[thirdparty-commits] qwell: mantis/trunk r42 - in /mantis/trunk: ./ core/ doc/ lang/
SVN commits to the Digium third-party software repository
thirdparty-commits at lists.digium.com
Mon Dec 29 17:12:37 CST 2008
Author: qwell
Date: Mon Dec 29 17:12:35 2008
New Revision: 42
URL: http://svn.digium.com/view/thirdparty?view=rev&rev=42
Log:
Update (maybe?) to 1.1.6
Added:
mantis/trunk/.gitignore
- copied unchanged from r41, mantis/upstream/1.1.6/.gitignore
mantis/trunk/core/checkincurl.php
- copied unchanged from r41, mantis/upstream/1.1.6/core/checkincurl.php
Modified:
mantis/trunk/account_page.php
mantis/trunk/account_prof_update.php
mantis/trunk/account_update.php
mantis/trunk/adm_config_set.php
mantis/trunk/bug_actiongroup.php
mantis/trunk/bug_actiongroup_ext.php
mantis/trunk/bug_actiongroup_page.php
mantis/trunk/bug_change_status_page.php
mantis/trunk/bug_graph_bystatus.php
mantis/trunk/bug_reminder.php
mantis/trunk/bug_report.php
mantis/trunk/bug_report_advanced_page.php
mantis/trunk/bug_report_page.php
mantis/trunk/bug_update.php
mantis/trunk/bug_update_advanced_page.php
mantis/trunk/bug_update_page.php
mantis/trunk/bugnote_add.php
mantis/trunk/config_defaults_inc.php
mantis/trunk/core.php
mantis/trunk/core/authentication_api.php
mantis/trunk/core/bug_api.php
mantis/trunk/core/bugnote_api.php
mantis/trunk/core/constant_inc.php
mantis/trunk/core/custom_function_api.php
mantis/trunk/core/filter_api.php
mantis/trunk/core/form_api.php
mantis/trunk/core/gpc_api.php
mantis/trunk/core/history_api.php
mantis/trunk/core/html_api.php
mantis/trunk/core/print_api.php
mantis/trunk/core/session_api.php
mantis/trunk/core/string_api.php
mantis/trunk/core/tag_api.php
mantis/trunk/core/user_api.php
mantis/trunk/core/utility_api.php
mantis/trunk/doc/ChangeLog
mantis/trunk/lang/strings_bulgarian.txt
mantis/trunk/lang/strings_catalan.txt
mantis/trunk/lang/strings_chinese_simplified.txt
mantis/trunk/lang/strings_chinese_traditional.txt
mantis/trunk/lang/strings_croatian.txt
mantis/trunk/lang/strings_czech.txt
mantis/trunk/lang/strings_danish.txt
mantis/trunk/lang/strings_dutch.txt
mantis/trunk/lang/strings_english.txt
mantis/trunk/lang/strings_estonian.txt
mantis/trunk/lang/strings_finnish.txt
mantis/trunk/lang/strings_french.txt
mantis/trunk/lang/strings_german.txt
mantis/trunk/lang/strings_greek.txt
mantis/trunk/lang/strings_hebrew.txt
mantis/trunk/lang/strings_hungarian.txt
mantis/trunk/lang/strings_icelandic.txt
mantis/trunk/lang/strings_italian.txt
mantis/trunk/lang/strings_japanese.txt
mantis/trunk/lang/strings_korean.txt
mantis/trunk/lang/strings_latvian.txt
mantis/trunk/lang/strings_lithuanian.txt
mantis/trunk/lang/strings_norwegian.txt
mantis/trunk/lang/strings_polish.txt
mantis/trunk/lang/strings_portuguese_brazil.txt
mantis/trunk/lang/strings_portuguese_standard.txt
mantis/trunk/lang/strings_romanian.txt
mantis/trunk/lang/strings_russian.txt
mantis/trunk/lang/strings_serbian.txt
mantis/trunk/lang/strings_slovak.txt
mantis/trunk/lang/strings_slovene.txt
mantis/trunk/lang/strings_spanish.txt
mantis/trunk/lang/strings_swedish.txt
mantis/trunk/lang/strings_turkish.txt
mantis/trunk/lang/strings_ukrainian.txt
mantis/trunk/lang/strings_urdu.txt
mantis/trunk/manage_config_email_set.php
mantis/trunk/manage_config_revert.php
mantis/trunk/manage_config_work_threshold_page.php
mantis/trunk/manage_custom_field_create.php
mantis/trunk/manage_custom_field_delete.php
mantis/trunk/manage_custom_field_proj_add.php
mantis/trunk/manage_custom_field_update.php
mantis/trunk/manage_proj_cat_add.php
mantis/trunk/manage_proj_cat_copy.php
mantis/trunk/manage_proj_cat_delete.php
mantis/trunk/manage_proj_cat_update.php
mantis/trunk/manage_proj_create.php
mantis/trunk/manage_proj_custom_field_add_existing.php
mantis/trunk/manage_proj_custom_field_copy.php
mantis/trunk/manage_proj_custom_field_remove.php
mantis/trunk/manage_proj_custom_field_update.php
mantis/trunk/manage_proj_delete.php
mantis/trunk/manage_proj_edit_page.php
mantis/trunk/manage_proj_subproj_add.php
mantis/trunk/manage_proj_subproj_delete.php
mantis/trunk/manage_proj_update.php
mantis/trunk/manage_proj_user_add.php
