Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-01-20 22:43:10 +01:00
Code Issues Packages Projects Releases Activity
13,453 Commits 35 Branches 225 Tags
e8bc1dbaa80dd714254da9c19e4ffaae4fbf9736
Commit Graph

1928 Commits

Author SHA1 Message Date
Toshi MARUYAMA
f093d591f1 Merged r17062 from trunk to 3.4-stable (#27516) 
mercurial: work around faulty parsing of early command options

Use -sVALUE and --long=VALUE instead of "-s VALUE" and "--long VALUE"
respectively.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17068 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:16:07 +00:00
Toshi MARUYAMA
ea070df5cd Merged r17061 from trunk to 3.4-stable (#27516) 
mercurial: separate command options and positional arguments with "--"

We don't have much problems here thanks to hgtarget(path) and CGI.escape(),
which prepends a repository path and encodes "=" character respectively, but
it's better to not rely on the side effect of these functions.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17067 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:15:56 +00:00
Toshi MARUYAMA
76dd10bd78 Merged r17060 from trunk to 3.4-stable (#27516) 
mercurial: reject malicious command argument

We've got a security report from the Phabricator team, which basically says
--config and --debugger arguments can be injected anywhere to lead to an
arbitrary command execution.

https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314

This is a fundamental issue of the argument parsing rules in Mercurial, which
allows extensions to populate their parsing rules and such extensions can be
loaded by "--config extensions.<name>=". There's a chicken and egg problem.
We're working on hardening the parsing rules, but which won't come in by
default as it would be a behavior change.

This patch adds a verification to reject malicious command arguments as a
last ditch. The subsequent patches will fix the problem in more appropriate
way.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17066 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:15:45 +00:00
Go MAEDA
033fca8535 Merged r17027 to 3.4-stable (#26410). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17028 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-11-25 15:35:32 +00:00
Jean-Philippe Lang
3ad5324ffd Merged r17003 and r17004. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@17005 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-10-15 19:51:13 +00:00
Toshi MARUYAMA
5192f0a755 Merged r16948 from trunk to 3.4-stable (#26645) 
git: remove "--no-color" option from "git --version" for git 2.14 compatibility.

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16949 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-08-08 06:22:49 +00:00
Jean-Philippe Lang
8d2d10b08a Merged r16825. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16826 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-07-16 18:08:02 +00:00
Jean-Philippe Lang
6e16ab0c60 Merged r16779. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16780 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-07-09 07:17:52 +00:00
Toshi MARUYAMA
2f23c70713 Merged r16736 from trunk to 3.4-stable (#26312). 
Remove duplicate notifiable require.

This duplication was introduced as part of r10909.

Contributed by Mischa The Evil.

git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16737 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-07-02 07:18:58 +00:00
Jean-Philippe Lang
094588ffc9 Merged r16727. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16728 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-28 20:14:53 +00:00
Jean-Philippe Lang
85131b5655 Merged r16721 (#7068). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16723 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-26 19:57:36 +00:00
Jean-Philippe Lang
f35b9a7968 Merged r16718 (#14790). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16719 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-26 19:31:25 +00:00
Jean-Philippe Lang
2f57af6f8f Set version to 3.4 stable. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.4-stable@16696 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-25 09:20:40 +00:00
Jean-Philippe Lang
7fd04e1f8d Update copyright. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16685 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-25 08:40:31 +00:00
Jean-Philippe Lang
7b6e6b9370 Removes plugins_path from configuration file (#24007). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16675 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-17 10:40:51 +00:00
Jean-Philippe Lang
ca1fbf1ea1 Render all possible inline textile images even if an invalid one exists (#26157). 
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16668 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-17 07:45:08 +00:00
Jean-Philippe Lang
5744bfc2c6 Removes duplicate shell_quote method (#26149). 
Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16667 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-17 07:42:54 +00:00
Toshi MARUYAMA
ce9edd07e3 gannt: not show %done if the field is disabled for the tracker (#25876) 
Contributed by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16663 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-15 04:14:58 +00:00
Jean-Philippe Lang
4d4f330b0c Highlight menu item when viewing an attachment (#25988). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16652 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-10 10:48:34 +00:00
Toshi MARUYAMA
06babbec7e remove is_binary_data? from String (#25563) 
git-svn-id: http://svn.redmine.org/redmine/trunk@16644 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-10 04:29:15 +00:00
Jean-Philippe Lang
7f4767418b Generate markup for uploaded image dropped into wiki-edit textarea (#26071). 
Patch by Felix Gliesche.

git-svn-id: http://svn.redmine.org/redmine/trunk@16643 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 21:01:45 +00:00
Jean-Philippe Lang
9b0fcdaf2b New permission: view news (#7068). 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16639 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 20:25:25 +00:00
Jean-Philippe Lang
b674e80128 New Permission: View Forum (#4866). 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16637 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 20:20:22 +00:00
Jean-Philippe Lang
f902860955 Link to user in wiki syntax (#4179). 
Patch by Marius BALTEANU.

