Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/bugzilla/Bugzilla
History
mkanat%bugzilla.org 8f4b02a7c3 Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165) 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_4-BRANCH@258359 18797224-902f-48f8-a5cc-f745e15eee43
2009-09-11 16:14:09 +00:00
..
Attachment
Bug 441921: context=file fails due to taint issues in file names and file rev numbers - Patch by Frédéric Buclin <LpSolit@gmail.com> r=himorin a=LpSolit
2008-06-29 17:38:03 +00:00
Auth
Bug 488467: Verify and Login auth methods were being called in a random order, c
2009-04-17 21:57:36 +00:00
Config
Bug 482584: Add a parameter to hide the "See Also" field
2009-04-17 22:30:33 +00:00
DB
Bug 513585: Don't trigger utf8 conversion just because there are VIEWs present in the database.
2009-09-03 19:19:30 +00:00
Field
Bug 504944: Use of uninitialized value in hash element at Bugzilla/Field/Choice.pm line 253 - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-07-23 21:35:59 +00:00
Install
Bug 486306: Truncated XML-RPC response (incorrect content-length header)
2009-09-04 21:29:58 +00:00
Job
Bug 515606: Fix the arguments of Bugzilla::Job::Mailer->retry_delay--it's actually a class method, not just a subroutine
2009-09-10 23:47:27 +00:00
JobQueue
Bug 475403: A RHEL SysV Init Script for jobqueue.pl
2009-09-04 21:22:52 +00:00
Search
Bug 490562: QuickSearch "+" operator adds $qsword over and over for @subWords
2009-04-29 00:32:28 +00:00
Template
Bug 457480: Bugzilla/Template/Plugin/Hook.pm does not respect disabled flag - Patch by Alex Eiser <aeiser@arc.nasa.gov> r/a=mkanat
2008-10-06 16:32:39 +00:00
User
Bug 364161: Inefficient SQL: Selecting subclass from setting table
2008-09-05 23:03:03 +00:00
WebService
Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)
2009-09-11 16:14:09 +00:00
Attachment.pm
Bug 399074: Remove the 'maxpatchsize' parameter - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2008-12-10 18:32:30 +00:00
Auth.pm
Bug 134022: PERFORMANCE: deleting old login cookies locks login checks
2009-01-20 20:10:08 +00:00
Bug.pm
Bug 505592: Make add_see_also and remove_see_also call check_can_change_field
2009-07-23 02:16:57 +00:00
BugMail.pm
Bug 509035: An empty e-mail gets sent to non-timetrackinggroup members if I change time tracking information - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-09-08 16:12:31 +00:00
CGI.pm
Bug 502641: Fix various problems that would occur when you would log in from buglist.cgi
2009-07-07 11:54:22 +00:00
Chart.pm
Bug 389396: Do not list series you cannot plot - Patch by Frédéric Buclin <LpSolit@gmail.com> r=dkl a=LpSolit
2009-08-17 23:01:46 +00:00
Classification.pm
Bug 471866: Classification name length and sortkey max value not validated - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
2009-01-04 23:15:31 +00:00
Component.pm
Bug 313123: Implement $component->create and $component->update based on Object.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2007-10-11 23:07:24 +00:00
Config.pm
Bug 347707: Changing parameters could silently fail because we weren't correctly checking the return code from "rename"
2008-12-24 19:08:20 +00:00
Constants.pm
Bump the version number post-release.
2009-08-01 15:37:39 +00:00
DB.pm
Bug 508181: UTF-8 table conversion was failing when there were FKs on the column or on related columns
2009-08-06 14:54:22 +00:00
Error.pm
Bug 435507: Provide a method of hooking the WebService error codes
2008-05-27 22:11:56 +00:00
Field.pm
Bug 371995: Allow the Product field to restrict visibility of custom fields
2009-02-08 19:42:49 +00:00
Flag.pm
Fix incorrect regexp for bug 333648 - Patch by me
2009-04-08 20:47:02 +00:00
FlagType.pm
Bug 455583 - Bugzilla::User::can_{set,request}_flag methods should use the respective {grant,request}_group_id values instead of loading new Group object
2008-09-17 03:47:36 +00:00
Group.pm
Bug 505796 - Bugzilla::Group::grant_direct has refers to $self->{members_direct} instead of $self->{grant_direct}
2009-07-22 19:41:52 +00:00
Hook.pm
Bug 508199: A hook for page.cgi
2009-08-06 15:20:30 +00:00
Install.pm
Bug 405355: Move flatten_group_membership() from User.pm to Group.pm - Patch by arbingersys <arbingersys@gmail.com> r/a=LpSolit
2009-01-25 18:49:31 +00:00
JobQueue.pm
Bug 284184: Allow Bugzilla to use an asynchronous job queue for sending mail.
2008-12-24 03:43:49 +00:00
Keyword.pm
Mailer.pm
Bug 467920: Remove multiple CRs in a row from the email template and make sure all email lines end in CRLF.
2009-02-22 00:44:25 +00:00
Milestone.pm
Bug 408172: [Oracle] Bug lists longer than 1000 bugs fail
2008-01-18 15:56:55 +00:00
Object.pm
Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)
2009-09-11 16:14:09 +00:00
Product.pm
Bug 500900: Confirming bugs requires NEW state to exist - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-07-01 11:06:37 +00:00
Search.pm
Bug 491467: Make Search.pm and buglist.cgi consistently take column ids for the "fields" and "order" arguments, to prevent problems with using SQL fragments in the order and columnlist.
2009-07-07 18:20:16 +00:00
Series.pm
Bug 389396: Do not list series you cannot plot - Patch by Frédéric Buclin <LpSolit@gmail.com> r=dkl a=LpSolit
2009-08-17 23:01:46 +00:00
Status.pm
Bug 308253: Ability to add select (enum) fields to a bug whose list of values depends on the value of another field
2008-11-07 11:34:57 +00:00
Template.pm
Bug 503980: show_bug.cgi doesn't properly escape <!-- inside bug summary - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-08-10 20:22:38 +00:00
Token.pm
Bug 477513: md5_hex() fails if a saved search has UTF8 characters in it - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
2009-02-09 19:20:40 +00:00
Update.pm
2nd attempt to fix bug 414726: Bugzilla::Update never updates bugzilla-update.xml if the file already exists locally - Patch by me r=mkanat
2008-05-02 19:17:01 +00:00
User.pm
Bug 457657 – Make e-mail comment header localizable.
2009-06-02 22:04:19 +00:00
Util.pm
Bug 491630: Make sure DateTime never gets fractional "seconds" in new()
2009-06-02 03:47:44 +00:00
Version.pm
WebService.pm
Bug 494427: Instead of sending <nil> for undef elements in the WebService, just strip the items from the return value.
2009-07-04 12:06:59 +00:00