mantis/trunk/manage_proj_user_copy.php
mantis/trunk/manage_proj_user_remove.php
mantis/trunk/manage_proj_ver_add.php
mantis/trunk/manage_proj_ver_copy.php
mantis/trunk/manage_proj_ver_delete.php
mantis/trunk/manage_proj_ver_update.php
mantis/trunk/manage_user_create.php
mantis/trunk/manage_user_delete.php
mantis/trunk/manage_user_proj_add.php
mantis/trunk/manage_user_prune.php
mantis/trunk/manage_user_reset.php
mantis/trunk/manage_user_update.php
mantis/trunk/news_add.php
mantis/trunk/news_delete.php
mantis/trunk/news_update.php
mantis/trunk/roadmap_page.php
mantis/trunk/set_project.php
mantis/trunk/signup.php
mantis/trunk/tag_attach.php
mantis/trunk/tag_delete.php
mantis/trunk/tag_detach.php
mantis/trunk/tag_update.php
mantis/trunk/verify.php
mantis/trunk/view_filters_page.php
Modified: mantis/trunk/account_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/account_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/account_page.php (original)
+++ mantis/trunk/account_page.php Mon Dec 29 17:12:35 2008
@@ -94,6 +94,9 @@
<div align="center">
<form method="post" action="account_update.php">
<?php echo form_security_field( 'account_update' )?>
+<?php if ( isset( $g_session_pass_id ) ) { ?>
+<input type="hidden" name="session_id" value="<?php echo session_id() ?>"/>
+<?php } ?>
<table class="width75" cellspacing="1">
<!-- Headings -->
Modified: mantis/trunk/account_prof_update.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/account_prof_update.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/account_prof_update.php (original)
+++ mantis/trunk/account_prof_update.php Mon Dec 29 17:12:35 2008
@@ -41,6 +41,7 @@
switch ( $f_action ) {
case 'edit':
$f_profile_id = gpc_get_int( 'profile_id' );
+ form_security_purge('profile_update');
print_header_redirect( 'account_prof_edit_page.php?profile_id=' . $f_profile_id );
break;
@@ -62,6 +63,7 @@
}
profile_create( $t_user_id, $f_platform, $f_os, $f_os_build, $f_description );
+ form_security_purge('profile_update');
if ( ALL_USERS == $t_user_id ) {
print_header_redirect( 'manage_prof_menu_page.php' );
@@ -81,9 +83,11 @@
access_ensure_global_level( config_get( 'manage_global_profile_threshold' ) );
profile_update( ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description );
+ form_security_purge('profile_update');
print_header_redirect( 'manage_prof_menu_page.php' );
} else {
profile_update( auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description );
+ form_security_purge('profile_update');
print_header_redirect( 'account_prof_menu_page.php' );
}
break;
@@ -94,9 +98,11 @@
access_ensure_global_level( config_get( 'manage_global_profile_threshold' ) );
profile_delete( ALL_USERS, $f_profile_id );
+ form_security_purge('profile_update');
print_header_redirect( 'manage_prof_menu_page.php' );
} else {
profile_delete( auth_get_current_user_id(), $f_profile_id );
+ form_security_purge('profile_update');
print_header_redirect( 'account_prof_menu_page.php' );
}
break;
@@ -104,6 +110,7 @@
case 'make_default':
$f_profile_id = gpc_get_int( 'profile_id' );
current_user_set_pref( 'default_profile', $f_profile_id );
+ form_security_purge('profile_update');
print_header_redirect( 'account_prof_menu_page.php' );
break;
}
Modified: mantis/trunk/account_update.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/account_update.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/account_update.php (original)
+++ mantis/trunk/account_update.php Mon Dec 29 17:12:35 2008
@@ -91,6 +91,8 @@
}
}
+ form_security_purge('account_update');
+
html_page_top1();
html_meta_redirect( $t_redirect );
html_page_top2();
Modified: mantis/trunk/adm_config_set.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/adm_config_set.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/adm_config_set.php (original)
+++ mantis/trunk/adm_config_set.php Mon Dec 29 17:12:35 2008
@@ -81,7 +81,7 @@
# 2. simple arrays with the form: array( a, b, c, d )
# 3. associative arrays with the form: array( a=>1, b=>2, c=>3, d=>4 )
$t_full_string = trim( $f_value );
- if ( preg_match('/array\((.*)\)/', $t_full_string, $t_match ) === 1 ) {
