aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1439260: XSS in chart.cgi and report.cgiDave Miller2024-09-031-4/+2
|
* Bug 1813629: Prevent Auth plugins from authenticating usernames with unicode ↵Dave Miller2024-09-031-1/+13
| | | | | variants Co-authored-by: David Lawrence <dkl@mozilla.com>
* [5.0.4] Bug 1852154: Warn admin if end-of-support date is approaching (#191)Dave Miller2024-08-251-1/+44
| | | a=dylan
* Bug 1851352: Email::Address dependency missing (#174)Dave Miller2024-05-111-0/+5
|
* Bug 1851354: blocklist MySQL 8+, offer MariaDB (#141)Dave Miller2024-04-283-15/+57
|
* (no bug) Backout PR #60 - new feature not valid for stable branch (#164)Dave Miller2024-04-282-16/+0
| | | This was accidentally included in the 5.0.4 branch, which should have branched just before this commit. Everything else after it before we did end up branching would have been cherry-picked anyway.
* Bug 1560873: blacklist broken versions of Template-Toolkit (#134)Dave Miller2023-11-181-1/+3
|
* Bug 1786951: Make the update check work on the 5.0.4 branch (#147)Dave Miller2023-11-181-5/+6
| | | | * Bug 1786951: Make the update check work on the 5.0.4 branch
* Fix pod tests by adding documentation (#123)Dylan Hardison2022-10-291-7/+33
| | | | Added documentation for all undocumented functions in Bugzilla::Util. fixed pod syntax as well.
* Bug 1657496: correctly handle MIME type on single-part email. r=eseyman, ↵Dave Miller2022-08-231-3/+4
| | | | a=justdave
* add a new hook: template_after_create (#60)Dylan William Hardison2018-03-212-0/+16
|
* Bumped versions post-releaseDavid Lawrence2018-02-161-1/+1
|
* Bumped version to 5.0.4David Lawrence2018-02-161-1/+1
|
* Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking ↵Dylan William Hardison2018-02-161-0/+64
| | | | | | contents of certain fields due to regex search r=jfearn,a=dylan
* Bug 1301887 - File::Slurp triggers warnings on perl 5.24 (#53)Vitaly Belekhov2018-01-046-25/+42
| | | | | | | | | | * Bug 1301887 - File::Slurp triggers warnings on perl 5.24 and it is recommended to not use it (#21) r=mtyson * Fix for vrite in aa735d4 * Added https://gitweb.gentoo.org/proj/gentoo-bugzilla.git/commit/?id=ca7bfc9c485c959fad2aee1f7c1dbc0fb484553b
* Revert "Bug 1306534 - Crash when pasting UTF8 text as an attachment"Dylan William Hardison2016-10-191-1/+0
| | | | This reverts commit 89cb60fe38a7962c876bce18368db90cedda84eb.
* Bug 1306534 - Crash when pasting UTF8 text as an attachmentMatt Tyson2016-10-111-0/+1
| | | | r=dylan
* nit: wrong method call in Bugzilla::MigrateDylan William Hardison2016-10-081-1/+1
|
* Bug 1300437 - DateTime::TimeZone::offset_as_string called incorrectly (#19)Dylan William Hardison2016-10-082-2/+2
|
* Bug 1303702 - bug history table 'when' column shows 00:00 only using sqliteAndrea Orsini2016-09-191-0/+1
| | | | r/a=dylan
* Bug 1273846 - Checksetup fails to update chart storage during pre-3.6 -> 5.0 ↵Frédéric Buclin2016-05-201-9/+8
| | | | | | upgrade r/a=dkl
* Bumped version post-releaseDavid Lawrence2016-05-161-1/+1
|
* Bumped version to 5.0.3David Lawrence2016-05-161-1/+1
|
* Bug 1259881 - CSV export vulnerable to formulae injection (again)Frédéric Buclin2016-04-251-3/+4
| | | | r=sgreen a=dkl
* Bug 542239 - Accept pronouns everywhere in query.cgiAlbert Ting2016-04-201-1/+2