git-svn-id: http://svn.redmine.org/redmine/trunk@16636 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 20:10:57 +00:00
Jean-Philippe Lang
52b9b9cb02 Use stored ref. to array holding supported languages symbols via a constant (#26055). 
Patch by Mischa The Evil.

git-svn-id: http://svn.redmine.org/redmine/trunk@16624 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-06 21:55:57 +00:00
Jean-Philippe Lang
9f5bd0c139 Pull-up retrieve_supported_languages private class method (#26055). 
Patch by Mischa The Evil.

git-svn-id: http://svn.redmine.org/redmine/trunk@16623 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-06 21:55:29 +00:00
Jean-Philippe Lang
6198bde366 Remove internal CodeRay scanners (#26055). 
Patch by Mischa The Evil.

git-svn-id: http://svn.redmine.org/redmine/trunk@16622 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-06 21:54:55 +00:00
Jean-Philippe Lang
8dca980a35 Make sure we can call #values. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16604 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-03 08:44:29 +00:00
Jean-Philippe Lang
4df797956d Errors#get is deprecated in Rails 5. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16595 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-01 21:30:39 +00:00
Jean-Philippe Lang
335a16e4fd Cusotom field label should not be associated to the first input (#25760). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16574 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-27 08:49:08 +00:00
Jean-Philippe Lang
8ba7b6a2b2 Highlight language aliases are no more supported (#25634). 
Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@16568 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-27 07:53:16 +00:00
Jean-Philippe Lang
0c90a19eb2 Updates for 3.3.3 release. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16532 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-09 08:28:03 +00:00
Jean-Philippe Lang
4f2c5a9945 Filter arbitrary class names and ids in rendered HTML output (#25503). 
* Disallow setting arbitrary classes and ids via Textile syntax
* Only allow valid/supported languages for syntax highlighted code blocks

Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@16502 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-06 16:41:52 +00:00
Jean-Philippe Lang
281b26e2f5 Helper methods to find out if a given language is supported (#25503). 
Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@16501 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-06 16:37:18 +00:00
Jean-Philippe Lang
99fa41011f Add kbd to ALLOWED_TAGS (#25503). 
Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@16500 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-06 16:34:52 +00:00
Jean-Philippe Lang
88a3a351d0 Don't hardcode the groups on My page. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16475 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-04 17:17:47 +00:00
Jean-Philippe Lang
5c7aaa4d1e Makes Attachments column available on the issue list (#25515). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16473 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-04 17:07:13 +00:00
Jean-Philippe Lang
ee84b6b24c Adds a rake task to update attachments digests to SHA256 (#25240). 
Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16455 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-03 11:38:06 +00:00
Toshi MARUYAMA
6139e0033a spelling fixes (#25495) 
git-svn-id: http://svn.redmine.org/redmine/trunk@16445 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-02 03:34:44 +00:00
Toshi MARUYAMA
14cfe2c67a git: use '--no-renames' option in 'show' command (#25371) 
git-svn-id: http://svn.redmine.org/redmine/trunk@16428 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-24 15:53:04 +00:00
Toshi MARUYAMA
47dff44278 Git 2.9 compatibility (#25371) 
git-svn-id: http://svn.redmine.org/redmine/trunk@16422 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-20 17:17:55 +00:00
Toshi MARUYAMA
064067fbf2 set "warning = false" for "rake test:scm:units" and "rake test:scm:functionals" 
git-svn-id: http://svn.redmine.org/redmine/trunk@16421 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-20 17:17:44 +00:00
Jean-Philippe Lang
23131d14f5 Use helper methods for rendering blocks. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16414 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-16 18:26:43 +00:00
Jean-Philippe Lang
4cfd513373 Allow multiple instances of custom queries on My page (#1565). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16413 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-16 18:02:43 +00:00
Jean-Philippe Lang
f828a985ae Let user display a custom query on "My page" (#1565). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16406 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-15 17:59:31 +00:00
Jean-Philippe Lang
8c7898bb5d Let user choose columns and sort order of issue lists on "My page" (#1565). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16400 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-14 18:18:19 +00:00
Jean-Philippe Lang
71d88e5535 Get rid of sort_helper when using queries. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16390 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-13 19:17:59 +00:00
Jean-Philippe Lang
b714c71402 Get the count by group from the query directly. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16387 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-09 20:01:01 +00:00
Jean-Philippe Lang
f338fe9075 Allow to set multiple values in emails for list custom fields (#16549). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16380 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-08 19:55:56 +00:00
Jean-Philippe Lang
2503731d3c Removes invalid attributes from gravatar img tag. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16372 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-05 08:55:13 +00:00