+ if ( preg_match('/array[\s]*\((.*)\)/', $t_full_string, $t_match ) === 1 ) {
// we have an array here
$t_values = split( ',', trim( $t_match[1] ) );
foreach ( $t_values as $key => $value ) {
Modified: mantis/trunk/bug_actiongroup.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_actiongroup.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_actiongroup.php (original)
+++ mantis/trunk/bug_actiongroup.php Mon Dec 29 17:12:35 2008
@@ -36,6 +36,9 @@
$f_custom_field_id = gpc_get_int( 'custom_field_id', 0 );
$f_bug_arr = gpc_get_int_array( 'bug_arr', array() );
+ $t_form_name = 'bug_actiongroup_' . $f_action;
+ form_security_validate( $t_form_name );
+
$t_custom_group_actions = config_get( 'custom_group_actions' );
foreach( $t_custom_group_actions as $t_custom_group_action ) {
@@ -50,8 +53,6 @@
if ( 0 != $f_custom_field_id ) {
$t_custom_field_def = custom_field_get_definition( $f_custom_field_id );
}
-
- $t_first_issue = true;
foreach( $f_bug_arr as $t_bug_id ) {
bug_ensure_exists( $t_bug_id );
@@ -70,10 +71,6 @@
switch ( $f_action ) {
case 'CLOSE':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_close' );
- }
-
if ( access_can_close_bug( $t_bug_id ) &&
( $t_status < CLOSED ) &&
bug_check_workflow($t_status, CLOSED) ) {
@@ -91,10 +88,6 @@
break;
case 'DELETE':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_delete' );
- }
-
if ( access_has_bug_level( config_get( 'delete_bug_threshold' ), $t_bug_id ) ) {
bug_delete( $t_bug_id );
} else {
@@ -103,10 +96,6 @@
break;
case 'MOVE':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_move' );
- }
-
if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) {
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
$f_project_id = gpc_get_int( 'project_id' );
@@ -118,10 +107,6 @@
break;
case 'COPY':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_copy' );
- }
-
$f_project_id = gpc_get_int( 'project_id' );
if ( access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) {
@@ -132,10 +117,6 @@
break;
case 'ASSIGN':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_assign' );
- }
-
$f_assign = gpc_get_int( 'assign' );
if ( ON == config_get( 'auto_set_status_to_assigned' ) ) {
$t_assign_status = config_get( 'bug_assigned_status' );
@@ -161,10 +142,6 @@
break;
case 'RESOLVE':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_resolve' );
- }
-
$t_resolved_status = config_get( 'bug_resolved_status_threshold' );
if ( access_has_bug_level( access_get_status_threshold( $t_resolved_status, bug_get_field( $t_bug_id, 'project_id' ) ), $t_bug_id ) &&
( $t_status < $t_resolved_status ) &&
@@ -185,10 +162,6 @@
break;
case 'UP_PRIOR':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_priority' );
- }
-
if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
$f_priority = gpc_get_int( 'priority' );
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -200,10 +173,6 @@
break;
case 'UP_STATUS':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_status' );
- }
-
$f_status = gpc_get_int( 'status' );
$t_project = bug_get_field( $t_bug_id, 'project_id' );
if ( access_has_bug_level( access_get_status_threshold( $f_status, $t_project ), $t_bug_id ) ) {
@@ -220,12 +189,9 @@
break;
case 'UP_CATEGORY':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_category' );
- }
-
$f_category = gpc_get_string( 'category' );
$t_project = bug_get_field( $t_bug_id, 'project_id' );
+
if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
if ( category_exists( $t_project, $f_category ) ) {
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -240,10 +206,6 @@
break;
case 'UP_FIXED_IN_VERSION':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_fixed_in_version' );
- }
-
$f_fixed_in_version = gpc_get_string( 'fixed_in_version' );
$t_project_id = bug_get_field( $t_bug_id, 'project_id' );
$t_success = false;
@@ -263,10 +225,6 @@
break;
case 'UP_TARGET_VERSION':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_target_version' );
- }
-
$f_target_version = gpc_get_string( 'target_version' );
$t_project_id = bug_get_field( $t_bug_id, 'project_id' );
$t_success = false;
@@ -286,10 +244,6 @@
break;
case 'VIEW_STATUS':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_view_status' );
- }
-
if ( access_has_bug_level( config_get( 'change_view_status_threshold' ), $t_bug_id ) ) {
$f_view_status = gpc_get_int( 'view_status' );
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -301,10 +255,6 @@
break;
case 'SET_STICKY':
- if ( $t_first_issue ) {
- form_security_validate( 'bug_set_sticky' );
- }
-
if ( access_has_bug_level( config_get( 'set_bug_sticky_threshold' ), $t_bug_id ) ) {
$f_sticky = bug_get_field( $t_bug_id, 'sticky' );
// The new value is the inverted old value
@@ -319,10 +269,6 @@
case 'CUSTOM':
if ( 0 === $f_custom_field_id ) {
trigger_error( ERROR_GENERIC, ERROR );
- }
-
- if ( $t_first_issue ) {
- form_security_validate( 'bug_update_custom_field_' . $f_custom_field_id );
}
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -335,9 +281,9 @@
default:
trigger_error( ERROR_GENERIC, ERROR );
}
-
- $t_first_issue = false;
}
+
+ form_security_purge( $t_form_name );
$t_redirect_url = 'view_all_bug_page.php';
Modified: mantis/trunk/bug_actiongroup_ext.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_actiongroup_ext.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_actiongroup_ext.php (original)
+++ mantis/trunk/bug_actiongroup_ext.php Mon Dec 29 17:12:35 2008
@@ -98,6 +98,8 @@
}
}
+ form_security_purge( $t_form_name );
+
$t_redirect_url = 'view_all_bug_page.php';
if ( count( $t_failed_ids ) > 0 ) {
Modified: mantis/trunk/bug_actiongroup_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_actiongroup_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_actiongroup_page.php (original)
+++ mantis/trunk/bug_actiongroup_page.php Mon Dec 29 17:12:35 2008
@@ -87,27 +87,27 @@
$f_action = 'CUSTOM';
}
+ # Form name
+ $t_form_name = 'bug_actiongroup_' . $f_action;
+
switch ( $f_action ) {
# Use a simple confirmation page, if close or delete...
case 'CLOSE' :
$t_finished = true;
$t_question_title = lang_get( 'close_bugs_conf_msg' );
$t_button_title = lang_get( 'close_group_bugs_button' );
- $t_form_name = 'bug_close';
break;
case 'DELETE' :
$t_finished = true;
$t_question_title = lang_get( 'delete_bugs_conf_msg' );
$t_button_title = lang_get( 'delete_group_bugs_button' );
- $t_form_name = 'bug_delete';
break;
case 'SET_STICKY' :
$t_finished = true;
$t_question_title = lang_get( 'set_sticky_bugs_conf_msg' );
$t_button_title = lang_get( 'set_sticky_group_bugs_button' );
- $t_form_name = 'bug_set_sticky';
break;
# ...else we define the variables used in the form
@@ -115,21 +115,18 @@
$t_question_title = lang_get( 'move_bugs_conf_msg' );
$t_button_title = lang_get( 'move_group_bugs_button' );
$t_form = 'project_id';
- $t_form_name = 'bug_move';
break;
case 'COPY' :
$t_question_title = lang_get( 'copy_bugs_conf_msg' );
$t_button_title = lang_get( 'copy_group_bugs_button' );
$t_form = 'project_id';
- $t_form_name = 'bug_copy';
break;
case 'ASSIGN' :
$t_question_title = lang_get( 'assign_bugs_conf_msg' );
$t_button_title = lang_get( 'assign_group_bugs_button' );
$t_form = 'assign';
- $t_form_name = 'bug_assign';
break;
case 'RESOLVE' :
@@ -141,7 +138,6 @@
$t_question_title2 = lang_get( 'fixed_in_version' );
$t_form2 = 'fixed_in_version';
}
- $t_form_name = 'bug_resolve';
break;
case 'UP_PRIOR' :
@@ -149,7 +145,6 @@
$t_button_title = lang_get( 'priority_group_bugs_button' );
$t_form = 'priority';
$t_request = 'priority';
- $t_form_name = 'bug_update_priority';
break;
case 'UP_STATUS' :
@@ -157,35 +152,30 @@
$t_button_title = lang_get( 'status_group_bugs_button' );
$t_form = 'status';
$t_request = 'status';
- $t_form_name = 'bug_update_status';
break;
case 'UP_CATEGORY' :
$t_question_title = lang_get( 'category_bugs_conf_msg' );
$t_button_title = lang_get( 'category_group_bugs_button' );
$t_form = 'category';
- $t_form_name = 'bug_update_category';
break;
case 'VIEW_STATUS' :
$t_question_title = lang_get( 'view_status_bugs_conf_msg' );
$t_button_title = lang_get( 'view_status_group_bugs_button' );
$t_form = 'view_status';
- $t_form_name = 'bug_update_view_status';
break;
case 'UP_FIXED_IN_VERSION':
$t_question_title = lang_get( 'fixed_in_version_bugs_conf_msg' );
$t_button_title = lang_get( 'fixed_in_version_group_bugs_button' );
$t_form = 'fixed_in_version';
- $t_form_name = 'bug_update_fixed_in_version';
break;
case 'UP_TARGET_VERSION':
$t_question_title = lang_get( 'target_version_bugs_conf_msg' );
$t_button_title = lang_get( 'target_version_group_bugs_button' );
$t_form = 'target_version';
- $t_form_name = 'bug_update_target_version';
break;
case 'CUSTOM' :
@@ -193,7 +183,6 @@
$t_question_title = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
$t_button_title = $t_question_title;
$t_form = "custom_field_$t_custom_field_id";
- $t_form_name = 'bug_update_custom_field_' . $t_custom_field_id;
break;
default:
Modified: mantis/trunk/bug_change_status_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_change_status_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_change_status_page.php (original)
+++ mantis/trunk/bug_change_status_page.php Mon Dec 29 17:12:35 2008
@@ -22,6 +22,7 @@
# --------------------------------------------------------
?>
<?php
+ $g_allow_browser_cache = 1;
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
Modified: mantis/trunk/bug_graph_bystatus.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_graph_bystatus.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_graph_bystatus.php (original)
+++ mantis/trunk/bug_graph_bystatus.php Mon Dec 29 17:12:35 2008
@@ -148,6 +148,8 @@
}
ksort($t_view_status);
+ $t_label_string = lang_get('orct'); //use the (open/resolved/closed/total) label
+ $t_label_strings = explode('/', substr($t_label_string, 1, strlen($t_label_string)-2));
// add headers for table
if ($f_show_as_table) {
@@ -159,9 +161,9 @@
html_body_begin();
echo '<table class="width100"><tr><td></td>';
if ($f_summary) {
- echo '<th>' . lang_get_defaulted('open') . '</th>';
- echo '<th>' . lang_get_defaulted('resolved') . '</th>';
- echo '<th>' . lang_get_defaulted('closed') . '</th>';
+ echo '<th>' . $t_label_strings[0] . '</th>';
+ echo '<th>' . $t_label_strings[1] . '</th>';
+ echo '<th>' . $t_label_strings[2] . '</th>';
} else {
foreach ( $t_view_status as $t_status => $t_label ) {
echo '<th>'.$t_label.' ('.$t_status.')</th>';
@@ -176,9 +178,9 @@
$t_labels = array();
$i = 0;
if ($f_summary) {
- $t_labels[++$i] = lang_get_defaulted('open');
- $t_labels[++$i] = lang_get_defaulted('resolved');
- $t_labels[++$i] = lang_get_defaulted('closed');
+ $t_labels[++$i] = $t_label_strings[0];
+ $t_labels[++$i] = $t_label_strings[1];
+ $t_labels[++$i] = $t_label_strings[2];
} else {
foreach ( $t_view_status as $t_status => $t_label ) {
$t_labels[++$i] = isset($t_status_labels[$t_status]) ? $t_status_labels[$t_status] : lang_get_defaulted($t_label);
@@ -228,6 +230,6 @@
html_body_end();
html_end();
} else {
- graph_bydate( $t_metrics, $t_labels, lang_get( 'by_category' ), $f_width, $f_width * $t_ar );
+ graph_bydate( $t_metrics, $t_labels, lang_get( 'by_status' ), $f_width, $f_width * $t_ar );
}
?>
Modified: mantis/trunk/bug_reminder.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_reminder.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_reminder.php (original)
+++ mantis/trunk/bug_reminder.php Mon Dec 29 17:12:35 2008
@@ -76,7 +76,7 @@
}
$t_attr = '|' . implode( '|', $f_to ) . '|';
# reminders don't count as progress
- bugnote_add( $f_bug_id, $f_body, 0, config_get( 'default_reminder_view_status' ) == VS_PRIVATE, REMINDER, $t_attr, null, BUGNOTE_NO_PROGRESS );
+ bugnote_add( $f_bug_id, $f_body, 0, config_get( 'default_reminder_view_status' ) == VS_PRIVATE, REMINDER, $t_attr, NULL, FALSE, BUGNOTE_NO_PROGRESS );
}
html_page_top1();
Modified: mantis/trunk/bug_report.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_report.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_report.php (original)
+++ mantis/trunk/bug_report.php Mon Dec 29 17:12:35 2008
@@ -32,7 +32,7 @@
require_once( $t_core_path.'bug_api.php' );
require_once( $t_core_path.'custom_field_api.php' );
- # helper_ensure_post();
+ form_security_validate( 'bug_report' );
require_once( 'mantis_karma.php' );
@@ -86,14 +86,13 @@
$t_bug_data->os_build = $row['os_build'];
}
}
-
helper_call_custom_function( 'issue_create_validate', array( $t_bug_data ) );
