Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/bugzilla/Bugzilla
History
mkanat%bugzilla.org 658daf014e Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace 
and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-4_0-BRANCH@261813 18797224-902f-48f8-a5cc-f745e15eee43
2011-01-24 18:53:58 +00:00
..
Attachment
Bug 441921: context=file fails due to taint issues in file names and file rev numbers - Patch by Frédéric Buclin <LpSolit@gmail.com> r=himorin a=LpSolit
2008-06-29 17:38:03 +00:00
Auth
Bug 604522: t/012throwables.t doesn't catch new user errors correctly
2010-10-15 00:21:59 +00:00
Config
Bug 611979: Undefined subroutine &Bugzilla::Config::Advanced::check_multi when enabling strict_transport_security
2010-11-14 19:04:13 +00:00
DB
Bug 625190: Typo and Missing FK in Bugzilla::DB::Schema
2011-01-15 00:19:58 +00:00
Field
Bug 577054: ChoiceInterface was denying the deletion of any value if
2010-07-23 01:49:27 +00:00
Install
Bug 591165: (CVE-2010-4411) [SECURITY] Bump minimum required version of CGI.pm to v3.51 in order to address header injection vulnerability.
2011-01-21 21:22:55 +00:00
Job
Bug 515606: Fix the arguments of Bugzilla::Job::Mailer->retry_delay--it's actually a class method, not just a subroutine
2009-09-10 23:47:27 +00:00
JobQueue
Bug 563641: Make bugzilla-queue init script support SuSE
2010-05-19 17:31:36 +00:00
Migrate
Bug 486292: Change the default workflow to UNCONFIRMED, CONFIRMED,
2010-07-06 00:47:25 +00:00
Search
Bug 615574: Make every search done by buglist.cgi create a list_id, so that
2010-12-27 22:21:47 +00:00
Template
Bug 508823: Make it so that you don't ever have to reset template_inner (like
2010-03-01 01:46:32 +00:00
User
Bug 364161: Inefficient SQL: Selecting subclass from setting table
2008-09-05 23:03:03 +00:00
WebService
Bug 588013: Fix typo
2010-12-27 22:05:20 +00:00
Whine
Bug 572602: Change the way that Bugzilla::Object determines what fields
2010-06-24 00:47:53 +00:00
Attachment.pm
Bug 413648: Attachment mime type handling should strip leading and trailing spaces
2010-10-22 13:05:03 +00:00
Auth.pm
Bug 611891: Don't generate cookies for logins done over GET via the WebService
2010-11-15 07:48:21 +00:00
Bug.pm
Bug 617477: Fix numerous consistency and behavior issues surrounding Bug.update
2010-12-13 21:04:01 +00:00
BugMail.pm
Bug 583154: If you don't comment while setting the work_time (Hours Worked) field, you get an empty comment in bugmails
2010-08-21 10:36:26 +00:00
CGI.pm
Bug 615574: Make every search done by buglist.cgi create a list_id, so that
2010-12-27 22:21:47 +00:00
Chart.pm
Bug 486292: Change the default workflow to UNCONFIRMED, CONFIRMED,
2010-07-06 00:47:25 +00:00
Classification.pm
Bug 514618: Allow restricting the visibility and values of fields by
2010-07-05 22:02:05 +00:00
Comment.pm
Bug 556422: Move the existing bug-moving functionality into an extension
2010-06-18 21:16:53 +00:00
Component.pm
Bug 553266: config.cgi?ctype=rdf spends most of its time loading flagtypes from the database
2010-10-20 00:48:51 +00:00
Config.pm
Bug 434801: [SECURITY] .htaccess doesn't prevent reading old-params.txt from the web - Patch by Reed Loden <reed@reedloden.com> r=mkanat a=LpSolit
2010-02-01 00:50:15 +00:00
Constants.pm
Bump the version number post-release.
2010-11-03 01:50:41 +00:00
DB.pm
Bug 586244: Make mod_expires and mod_headers optional
2010-09-18 23:43:47 +00:00
Error.pm
Bug 574879: Create a test that assures the correctness of Search.pm's
2010-07-07 21:47:00 +00:00
Extension.pm
Document how to add user settings. r,a=mkanat.
2011-01-05 17:03:49 +00:00
Field.pm
Bug 583287: Some fields should not be displayed in bugmail for new bugs
2010-08-02 23:21:13 +00:00
Flag.pm
Bug 452761: Make the Date header of bugmail and requestmail always be
2010-07-08 06:31:47 +00:00
FlagType.pm
Bug 553266: config.cgi?ctype=rdf spends most of its time loading flagtypes from the database
2010-10-20 00:48:51 +00:00
Group.pm
Bug 572602: Change the way that Bugzilla::Object determines what fields
2010-06-24 00:47:53 +00:00
Hook.pm
Bug 596611: Add a hook to email_in.pl
2010-11-04 17:23:45 +00:00
Install.pm
Bug 577956: Bugs which were never confirmed cannot be reopened as UNCONFIRMED
2010-08-01 23:37:33 +00:00
JobQueue.pm
Bug 530270: Whining fails if mail queueing is enabled - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-11-22 22:26:04 +00:00
Keyword.pm
Bug 572602: Change the way that Bugzilla::Object determines what fields
2010-06-24 00:47:53 +00:00
Mailer.pm
Bug 600230 - Add a unique Message-ID to all outgoing e-mails.
2010-10-26 21:21:25 +00:00
Migrate.pm
Bug 622204: Bugzilla::Migrate crashes trying to create bugs with resolutions
2011-01-09 14:35:14 +00:00
Milestone.pm
Bug 572602: Change the way that Bugzilla::Object determines what fields
2010-06-24 00:47:53 +00:00
Object.pm
Bug 587793: Add a new "object_end_of_create" hook so that extensions can
2010-09-01 23:06:21 +00:00
Product.pm
Bug 553266: config.cgi?ctype=rdf spends most of its time loading flagtypes from the database
2010-10-20 00:48:51 +00:00
Search.pm
Bug 603654: Pronouns in boolean charts return no results anymore
2010-10-13 22:32:03 +00:00
Series.pm
Bug 577089: Make convert-workflow fix the query values for series
2010-07-08 00:33:57 +00:00
Status.pm
Bug 486292: Change the default workflow to UNCONFIRMED, CONFIRMED,
2010-07-06 00:47:25 +00:00
Template.pm
Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace
2011-01-24 18:53:58 +00:00
Token.pm
Bug 508823: Make it so that you don't ever have to reset template_inner (like
2010-03-01 01:46:32 +00:00
Update.pm
fix bustage in 012throwables.t
2010-02-20 21:16:19 +00:00
User.pm
Bug 615574: Make every search done by buglist.cgi create a list_id, so that
2010-12-27 22:21:47 +00:00
Util.pm
Bug 573195: Make Bug.get return all of a bug's standard and custom field
2010-09-30 01:03:22 +00:00
Version.pm
Bug 572602: Change the way that Bugzilla::Object determines what fields
2010-06-24 00:47:53 +00:00
WebService.pm
Bug 579514: Make Bug.attachments also return attachment data
2010-07-20 22:03:21 +00:00
Whine.pm
Bug 530468: Create a read-only Bugzilla::Whine object for whine events and
2010-07-06 00:31:45 +00:00