Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bug 1075578: [SECURITY] Improper filtering of CGI arguments | Frédéric Buclin | 2014-10-06 | 1 | -1/+1 |
| | | | | r=dkl,a=sgreen | ||||
* | Fix bustage due to bug 1061247 | Frédéric Buclin | 2014-10-01 | 1 | -0/+1 |
| | |||||
* | Bug 1061247 - Successfully using a password change token should invalidate ↵ | Reed Loden | 2014-09-30 | 1 | -0/+2 |
| | | | | | | all other password change tokens for that user r=gerv a=glob | ||||
* | Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modules | Frédéric Buclin | 2014-08-13 | 1 | -1/+3 |
| | | | | r=dkl a=sgreen | ||||
* | Bug 1046145: It is no longer possible to cancel an email address change when ↵ | Frédéric Buclin | 2014-08-06 | 1 | -1/+1 |
| | | | | | | this one has already been confirmed r=dkl a=sgreen | ||||
* | Bug 947823: Replace gender-specific pronouns with gender-neutral pronouns | Charlie Somerville | 2014-02-27 | 1 | -2/+2 |
| | | | | r=gerv a=justdave | ||||
* | Bug 878035: Do not disclose whether a user account exists or not when a user ↵ | Frédéric Buclin | 2013-06-06 | 1 | -3/+4 |
| | | | | | | clicks "forgot password" r=dkl a=LpSolit | ||||
* | Bug 787529: Use |use 5.10.1| everywhere | Frédéric Buclin | 2012-09-01 | 1 | -0/+1 |
| | | | | r=wicked a=LpSolit | ||||
* | Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized ↵ | Frédéric Buclin | 2012-08-06 | 1 | -0/+5 |
| | | | | | | password reset e-mail request r=reed a=LpSolit | ||||
* | Bug 355596: Your password should be requested to confirm your email address ↵ | Koosha Khajeh Moogahi | 2012-05-28 | 1 | -5/+11 |
| | | | | | | change r/a=LpSolit | ||||
* | Bug 752303: It is no longer possible to cancel an email address change when ↵ | Koosha Khajeh Moogahi | 2012-05-18 | 1 | -14/+5 |
| | | | | | | this one has already been confirmed r/a=LpSolit | ||||
* | Bug 319953: Missing real email syntax check | Frédéric Buclin | 2012-01-23 | 1 | -3/+1 |
| | | | | r=glob a=LpSolit | ||||
* | Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵ | Frédéric Buclin | 2012-01-11 | 1 | -20/+5 |
| | | | | | | add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit | ||||
* | Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email ↵ | Frédéric Buclin | 2011-12-28 | 1 | -0/+4 |
| | | | | | | WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account r=glob a=LpSolit | ||||
* | Fix complains from 012throwables.t due to bug 677901 | Frédéric Buclin | 2011-08-16 | 1 | -8/+9 |
| | |||||
* | Bug 677901: Bugzilla crashes when no token is passed to token.cgi but the ↵ | Frédéric Buclin | 2011-08-16 | 1 | -161/+101 |
| | | | | | | script expects one, because tokens are incorrectly validated r/a=mkanat | ||||
* | Bug 658929 - User autocomplete is very slow when there are lots of users in ↵ | David Lawrence | 2011-07-05 | 1 | -1/+1 |
| | | | | | | the profiles table r/a=mkanat | ||||
* | Bug 565879: Merge ThrowCodeError("action_unrecognized"), ↵ | Frédéric Buclin | 2010-05-20 | 1 | -5/+2 |
| | | | | | | ThrowUserError("no_valid_action") and ThrowCodeError("unknown_action") r=ghendricks a=LpSolit | ||||
* | Bug 514913: Eliminate ssl="authenticated sessions" | mkanat%bugzilla.org | 2009-10-09 | 1 | -8/+0 |
| | | | | Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | ||||
* | Bug 508189: (CVE-2009-3166) [SECURITY] Logging in after changing your ↵ | mkanat%bugzilla.org | 2009-09-11 | 1 | -0/+4 |
| | | | | | | password would expose your new password in the URL Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat | ||||
* | Bug 349336: Automatically log in the user when he chooses his password to ↵ | lpsolit%gmail.com | 2009-08-11 | 1 | -2/+6 |
| | | | | create his new account - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat | ||||
* | 496856 - correct patch | bbaetz%acm.org | 2009-06-12 | 1 | -1/+1 |
| | | | | (original patch r/a=mkanat) | ||||
* | Bug 496856 - Fix token.cgi transaction handling | bbaetz%acm.org | 2009-06-10 | 1 | -5/+9 |
| | |||||
* | Bug 452519: Fix timezones in emails - Patch by Frédéric Buclin ↵ | lpsolit%gmail.com | 2009-01-08 | 1 | -1/+2 |
| | | | | <LpSolit@gmail.com> r=wicked a=LpSolit | ||||
* | Bug 455814: token.cgi should reject password change requests for disabled ↵ | lpsolit%gmail.com | 2008-09-20 | 1 | -0/+6 |
| | | | | accounts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=ghendricks a=LpSolit | ||||
* | Bug 455815: Remove global variables from token.cgi - Patch by Frédéric ↵ | lpsolit%gmail.com | 2008-09-19 | 1 | -65/+70 |
| | | | | Buclin <LpSolit@gmail.com> r/a=mkanat | ||||
* | Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵ | dkl%redhat.com | 2008-08-18 | 1 | -2/+3 |
| | | | | | | | protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat | ||||
* | Backing out these patches as they cause a regression. More information | dkl%redhat.com | 2008-07-29 | 1 | -3/+5 |
| | | | | | | | | | | | in the respective bug reports. Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | ||||
* | Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵ | dkl%redhat.com | 2008-07-10 | 1 | -5/+3 |
| | | | | | | protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat | ||||
* | Bug 405946: Some emails are not sent in the language chosen by the addressee ↵ | lpsolit%gmail.com | 2008-04-02 | 1 | -11/+7 |
| | | | | - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit | ||||
* | Bug 403834: Replace table locks with database transactions in tokens, votes, ↵ | lpsolit%gmail.com | 2007-11-19 | 1 | -8/+4 |
| | | | | and sanitycheck - Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat | ||||
* | Bug 399954: Make Bugzilla able to hold its dependencies in a local directory | mkanat%bugzilla.org | 2007-10-19 | 1 | -1/+1 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | ||||
* | Bug 238651 (a&b) Include the login name (in <code>) for "account_inexistent" ↵ | timeless%mozdev.org | 2007-07-23 | 1 | -1/+1 |
| | | | | | | error r=lpsolit a=lpsolit | ||||
* | Bug 365472 rename 'token_inexistent' to 'token_does_not_exist' or something | timeless%mozdev.org | 2007-07-10 | 1 | -1/+1 |
| | | | | r=lpsolit a=lpsolit | ||||
* | Bug 366466 - "flag notification mail has canceled spelled incorrectly" ↵ | reed%reedloden.com | 2007-03-11 | 1 | -5/+5 |
| | | | | [p=reed r=timeless a=mkanat] | ||||
* | Bug 340538: Insecure dependency in exec while running with -T switch at ↵ | wurblzap%gmail.com | 2006-10-21 | 1 | -20/+20 |
| | | | | | | | /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk | ||||
* | Bug 281181: [SECURITY] It's way too easy to delete ↵ | lpsolit%gmail.com | 2006-10-15 | 1 | -1/+1 |
| | | | | versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 349349: Use ->create from Bugzilla::Object instead of insert_new_user ↵ | mkanat%bugzilla.org | 2006-08-26 | 1 | -25/+7 |
| | | | | | | for Bugzilla::User Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | ||||
* | Bug 87795: Creating an account should send token and wait for confirmation ↵ | lpsolit%gmail.com | 2006-08-20 | 1 | -0/+87 |
| | | | | (prevent user account abuse) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=bkor a=myk | ||||
* | Bug 173629: Clean up "my" variable scoping issues for mod_perl | mkanat%bugzilla.org | 2006-07-06 | 1 | -3/+3 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | ||||
* | Bug 282121: Remove globals.pl from scripts that no longer use it - Patch by ↵ | lpsolit%gmail.com | 2006-06-21 | 1 | -9/+3 |
| | | | | Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Spelling in code comments patch: 'methids' -> 'methods'; patch by Vlad ↵ | vladd%bugzilla.org | 2006-06-19 | 1 | -1/+1 |
| | | | | Dascalu <vladd@bugzilla.org>. | ||||
* | Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN block | mkanat%bugzilla.org | 2006-05-12 | 1 | -1/+1 |
| | | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | ||||
* | Bug 332598: Move ValidatePassword() and DBNameToIdAndCheck() from globals.pl ↵ | lpsolit%gmail.com | 2006-05-08 | 1 | -2/+2 |
| | | | | into User.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 312157: Remove $::template and $::vars from globals.pl - Patch by Olav ↵ | lpsolit%gmail.com | 2005-10-25 | 1 | -4/+4 |
| | | | | Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave | ||||
* | Bug 312307: Misused Throw*Error tags in code and templates - Patch by Dennis ↵ | lpsolit%gmail.com | 2005-10-24 | 1 | -4/+2 |
| | | | | Melentyev <dennis.melentyev@infopulse.com.ua> r=LpSolit a=justdave | ||||
* | Bug 303697: Eliminate deprecated Bugzilla::DB routines from token.cgi - ↵ | lpsolit%gmail.com | 2005-10-12 | 1 | -40/+42 |
| | | | | Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave | ||||
* | Bug 304583: Remove all remaining need to rederive inherited groups | bugreport%peshkin.net | 2005-08-19 | 1 | -2/+2 |
| | | | | | Patch by Joel Peshkin <bugreport@peshkin.net> r=mkanat, a=justdave | ||||
* | Bug 304653: remove 'use Bugzilla::Error' from Util.pm - Patch by Frédéric ↵ | lpsolit%gmail.com | 2005-08-16 | 1 | -3/+4 |
| | | | | Buclin <LpSolit@gmail.com> r=mkanat a=myk | ||||
* | Bug 301508: Remove CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> ↵ | lpsolit%gmail.com | 2005-08-10 | 1 | -1/+1 |
| | | | | r=mkanat,wicked a=justdave |