# Validate the custom fields before adding the bug.
$t_related_custom_field_ids = custom_field_get_linked_ids( $t_bug_data->project_id );
foreach( $t_related_custom_field_ids as $t_id ) {
$t_def = custom_field_get_definition( $t_id );
- if ( $t_def['require_report'] && ( gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], '' ) == '' ) ) {
+ if ( $t_def['require_report'] && !gpc_isset( "custom_field_$t_id" ) ) {
error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
@@ -165,6 +164,8 @@
helper_call_custom_function( 'issue_create_notify', array( $t_bug_id ) );
+ form_security_purge( 'bug_report' );
+
html_page_top1();
if ( ! $f_report_stay ) {
Modified: mantis/trunk/bug_report_advanced_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_report_advanced_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_report_advanced_page.php (original)
+++ mantis/trunk/bug_report_advanced_page.php Mon Dec 29 17:12:35 2008
@@ -151,6 +151,7 @@
<br />
<div align="center">
<form name="report_bug_form" method="post" <?php if ( file_allow_bug_upload() ) { echo 'enctype="multipart/form-data"'; } ?> action="bug_report.php" onsubmit="return validateForm(this);">
+<?php echo form_security_field( 'bug_report' ) ?>
<table class="width75" cellspacing="1">
Modified: mantis/trunk/bug_report_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_report_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_report_page.php (original)
+++ mantis/trunk/bug_report_page.php Mon Dec 29 17:12:35 2008
@@ -131,6 +131,7 @@
<br />
<div align="center">
<form name="report_bug_form" method="post" <?php if ( file_allow_bug_upload() ) { echo 'enctype="multipart/form-data"'; } ?> action="bug_report.php" onsubmit="return validateForm(this);">
+<?php echo form_security_field( 'bug_report' ) ?>
<table class="width75" cellspacing="1">
Modified: mantis/trunk/bug_update.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_update.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_update.php (original)
+++ mantis/trunk/bug_update.php Mon Dec 29 17:12:35 2008
@@ -111,7 +111,6 @@
$t_related_custom_field_ids = custom_field_get_linked_ids( $t_bug_data->project_id );
foreach( $t_related_custom_field_ids as $t_id ) {
$t_def = custom_field_get_definition( $t_id );
- $t_custom_field_value = gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], null );
# Only update the field if it would have been display for editing
if( !( ( ! $f_update_mode && $t_def['require_' . $t_custom_status_label] ) ||
@@ -121,22 +120,22 @@
continue;
}
- # Only update the field if it is posted
- # ( will fail in custom_field_set_value(), if it was required )
- if ( $t_custom_field_value === null ) {
- continue;
- }
-
# Do not set custom field value if user has no write access.
if( !custom_field_has_write_access( $t_id, $f_bug_id ) ) {
continue;
}
- if ( $t_def['require_' . $t_custom_status_label] && ( gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], '' ) == '' ) ) {
+ if ( $t_def['require_' . $t_custom_status_label] && !gpc_isset( "custom_field_$t_id" ) ) {
error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
- if ( !custom_field_set_value( $t_id, $f_bug_id, $t_custom_field_value ) ) {
+
+ # Only update the field if it is posted
+ if ( !gpc_isset( "custom_field_$t_id" ) ) {
+ continue;
+ }
+
+ if ( !custom_field_set_value( $t_id, $f_bug_id, gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], null ) ) ) {
error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
}
@@ -217,6 +216,8 @@
# Update the bug entry, notify if we haven't done so already
bug_update( $f_bug_id, $t_bug_data, true, ( false == $t_notify ) );
+ form_security_purge( 'bug_update' );
+
helper_call_custom_function( 'issue_update_notify', array( $f_bug_id ) );
print_successful_redirect_to_bug( $f_bug_id );
Modified: mantis/trunk/bug_update_advanced_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_update_advanced_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_update_advanced_page.php (original)
+++ mantis/trunk/bug_update_advanced_page.php Mon Dec 29 17:12:35 2008
@@ -21,6 +21,7 @@
# $Id$
# --------------------------------------------------------
+ $g_allow_browser_cache = 1;
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
Modified: mantis/trunk/bug_update_page.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bug_update_page.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bug_update_page.php (original)
+++ mantis/trunk/bug_update_page.php Mon Dec 29 17:12:35 2008
@@ -21,6 +21,7 @@
# $Id$
# --------------------------------------------------------
+ $g_allow_browser_cache = 1;
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
Modified: mantis/trunk/bugnote_add.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/bugnote_add.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/bugnote_add.php (original)
+++ mantis/trunk/bugnote_add.php Mon Dec 29 17:12:35 2008
@@ -61,8 +61,9 @@
$g_project_override = $t_bug->project_id;
}
- # @@@ VB: Do we want to differentiate email notifications for normal notes from time tracking entries?
