aboutsummaryrefslogtreecommitdiffstats
path: root/attachment.cgi
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking ↵Dylan William Hardison2018-02-161-0/+1
| | | | | | contents of certain fields due to regex search r=jfearn,a=dylan
* Bug 1246228 - Email addresses must not be encodedFrédéric Buclin2016-04-061-0/+1
| | | | r/a=dkl
* Revert "Bug 1073264 - allow attachment download to be offloaded to the ↵Gervase Markham2014-10-241-17/+1
| | | | | | webserver using X-SendFile or equivalent. r=gerv, a=glob." Morning brain thought this bug was approved for 5.0. This reverts commit 55e8faeed19ff618483cb5803847bdba6c80c752.
* Bug 1073264 - allow attachment download to be offloaded to the webserver ↵Damien Nozay2014-10-241-1/+17
| | | | using X-SendFile or equivalent. r=gerv, a=glob.
* Bug 1068494: Remove CVS/Bonsai/LXR-specific bits of Patch ViewerFrédéric Buclin2014-10-161-18/+2
| | | | r=gerv a=glob
* Bug 1082887: comments made when setting a flag from the attachment details ↵Byron Jones2014-10-161-53/+59
| | | | | | page are not included in the "flag updated" email r=dkl,a=glob
* Bug 1075578: [SECURITY] Improper filtering of CGI argumentsFrédéric Buclin2014-10-061-4/+6
| | | | r=dkl,a=sgreen
* Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modulesFrédéric Buclin2014-08-131-1/+3
| | | | r=dkl a=sgreen
* Bug 294021: Allow requestees to set attachment flags even if they don't have ↵Frédéric Buclin2014-03-211-3/+25
| | | | | | editbugs privs r=gerv a=justdave
* Bug 913904: (CVE-2013-1734) [SECURITY] CSRF when updating attachmentsFrédéric Buclin2013-10-161-7/+10
| | | | r=dkl a=sgreen
* Bug 811280: Adds a caching mechanism to Bugzilla::Object to avoid querying ↵Byron Jones2012-11-221-3/+3
| | | | | | the database repeatedly for the same information r=dkl,a=LpSolit
* Bug 803600: Clean up the comment generated when deleting attachmentsFrédéric Buclin2012-10-191-1/+0
| | | | r=justdave a=LpSolit
* Bug 787529: Use |use 5.10.1| everywhereFrédéric Buclin2012-09-011-12/+1
| | | | r=wicked a=LpSolit
* Bug 771107 - List of attachments in attachment details screen does not ↵Dave Lawrence2012-07-231-2/+0
| | | | | | distinguish obsolete attachments r=glob, a=LpSolit
* Bug 138546: Add a checkbox to add himself to the CC list when creating or ↵Reed Loden2012-06-261-0/+4
| | | | | | editing an attachment r/a=LpSolit
* Bug 671612: Send "X-Content-Type-Options: nosniff" with every responseMatt Selsky2012-05-291-2/+1
| | | | r/a=LpSolit
* 2nd part of bug 731559: fix get_attachments_by_bug() everywhereFrédéric Buclin2012-03-061-3/+2
| | | | a=LpSolit
* Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin2012-01-111-28/+5
| | | | | | add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
* Bug 169752: Activity log should fuse data fields split because they didn't fitFrédéric Buclin2011-12-141-2/+1
| | | | r=glob a=LpSolit
* Bug 684225: The removal of locally stored attachments should be done from ↵c1541@hotmail.com2011-12-081-4/+0
| | | | | | Bugzilla::Attachment->remove_from_db r/a=LpSolit
* Bug 703983 - CSRF vulnerability in attachment.cgi allows possible ↵Reed Loden2011-11-211-28/+5
| | | | | | unauthorized attachment creation [r=LpSolit a=LpSolit]
* Bug 682822: Hide 'obsolete attachments' section when there are none to displayByron Jones2011-09-021-30/+41
| | | | r=LpSolit, a=LpSolit
* Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause ↵Byron Jones2011-08-041-30/+99
| | | | | | XSS on this domain in IE 6-8 and Safari r/a=LpSolit
* Bug 653404: Misleading error message when file to be attached is not ↵Frédéric Buclin2011-04-281-1/+4
| | | | | | readable by browser r/a=LpSolit
* Bug 633776: Automatic charset detection for text attachmentsByron Jones2011-03-091-1/+7
| | | | r=mkanat, a=mkanat
* Bug 607361: Creating an attachment without a "comment" param in the URL ↵Frédéric Buclin2010-10-261-1/+2
| | | | | | causes an internal error a=LpSolit
* Bug 414509: offer View All (non obsolete) attachmentsGuy Pyrzak2010-10-021-0/+5
| | | | r=LpSolit, a=LpSolit
* Bug 584110: Don't name attachment files "attachment.txt" by default, because ↵Frédéric Buclin2010-08-041-1/+1
| | | | | | this confuses IE a=LpSolit
* Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying ↵Reed Loden2010-08-031-1/+2
| | | | | | attachments so IE8 doesn't try to sniff the content type. [r=LpSolit a=LpSolit]
* Bug 119703: Create an attachment by pasting it into a text fieldFrédéric Buclin2010-07-181-3/+2
| | | | r/a=mkanat
* Bug 490930: Always store attachments locally if they are over X size (and ↵Frédéric Buclin2010-07-081-1/+0
| | | | | | below some threshold!), don't ever display "Big File" checkbox r=mkanat a=LpSolit
* Bug 567846: Modify set_status, set_resolution, and set_dup_id to useMax Kanat-Alexander2010-06-031-1/+1
| | | | VALIDATOR_DEPENDENCIES, so that they don't need custom code in set_all.
* Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵Frédéric Buclin2010-05-201-1/+1
| | | | | | ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit
* Bug 560281: Do not display deleted attachments in "View All"Frédéric Buclin2010-05-171-0/+2
| | | | a=LpSolit
* Bug 395451 - "Bugzilla::BugMail needs to use Bug objects internally instead ↵Reed Loden2010-05-061-3/+3
| | | | | | of direct SQL" [r=mkanat a=mkanat]
* Bug 560009: Use firstidx from List::MoreUtils instead of lsearchMax Kanat-Alexander2010-04-221-4/+2
| | | | r=timello, a=mkanat
* Bug 556429: Stop sending bugmail from inside the templateMax Kanat-Alexander2010-04-051-4/+9
| | | | r=LpSolit, a=LpSolit
* Bug 365926: Serve attachments without an explicit charset, and let the browserMax Kanat-Alexander2010-03-281-0/+8
| | | | | decide which charset to use r=LpSolit, a=LpSolit
* Bug 532518: Credentials are not checked correctly when viewing one ↵lpsolit%gmail.com2009-12-301-21/+28
| | | | attachment from another bug's alternate host - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
* Bug 162060: Remove the relationship between "votestoconfirm" and whether or ↵mkanat%bugzilla.org2009-12-171-1/+2
| | | | | | not the UNCONFIRMED status is available, by adding a checkbox to enable the UNCONFIRMED status in editproducts.cgi. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 526734: Allow localization of the "From update of attachment" string in ↵mkanat%bugzilla.org2009-12-131-7/+5
| | | | | | comments Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 452919: Allow the "created an attachment" message in comments to be ↵mkanat%bugzilla.org2009-12-041-5/+4
| | | | | | localized Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 523495: Re-work attachment.cgi and the general attachment_base-checking ↵mkanat%bugzilla.org2009-10-241-11/+12
| | | | | | code to prevent an infinite redirect loop when ssl_redirect is on and Bugzilla has an attachment_base set. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 509053: Implement Bugzilla->feature (feature_enabled in the templates), ↵mkanat%bugzilla.org2009-09-301-6/+0
| | | | | | and use it to detect when PatchReader is available. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 328628: When attachments have UTF-8 characters in their name, they will ↵mkanat%bugzilla.org2009-09-301-0/+7
| | | | | | now be downloaded with the correct name. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=Wurblzap, a=mkanat
* Bug 140999: Users without edit permissions for an attachment should still be ↵lpsolit%gmail.com2009-09-281-37/+45
| | | | able to make comments - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
* Bug 509045: Make "use_keywords" a global template variable instead of having ↵mkanat%bugzilla.org2009-08-111-3/+0
| | | | | | to pass it to templates all the time Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 305993: The requestee field may be omitted even when a requestee is ↵lpsolit%gmail.com2009-08-061-2/+8
| | | | already set - Patch by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
* Bug 415541: Implement $bug->set_flags() and $attachment->set_flags() - Patch ↵lpsolit%gmail.com2009-08-051-34/+15
| | | | by Frédéric Buclin <LpSolit@gmail.com> a=LpSolit
* Bug 486685: MIME type override for attachments lost in HTTP redirect - Patch ↵lpsolit%gmail.com2009-04-151-0/+4
| | | | by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit