Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bug 1439260: XSS in chart.cgi and report.cgi | Dave Miller | 2024-09-03 | 1 | -4/+2 |
| | |||||
* | Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode ↵ | Dave Miller | 2024-09-03 | 1 | -1/+13 |
| | | | | | variants Co-authored-by: David Lawrence <dkl@mozilla.com> | ||||
* | [5.0.4] Bug 1852154: Warn admin if end-of-support date is approaching (#191) | Dave Miller | 2024-08-25 | 1 | -1/+44 |
| | | | a=dylan | ||||
* | Bug 1851352: Email::Address dependency missing (#174) | Dave Miller | 2024-05-11 | 1 | -0/+5 |
| | |||||
* | Bug 1851354: blocklist MySQL 8+, offer MariaDB (#141) | Dave Miller | 2024-04-28 | 3 | -15/+57 |
| | |||||
* | (no bug) Backout PR #60 - new feature not valid for stable branch (#164) | Dave Miller | 2024-04-28 | 2 | -16/+0 |
| | | | This was accidentally included in the 5.0.4 branch, which should have branched just before this commit. Everything else after it before we did end up branching would have been cherry-picked anyway. | ||||
* | Bug 1560873: blacklist broken versions of Template-Toolkit (#134) | Dave Miller | 2023-11-18 | 1 | -1/+3 |
| | |||||
* | Bug 1786951: Make the update check work on the 5.0.4 branch (#147) | Dave Miller | 2023-11-18 | 1 | -5/+6 |
| | | | | * Bug 1786951: Make the update check work on the 5.0.4 branch | ||||
* | Fix pod tests by adding documentation (#123) | Dylan Hardison | 2022-10-29 | 1 | -7/+33 |
| | | | | Added documentation for all undocumented functions in Bugzilla::Util. fixed pod syntax as well. | ||||
* | Bug 1657496: correctly handle MIME type on single-part email. r=eseyman, ↵ | Dave Miller | 2022-08-23 | 1 | -3/+4 |
| | | | | a=justdave | ||||
* | add a new hook: template_after_create (#60) | Dylan William Hardison | 2018-03-21 | 2 | -0/+16 |
| | |||||
* | Bumped versions post-release | David Lawrence | 2018-02-16 | 1 | -1/+1 |
| | |||||
* | Bumped version to 5.0.4 | David Lawrence | 2018-02-16 | 1 | -1/+1 |
| | |||||
* | Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking ↵ | Dylan William Hardison | 2018-02-16 | 1 | -0/+64 |
| | | | | | | contents of certain fields due to regex search r=jfearn,a=dylan | ||||
* | Bug 1301887 - File::Slurp triggers warnings on perl 5.24 (#53) | Vitaly Belekhov | 2018-01-04 | 6 | -25/+42 |
| | | | | | | | | | | * Bug 1301887 - File::Slurp triggers warnings on perl 5.24 and it is recommended to not use it (#21) r=mtyson * Fix for vrite in aa735d4 * Added https://gitweb.gentoo.org/proj/gentoo-bugzilla.git/commit/?id=ca7bfc9c485c959fad2aee1f7c1dbc0fb484553b | ||||
* | Revert "Bug 1306534 - Crash when pasting UTF8 text as an attachment" | Dylan William Hardison | 2016-10-19 | 1 | -1/+0 |
| | | | | This reverts commit 89cb60fe38a7962c876bce18368db90cedda84eb. | ||||
* | Bug 1306534 - Crash when pasting UTF8 text as an attachment | Matt Tyson | 2016-10-11 | 1 | -0/+1 |
| | | | | r=dylan | ||||
* | nit: wrong method call in Bugzilla::Migrate | Dylan William Hardison | 2016-10-08 | 1 | -1/+1 |
| | |||||
* | Bug 1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19) | Dylan William Hardison | 2016-10-08 | 2 | -2/+2 |
| | |||||
* | Bug 1303702 - bug history table 'when' column shows 00:00 only using sqlite | Andrea Orsini | 2016-09-19 | 1 | -0/+1 |
| | | | | r/a=dylan | ||||
* | Bug 1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 ↵ | Frédéric Buclin | 2016-05-20 | 1 | -9/+8 |
| | | | | | | upgrade r/a=dkl | ||||
* | Bumped version post-release | David Lawrence | 2016-05-16 | 1 | -1/+1 |
| | |||||
* | Bumped version to 5.0.3 | David Lawrence | 2016-05-16 | 1 | -1/+1 |
| | |||||
* | Bug 1259881 - CSV export vulnerable to formulae injection (again) | Frédéric Buclin | 2016-04-25 | 1 | -3/+4 |
| | | | | r=sgreen a=dkl | ||||
* | Bug 542239 - Accept pronouns everywhere in query.cgi | Albert Ting | 2016-04-20 | 1 | -1/+2 |