- $t_bugnote_added = bugnote_add( $f_bug_id, $f_bugnote_text, $f_time_tracking, $f_private, $t_note_type, '', null, $f_progress);
+ // We always set the note time to BUGNOTE, and the API will overwrite it with TIME_TRACKING
+ // if $f_time_tracking is not 0 and the time tracking feature is enabled.
+ $t_bugnote_added = bugnote_add( $f_bug_id, $f_bugnote_text, $f_time_tracking, $f_private, BUGNOTE, '', null, TRUE, $f_progress );
if ( !$t_bugnote_added ) {
error_parameters( lang_get( 'bugnote' ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
Modified: mantis/trunk/config_defaults_inc.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/config_defaults_inc.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/config_defaults_inc.php (original)
+++ mantis/trunk/config_defaults_inc.php Mon Dec 29 17:12:35 2008
@@ -86,7 +86,8 @@
}
if ( isset( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) { // Support ProxyPass
- $t_host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+ $t_hosts = split( ',', $_SERVER['HTTP_X_FORWARDED_HOST'] );
+ $t_host = $t_hosts[0];
} else if ( isset( $_SERVER['HTTP_HOST'] ) ) {
$t_host = $_SERVER['HTTP_HOST'];
} else if ( isset( $_SERVER['SERVER_NAME'] ) ) {
@@ -151,6 +152,9 @@
# 'adodb' -> Database storage sessions
# 'memcached' -> Memcached storage sessions
$g_session_handler = 'php';
+
+ # Session save path. If false, uses default value as set by session handler.
+ $g_session_save_path = false;
#############################
# Configuration Settings
@@ -998,7 +1002,7 @@
# list of filetypes to view inline. This is a string of extentions separated by commas
# This is used when downloading an attachment. Rather than downloading, the attachment
# is viewed in the browser.
- $g_inline_file_exts = 'gif,png';
+ $g_inline_file_exts = 'bmp,png,gif,jpg,jpeg';
# access level needed to download bug attachments
$g_download_attachments_threshold = VIEWER;
Modified: mantis/trunk/core.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core.php (original)
+++ mantis/trunk/core.php Mon Dec 29 17:12:35 2008
@@ -145,16 +145,35 @@
# OPENED ANYWHERE ELSE.
require_once( $t_core_path.'database_api.php' );
+ # Basic browser detection
+ $t_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'none';
+
+ $t_browser_name = 'Normal';
+ if ( strpos( $t_user_agent, 'MSIE' ) ) {
+ $t_browser_name = 'IE';
+ }
+
# Headers to prevent caching
# with option to bypass if running from script
global $g_bypass_headers, $g_allow_browser_cache;
if ( !isset( $g_bypass_headers ) && !headers_sent() ) {
- if ( ! isset( $g_allow_browser_cache ) ) {
- header( 'Pragma: no-cache' );
+
+ if ( isset( $g_allow_browser_cache ) && ON == $g_allow_browser_cache ) {
+ switch ( $t_browser_name ) {
+ case 'IE':
+ header( 'Cache-Control: private, proxy-revalidate' );
+ break;
+ default:
+ header( 'Cache-Control: private, must-revalidate' );
+ break;
+ }
+
+ } else {
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
}
+
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time() ) );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time() ) );
# SEND USER-DEFINED HEADERS
foreach( config_get( 'custom_headers' ) as $t_header ) {
Modified: mantis/trunk/core/authentication_api.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/authentication_api.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/authentication_api.php (original)
+++ mantis/trunk/core/authentication_api.php Mon Dec 29 17:12:35 2008
@@ -194,6 +194,9 @@
if (auth_clear_cookies()) {
helper_clear_pref_cookies();
}
+
+ session_clean();
+
return true;
}
Modified: mantis/trunk/core/bug_api.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/bug_api.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/bug_api.php (original)
+++ mantis/trunk/core/bug_api.php Mon Dec 29 17:12:35 2008
@@ -1276,9 +1276,6 @@
# the relationship type is already set. Nothing to do
}
else if ( $t_id_relationship > 0 ) {
- # there is already a relationship between them -> we have to update it and not to add a new one
- helper_ensure_confirmed( lang_get( 'replace_relationship_sure_msg' ), lang_get( 'replace_relationship_button' ) );
-
# Update the relationship
relationship_update( $t_id_relationship, $p_bug_id, $p_duplicate_id, BUG_DUPLICATE );
Modified: mantis/trunk/core/bugnote_api.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/bugnote_api.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/bugnote_api.php (original)
+++ mantis/trunk/core/bugnote_api.php Mon Dec 29 17:12:35 2008
@@ -99,7 +99,7 @@
# Add a bugnote to a bug
#
# return the ID of the new bugnote
- function bugnote_add ( $p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_progress = BUGNOTE_NO_PROGRESS ) {
+ function bugnote_add ( $p_bug_id, $p_bugnote_text, $p_time_tracking = '0:00', $p_private = false, $p_type = 0, $p_attr = '', $p_user_id = null, $p_send_email = TRUE, $p_progress = BUGNOTE_NO_PROGRESS ) {
$c_bug_id = db_prepare_int( $p_bug_id );
$c_bugnote_text = db_prepare_string( $p_bugnote_text );
$c_time_tracking = db_prepare_time( $p_time_tracking );
@@ -165,7 +165,7 @@
history_log_event_special( $p_bug_id, BUGNOTE_ADDED, bugnote_format_id( $t_bugnote_id ) );
