Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mantisbt/mantisbt
base: 3e17066
Choose a base ref
...
head repository: mantisbt/mantisbt
compare: 544e76d
Choose a head ref
  • 9 commits
  • 14 files changed
  • 6 contributors

Commits on Sep 18, 2010

  1. Fix #12366: file_api uses old style calls to db_get_table 

    file_api uses some old style calls to db_get_table(..), similar to:
db_get_table( 'mantis_bug_file_table' )

Instead of the newer argument format:
db_get_table( 'bug_file' );

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
    @davidhicks
    Tamás Gulácsi authored and davidhicks committed Sep 18, 2010
    Copy the full SHA
    d8a4c2f View commit details
    Browse the repository at this point in the history

  2. Fix #12344: manage_user_page.php: changing page resets sort criteria 

    When a user navigates to a different page of the search results the
current sort criteria are forgotten.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
    @atrol @davidhicks
    atrol authored and davidhicks committed Sep 18, 2010
    Copy the full SHA
    efb50eb View commit details
    Browse the repository at this point in the history

  3. Fix #12362: Redirect users to tag management page after deleting a tag 

    Users who have permission to delete tags also have access to the tag
management page. Therefore it makes more sense to redirect users to the
tag management page than their default MantisBT start page upon deletion
of a tag.
    @davidhicks
    davidhicks committed Sep 18, 2010
    Copy the full SHA
    8ce72fe View commit details
    Browse the repository at this point in the history

  4. Fix #12363: Billing report end date not included in range 

    The end date of a billing report page is not included in the range of
issues parsed by the report.

This is due to a bug inside bugnote_stats_get_project_array(..) of
bugnote_api.php that misinterprets the PHP documentation of how the
strtotime() function operates.
    @davidhicks
    davidhicks committed Sep 18, 2010
    Copy the full SHA
    db2b007 View commit details
    Browse the repository at this point in the history

  5. Fix #7328: ini_get_number uses wrong postfix multipliers 

    The ini_get_number function currently uses the wrong postfix multipliers
when determining the integer value of configuration options from
php.ini.

The PHP manual clearly states that k = kibibyte instead of k = kilobyte
as per
http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes

Thus we need to change the postfix multipliers to reflect what the PHP
manual defines for php.ini.

Thanks to Morgan Parry for providing a patch to this issue just over 4
years ago. And thanks to Roland Becker for bumping up old issues like
this one that have been forgotten in the past.
    @davidhicks
    davidhicks committed Sep 18, 2010
    Copy the full SHA
    e959999 View commit details
    Browse the repository at this point in the history

  6. Fix #12286: Sub projects not included in advanced filter ALL PROJECTS 

    When advanced filter "Project" is set to "All Projects" sub projects are
excluded from the results returned by the filter. These sub projects
should be included.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
    @djuntgen @davidhicks
    djuntgen authored and davidhicks committed Sep 18, 2010
    Copy the full SHA
    c4d7ca4 View commit details
    Browse the repository at this point in the history

  7. Fix #9338: CSV export does not escape all characters 

    Changed escaping method (strings could be escaped twice).

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
    @davidhicks
    Stéphane Veyret authored and davidhicks committed Sep 18, 2010
    Copy the full SHA
    0f120c9 View commit details
    Browse the repository at this point in the history

  8. Issue #12368: Remove input side XSS validation of user real names 

    XSS issues should be handled on the output side of MantisBT rather than
on the input side. The user real name field was being validated on the
input side which is poor design due to the many number of ways in which
a user real name could change (SOAP API, XML import, web interface,
external scripts, plugins, etc). Furthermore different output interfaces
(XML, CSS, XHTML, etc) require different sanitisation and escaping
methods.

Thus we should remove the input side XSS validation of the user real
name field so that we allow ANY characters to be used in this field
(except 0x00 of course). Our existing output layers already handle XSS
sanitisation of variables such as the real name field.
    @davidhicks
    davidhicks committed Sep 18, 2010
    Copy the full SHA
    01d2ffa View commit details
    Browse the repository at this point in the history

  9. Fix #11299: Custom menu links should be sanitised before output 

    If an administrator defines custom menu links (consisting of a caption
and URL) then these values should be escaped of special HTML characters
before being printed into the menu. This XSS issue is of no security
concern as it requires administrator access and manual modifications to
the configuration file.

Co-contributed-by: David Hicks <hickseydr@optusnet.com.au>
Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
    @dolmen @davidhicks
    dolmen authored and davidhicks committed Sep 18, 2010
    Copy the full SHA
    544e76d View commit details
    Browse the repository at this point in the history