Comparing changes
Open a pull request
base repository: mantisbt/mantisbt
base: 3e17066
head repository: mantisbt/mantisbt
compare: 544e76d
- 9 commits
- 14 files changed
- 6 contributors
Commits on Sep 18, 2010
-
Fix #12366: file_api uses old style calls to db_get_table
file_api uses some old style calls to db_get_table(..), similar to: db_get_table( 'mantis_bug_file_table' ) Instead of the newer argument format: db_get_table( 'bug_file' ); Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
-
Fix #12344: manage_user_page.php: changing page resets sort criteria
When a user navigates to a different page of the search results the current sort criteria are forgotten. Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
-
Fix #12362: Redirect users to tag management page after deleting a tag
Users who have permission to delete tags also have access to the tag management page. Therefore it makes more sense to redirect users to the tag management page than their default MantisBT start page upon deletion of a tag.
-
Fix #12363: Billing report end date not included in range
The end date of a billing report page is not included in the range of issues parsed by the report. This is due to a bug inside bugnote_stats_get_project_array(..) of bugnote_api.php that misinterprets the PHP documentation of how the strtotime() function operates.
-
Fix #7328: ini_get_number uses wrong postfix multipliers
The ini_get_number function currently uses the wrong postfix multipliers when determining the integer value of configuration options from php.ini. The PHP manual clearly states that k = kibibyte instead of k = kilobyte as per http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes Thus we need to change the postfix multipliers to reflect what the PHP manual defines for php.ini. Thanks to Morgan Parry for providing a patch to this issue just over 4 years ago. And thanks to Roland Becker for bumping up old issues like this one that have been forgotten in the past.
-
Fix #12286: Sub projects not included in advanced filter ALL PROJECTS
When advanced filter "Project" is set to "All Projects" sub projects are excluded from the results returned by the filter. These sub projects should be included. Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
-
Fix #9338: CSV export does not escape all characters
Changed escaping method (strings could be escaped twice). Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
-
Issue #12368: Remove input side XSS validation of user real names
XSS issues should be handled on the output side of MantisBT rather than on the input side. The user real name field was being validated on the input side which is poor design due to the many number of ways in which a user real name could change (SOAP API, XML import, web interface, external scripts, plugins, etc). Furthermore different output interfaces (XML, CSS, XHTML, etc) require different sanitisation and escaping methods. Thus we should remove the input side XSS validation of the user real name field so that we allow ANY characters to be used in this field (except 0x00 of course). Our existing output layers already handle XSS sanitisation of variables such as the real name field.
-
Fix #11299: Custom menu links should be sanitised before output
If an administrator defines custom menu links (consisting of a caption and URL) then these values should be escaped of special HTML characters before being printed into the menu. This XSS issue is of no security concern as it requires administrator access and manual modifications to the configuration file. Co-contributed-by: David Hicks <hickseydr@optusnet.com.au> Signed-off-by: David Hicks <hickseydr@optusnet.com.au>
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3e17066...544e76d