence2016-02-221-12/+12
|
* Bug 1242263: The web server and SQL server sections are not correctly ↵Frédéric Buclin2016-02-175-19/+35
| | | | | | referenced in the documentation r=gerv
* Travis CI config file no longer necessaryDavid Lawrence2016-02-081-78/+0
|
* Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵Frédéric Buclin2016-02-081-1/+1
| | | | | | bugzilla.org r/a=dkl
* Bug 1046241: All links to the documentation displayed besides error messages ↵Frédéric Buclin2016-02-083-79/+77
| | | | | | are broken r=gerv a=dkl
* Bug 1240752 - Attachment data submitted via REST API must always be base64 ↵David Lawrence2016-01-261-4/+2
| | | | | | encoded r=gerv,a=dkl
* Bug 1235271: Remove .htaccess from .gitignoreFrédéric Buclin2016-01-081-0/+1
| | | | r/a=dkl
* Bug 402039: Exporting CSV from chart.cgi doesn't set mimetype, ↵Frédéric Buclin2016-01-071-6/+5
| | | | | | content_disposition, or filename r/a=dkl
* Bug 324242: Unsetting shutdownhtml requires too much intimate knowledgeFrédéric Buclin2016-01-071-2/+9
| | | | r/a=dkl
* Addl. fix for bug 1089448: also detaint $ENV{WINDIR} on WindowsFrédéric Buclin2016-01-071-1/+1
|
* Bug 1235270: Set submitter_id before calling _check_data()Mahdi Mokhtari2016-01-051-1/+2
| | | | r=LpSolit a=dkl
* Bug 1045782: Existing URLs in the See Also field should not throw an error ↵Frédéric Buclin2016-01-051-2/+3
| | | | | | when the bug is displayed r/a=dkl
* Bug 1191706: When editing flag types, components do not match the selected ↵Frédéric Buclin2016-01-047-86/+51
| | | | | | product when classifications are enabled r/a=dkl
* Bug 1235395 - whine.pl broken due to a missing generate_email() routineDylan Hardison2016-01-022-2/+67
| | | | r=lpsolit,a=dylan
* Bug 1235271: Remove .htaccess from .gitignoreFrédéric Buclin2015-12-292-2/+0
| | | | r/a=dkl
* Bug 1235415: Use "AllowOverride All" everywhereFrédéric Buclin2015-12-281-1/+1
|
* Bumped version post-releaseDavid Lawrence2015-12-221-1/+1
|
* Revert "Add missing use List::MoreUtils"David Lawrence2015-12-221-1/+0
| | | | This reverts commit d4470f34b627bb5a15a0af496db67185a922f4f5.
* Revert "Bug 1230932 - Providing a condition as an ID to the webservice ↵David Lawrence2015-12-224-20/+0
| | | | | | results in a taint error" This reverts commit 396ae88235ef68ed45978dfb36774c5fe9a2d699.
* Add missing use List::MoreUtilsDylan Hardison2015-12-221-0/+1
|
* Bumped version to 5.0.2David Lawrence2015-12-221-1/+1
|
* Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid ↵Dylan Hardison2015-12-221-0/+3
| | | | | | javascript in some browsers r=dkl,a=dkl
* Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when ↵Frédéric Buclin2015-12-221-5/+8
| | | | | | displaying the bug summary r=gerv a=dkl
* Bug 1230932 - Providing a condition as an ID to the webservice results in a ↵Dylan Hardison2015-12-224-1/+21
| | | | | | taint error r=dkl,a=dkl
* Update release notesFrédéric Buclin2015-12-221-1/+1
|
* Bug 1234056: The "Create Comments" documentation incorrectly mentions that ↵Frédéric Buclin2015-12-211-5/+0
| | | | | | you can add a comment to several bugs at once r/a=dkl
* Need to uncomment another line in httpd.conf, see bug 1207582Frédéric Buclin2015-12-211-1/+2
|
* Bug 1232190: FlagType.create should require the user to be logged inFrédéric Buclin2015-12-181-7/+3
| | | | r/a=dkl
* Bug 1232578: Don't save hashed passwords in audit_logFrédéric Buclin2015-12-162-1/+46
| | | | r/a=dkl
* Product.get_products is no longer supported, see bug 1160394Frédéric Buclin2015-12-161-3/+4
|
* Bug 1232180 - Incorrect regexp used to filter bug IDs in ↵Dylan Hardison2015-12-151-2/+2
| | | | | | Bugzilla::WebService::BugUserLastVisit r=dkl,a=dkl
* Bug 1169181 - The bug_user_last_visit method returns an empty array for old bugsDylan Hardison2015-12-152-16/+13
| | | | r=dkl,a=dkl
* Bug 1160394 - Products.get_products is missing from PUBLIC_METHODS (for ↵Matt Tyson2015-12-161-12/+0
| | | | | | backwards compatibility) r=dkl,a=dkl
* Release notes for Bugzilla 5.0.2Frédéric Buclin2015-12-111-0/+27
| | | | r=dkl
* Email::Send is no longer usedFrédéric Buclin2015-12-101-5/+3
|
* Bug 1219276: Creating a new group fails if a custom extension adds entries ↵Alex Schuilenburg2015-12-022-9/+15
| | | | | | to group_control_map and "insertnew" is selected r=LpSolit a=dkl
* Back out bug 1138463 - data/assets/.htaccess must be fixed tooFrédéric Buclin2015-12-021-12/+2
|
* Back out bug 1138463. This fix is actually incorrect and the bug was ↵Frédéric Buclin2015-12-022-44/+8
| | | | | | correctly fixed by bug 1223790 a=dkl on IRC
* Bug 1227455 - Multiselect parameters (type 'm') are not read correctly from ↵Pami Ketolainen2015-11-252-2/+11
| | | | | | the new JSON storage format r/a=dkl