# only send email if the text is not blank, otherwise, it is just recording of time without a comment.
- if ( !is_blank( $p_bugnote_text ) ) {
+ if ( $p_send_email && !is_blank( $p_bugnote_text ) ) {
email_bugnote_add( $p_bug_id );
}
return $t_bugnote_id;
Modified: mantis/trunk/core/constant_inc.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/constant_inc.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/constant_inc.php (original)
+++ mantis/trunk/core/constant_inc.php Mon Dec 29 17:12:35 2008
@@ -21,7 +21,7 @@
# $Id$
# --------------------------------------------------------
- define( 'MANTIS_VERSION', '1.1.2' );
+ define( 'MANTIS_VERSION', '1.1.6' );
# --- constants -------------------
@@ -195,6 +195,7 @@
define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 );
define( 'ERROR_PAGE_REDIRECTION', 18 );
define( 'ERROR_INVALID_REQUEST_METHOD', 19 );
+ define( 'ERROR_INVALID_SORT_FIELD', 20 );
# ERROR_CONFIG_*
define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 );
@@ -326,6 +327,7 @@
# ERROR_SESSION_*
define ( 'ERROR_SESSION_HANDLER_INVALID', 2700);
define ( 'ERROR_SESSION_VAR_NOT_FOUND', 2701);
+ define ( 'ERROR_SESSION_NOT_VALID', 2702);
# ERROR_FORM_*
define ( 'ERROR_FORM_TOKEN_INVALID', 2800 );
@@ -426,4 +428,3 @@
define( 'SPONSORSHIP_REQUESTED', 1 );
define( 'SPONSORSHIP_PAID', 2 );
-?>
Modified: mantis/trunk/core/custom_function_api.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/custom_function_api.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/custom_function_api.php (original)
+++ mantis/trunk/core/custom_function_api.php Mon Dec 29 17:12:35 2008
@@ -117,7 +117,7 @@
function custom_function_default_checkin( $p_issue_id, $p_comment, $p_file, $p_new_version, $p_fixed, $p_repo='', $p_author='' ) {
if ( bug_exists( $p_issue_id ) ) {
history_log_event_special( $p_issue_id, CHECKIN, $p_file, $p_new_version );
- bugnote_add( $p_issue_id, $p_comment, 0, VS_PRIVATE == config_get( 'source_control_notes_view_status' ), 0, '', null, BUGNOTE_PROGRESS );
+ bugnote_add( $p_issue_id, $p_comment, 0, VS_PRIVATE == config_get( 'source_control_notes_view_status' ), 0, '', null, TRUE, BUGNOTE_PROGRESS );
email_bugnote_add( $p_issue_id );
$t_status = config_get( 'source_control_set_status_to' );
Modified: mantis/trunk/core/filter_api.php
URL: http://svn.digium.com/view/thirdparty/mantis/trunk/core/filter_api.php?view=diff&rev=42&r1=41&r2=42
==============================================================================
--- mantis/trunk/core/filter_api.php (original)
+++ mantis/trunk/core/filter_api.php Mon Dec 29 17:12:35 2008
@@ -2558,7 +2558,9 @@
<a href="<?php PRINT $t_filters_url . 'os_build'; ?>" id="os_build_filter"><?php echo lang_get( 'os_version' ) ?>:</a>
</td>
<td class="small-caption" valign="top" colspan="5">
+ <?php if ( access_has_global_level( config_get( 'tag_view_threshold' ) ) ) { ?>
<a href="<?php PRINT $t_filters_url . 'tag_string'; ?>" id="tag_string_filter"><?php echo lang_get( 'tags' ) ?>:</a>
+ <?php } ?>
</td>
<?php if ( $t_filter_cols > 8 ) {
echo '<td class="small-caption" valign="top" colspan="' . ( $t_filter_cols - 8 ) . '"> </td>';
@@ -3836,6 +3838,10 @@
}
function print_filter_tag_string() {
+ if ( !access_has_global_level( config_get( 'tag_view_threshold' ) ) ) {
+ return;
+ }
+
global $t_filter;
$t_tag_string = $t_filter['tag_string'];
if ( $t_filter['tag_select'] != 0 ) {
Modified: mantis/trunk/core/form_api.php
[... 52322 lines stripped ...]
More information about the thirdparty-commits
mailing list