• last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- strengthen page contract and minor cleanup

- restrict format to "table" since "list" has non-trivial message key substitutions problems

- allow post requests only from logged-in users

- strengthen page contracts for return_urls

- fix case, where deleted_p is not set

- protect against too large bug numbers (causes pg errors)

- don't access @patch.patch_id@ for displayed_object_id, if it does

not exist (view mode)

- don't perform message key subsitution in user contributed bug description

- add csrf protection for search

- improve validity of HTML

- turn .html file into a .adp file

    • -0
    • +339
    ./www/doc/mockup-index.adp
- add missing index on creation_user

- bump version number to 1.6d5

    • -0
    • +1
    ./sql/postgresql/bug-tracker-create.sql
    • -0
    • +1
    ./sql/postgresql/upgrade-1.6d4-1.6d5.sql
- minor cleanup

- validate show_patch_status properly

- provide default value for desc_format

- handle invalid input message from bug-tracker via datasource error (not perfect, but better)

- revise last patch

- - fix bug, when "description" is not set either

CVS: ----------------------------------------------------------------------

- improve robustness against invalid input

- fix bug, when desc_format is not set

- use consistently ns_quotehtml

- don't quote message keys in summary field in bugs table

- harden page contract

- fix overquoting

- reduce verbosity

- standardize argument passing to adp-includes, don't perform double i18n and double quoting

  1. … 8 more files in changeset.
- fix and standardize quoting in template properties

  1. … 166 more files in changeset.
- use more precise data types

- fix typos

  1. … 1 more file in changeset.
- fix quoting

- fix typo (need a break)

- fix typo

- fix typo

- standardize url construction to protect against injection attacks