| | | | | r=dkl,a=dkl | ||||
* | Bug 1246228 - Email addresses must not be encoded | Frédéric Buclin | 2016-04-06 | 1 | -14/+3 |
| | | | | r/a=dkl | ||||
* | Bug 1261124: When deleting a component, this component is listed again | Frédéric Buclin | 2016-04-05 | 1 | -1/+4 |
| | | | | r/a=dkl | ||||
* | Bug 1255619: CGI scripts should not send duplicated headers | Frédéric Buclin | 2016-03-21 | 1 | -2/+3 |
| | | | | r/a=dkl | ||||
* | Bug 1230932: Providing a condition as an ID to the webservice results in a ↵ | Frédéric Buclin | 2016-03-19 | 3 | -3/+15 |
| | | | | | | taint error r/a=dkl | ||||
* | Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵ | Thorsten Schöning | 2016-03-09 | 1 | -2/+2 |
| | | | | | | bug depending or blocking another one r=LpSolit a=dkl | ||||
* | Bug 1234977: Replace \d+ by [0-9]+ in critical validation places | Frédéric Buclin | 2016-03-09 | 4 | -18/+18 |
| | | | | r=dylan a=dkl | ||||
* | Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵ | Frédéric Buclin | 2016-02-08 | 1 | -1/+1 |
| | | | | | | bugzilla.org r/a=dkl | ||||
* | Bug 1235270: Set submitter_id before calling _check_data() | Mahdi Mokhtari | 2016-01-05 | 1 | -1/+2 |
| | | | | r=LpSolit a=dkl | ||||
* | Bug 1045782: Existing URLs in the See Also field should not throw an error ↵ | Frédéric Buclin | 2016-01-05 | 1 | -2/+3 |
| | | | | | | when the bug is displayed r/a=dkl | ||||
* | Bug 1235395 - whine.pl broken due to a missing generate_email() routine | Dylan Hardison | 2016-01-02 | 2 | -2/+67 |
| | | | | r=lpsolit,a=dylan | ||||
* | Bumped version post-release | David Lawrence | 2015-12-22 | 1 | -1/+1 |
| | |||||
* | Revert "Add missing use List::MoreUtils" | David Lawrence | 2015-12-22 | 1 | -1/+0 |
| | | | | This reverts commit d4470f34b627bb5a15a0af496db67185a922f4f5. | ||||
* | Revert "Bug 1230932 - Providing a condition as an ID to the webservice ↵ | David Lawrence | 2015-12-22 | 3 | -13/+0 |
| | | | | | | results in a taint error" This reverts commit 396ae88235ef68ed45978dfb36774c5fe9a2d699. | ||||
* | Add missing use List::MoreUtils | Dylan Hardison | 2015-12-22 | 1 | -0/+1 |
| | |||||
* | Bumped version to 5.0.2 | David Lawrence | 2015-12-22 | 1 | -1/+1 |
| | |||||
* | Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid ↵ | Dylan Hardison | 2015-12-22 | 1 | -0/+3 |
| | | | | | | javascript in some browsers r=dkl,a=dkl | ||||
* | Bug 1230932 - Providing a condition as an ID to the webservice results in a ↵ | Dylan Hardison | 2015-12-22 | 3 | -1/+14 |
| | | | | | | taint error r=dkl,a=dkl | ||||
* | Bug 1232190: FlagType.create should require the user to be logged in | Frédéric Buclin | 2015-12-18 | 1 | -7/+3 |
| | | | | r/a=dkl | ||||
* | Bug 1232578: Don't save hashed passwords in audit_log | Frédéric Buclin | 2015-12-16 | 2 | -1/+46 |
| | | | | r/a=dkl | ||||
* | Bug 1232180 - Incorrect regexp used to filter bug IDs in ↵ | Dylan Hardison | 2015-12-15 | 1 | -2/+2 |
| | | | | | | Bugzilla::WebService::BugUserLastVisit r=dkl,a=dkl | ||||
* | Bug 1169181 - The bug_user_last_visit method returns an empty array for old bugs | Dylan Hardison | 2015-12-15 | 2 | -16/+13 |
| | | | | r=dkl,a=dkl | ||||
* | Bug 1160394 - Products.get_products is missing from PUBLIC_METHODS (for ↵ | Matt Tyson | 2015-12-16 | 1 | -12/+0 |
| | | | | | | backwards compatibility) r=dkl,a=dkl | ||||
* | Bug 1219276: Creating a new group fails if a custom extension adds entries ↵ | Alex Schuilenburg | 2015-12-02 | 1 | -2/+14 |
| | | | | | | to group_control_map and "insertnew" is selected r=LpSolit a=dkl | ||||
* | Back out bug 1138463 - data/assets/.htaccess must be fixed too | Frédéric Buclin | 2015-12-02 | 1 | -12/+2 |
| | |||||
* | Back out bug 1138463. This fix is actually incorrect and the bug was ↵ | Frédéric Buclin | 2015-12-02 | 1 | -38/+7 |
| | | | | | | correctly fixed by bug 1223790 a=dkl on IRC |