| | | | r=dkl,a=dkl
* Bug 1246228 - Email addresses must not be encodedFrédéric Buclin2016-04-061-14/+3
| | | | r/a=dkl
* Bug 1261124: When deleting a component, this component is listed againFrédéric Buclin2016-04-051-1/+4
| | | | r/a=dkl
* Bug 1255619: CGI scripts should not send duplicated headersFrédéric Buclin2016-03-211-2/+3
| | | | r/a=dkl
* Bug 1230932: Providing a condition as an ID to the webservice results in a ↵Frédéric Buclin2016-03-193-3/+15
| | | | | | taint error r/a=dkl
* Bug 1250908: "Use of uninitialized value" warning thrown when creating a new ↵Thorsten Schöning2016-03-091-2/+2
| | | | | | bug depending or blocking another one r=LpSolit a=dkl
* Bug 1234977: Replace \d+ by [0-9]+ in critical validation placesFrédéric Buclin2016-03-094-18/+18
| | | | r=dylan a=dkl
* Bug 1246531: REST_DOC should point to bugzilla.readthedocs.org instead of ↵Frédéric Buclin2016-02-081-1/+1
| | | | | | bugzilla.org r/a=dkl
* Bug 1235270: Set submitter_id before calling _check_data()Mahdi Mokhtari2016-01-051-1/+2
| | | | r=LpSolit a=dkl
* Bug 1045782: Existing URLs in the See Also field should not throw an error ↵Frédéric Buclin2016-01-051-2/+3
| | | | | | when the bug is displayed r/a=dkl
* Bug 1235395 - whine.pl broken due to a missing generate_email() routineDylan Hardison2016-01-022-2/+67
| | | | r=lpsolit,a=dylan
* Bumped version post-releaseDavid Lawrence2015-12-221-1/+1
|
* Revert "Add missing use List::MoreUtils"David Lawrence2015-12-221-1/+0
| | | | This reverts commit d4470f34b627bb5a15a0af496db67185a922f4f5.
* Revert "Bug 1230932 - Providing a condition as an ID to the webservice ↵David Lawrence2015-12-223-13/+0
| | | | | | results in a taint error" This reverts commit 396ae88235ef68ed45978dfb36774c5fe9a2d699.
* Add missing use List::MoreUtilsDylan Hardison2015-12-221-0/+1
|
* Bumped version to 5.0.2David Lawrence2015-12-221-1/+1
|
* Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid ↵Dylan Hardison2015-12-221-0/+3
| | | | | | javascript in some browsers r=dkl,a=dkl
* Bug 1230932 - Providing a condition as an ID to the webservice results in a ↵Dylan Hardison2015-12-223-1/+14
| | | | | | taint error r=dkl,a=dkl
* Bug 1232190: FlagType.create should require the user to be logged inFrédéric Buclin2015-12-181-7/+3
| | | | r/a=dkl
* Bug 1232578: Don't save hashed passwords in audit_logFrédéric Buclin2015-12-162-1/+46
| | | | r/a=dkl
* Bug 1232180 - Incorrect regexp used to filter bug IDs in ↵Dylan Hardison2015-12-151-2/+2
| | | | | | Bugzilla::WebService::BugUserLastVisit r=dkl,a=dkl
* Bug 1169181 - The bug_user_last_visit method returns an empty array for old bugsDylan Hardison2015-12-152-16/+13
| | | | r=dkl,a=dkl
* Bug 1160394 - Products.get_products is missing from PUBLIC_METHODS (for ↵Matt Tyson2015-12-161-12/+0
| | | | | | backwards compatibility) r=dkl,a=dkl
* Bug 1219276: Creating a new group fails if a custom extension adds entries ↵Alex Schuilenburg2015-12-021-2/+14
| | | | | | to group_control_map and "insertnew" is selected r=LpSolit a=dkl
* Back out bug 1138463 - data/assets/.htaccess must be fixed tooFrédéric Buclin2015-12-021-12/+2
|
* Back out bug 1138463. This fix is actually incorrect and the bug was ↵Frédéric Buclin2015-12-021-38/+7
| | | | | | correctly fixed by bug 1223790 a=dkl on IRC