Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-03-26 06:10:51 +01:00
Code Issues Packages Projects Releases Activity
12,302 Commits 35 Branches 228 Tags
3.2.9
Commit Graph

511 Commits

Author SHA1 Message Date
Toshi MARUYAMA
02a2ca8c04 Merged r17062 from trunk to 3.2-stable (#27516) 
mercurial: work around faulty parsing of early command options

Use -sVALUE and --long=VALUE instead of "-s VALUE" and "--long VALUE"
respectively.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@17076 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:22:44 +00:00
Toshi MARUYAMA
3481b49a1a Merged r17060 from trunk to 3.2-stable (#27516) 
mercurial: reject malicious command argument

We've got a security report from the Phabricator team, which basically says
--config and --debugger arguments can be injected anywhere to lead to an
arbitrary command execution.

https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314

This is a fundamental issue of the argument parsing rules in Mercurial, which
allows extensions to populate their parsing rules and such extensions can be
loaded by "--config extensions.<name>=". There's a chicken and egg problem.
We're working on hardening the parsing rules, but which won't come in by
default as it would be a behavior change.

This patch adds a verification to reject malicious command arguments as a
last ditch. The subsequent patches will fix the problem in more appropriate
way.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@17074 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:22:22 +00:00
Jean-Philippe Lang
93d78771c6 Merged r16622 to r16625 (#26055). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16631 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 19:35:35 +00:00
Jean-Philippe Lang
b64f8b4de9 Merged r16500 to r16503 (#25503). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16524 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-08 07:47:09 +00:00
Jean-Philippe Lang
c2eb894f67 Merged r16059, r16060, r16064, r16072. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16107 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 16:09:28 +00:00
Jean-Philippe Lang
b5fddf0950 Merged r15846 (#23841). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15868 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-10-02 10:12:56 +00:00
Jean-Philippe Lang
e35c8f7e2e Merged r15607 (#23246). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15615 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-10 07:47:07 +00:00
Jean-Philippe Lang
4566ac1ee9 Merged r15539 and r15550 (#23067). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15558 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-18 10:16:51 +00:00
Jean-Philippe Lang
ee408687c6 Merged r15431 to r15435 (#22924, #22925, #22926). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15441 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:25:12 +00:00
Jean-Philippe Lang
3b3478b8a3 Merged r15429 (#22911). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15439 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:19:27 +00:00
Jean-Philippe Lang
b2131b3245 Merged r15238. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15239 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 10:41:37 +00:00
Jean-Philippe Lang
cb38ee0e35 Adds a test for #21202 (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14867 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-11 07:39:09 +00:00
Jean-Philippe Lang
868d949f47 Reverts r14812 (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14863 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-11 07:34:15 +00:00
Jean-Philippe Lang
c6283d7ce5 Fixed that less-than sign is not escaped by textile formatter (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14812 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-07 10:20:57 +00:00
Jean-Philippe Lang
f29aa17f1b Fixed that #l_hours_short shows 2 h (#21069). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14766 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-30 08:56:19 +00:00
Jean-Philippe Lang
68c192064a Set locale in tests (#21060). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14748 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-25 09:05:39 +00:00
Jean-Philippe Lang
2f51dc11cf Adds Enumeration custom field format (#21060). 
Similar to List format but stores possible values as records.

git-svn-id: http://svn.redmine.org/redmine/trunk@14745 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-25 08:32:47 +00:00
Jean-Philippe Lang
540053eb82 Missing fixtures. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14714 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-20 18:38:29 +00:00
Jean-Philippe Lang
ebdfe41cff Add debug info for random test failure. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14669 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-09 19:49:54 +00:00
Jean-Philippe Lang
cf86eae6bb Reset current user to prevent random test failures. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14645 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-04 22:22:25 +00:00
Jean-Philippe Lang
42238a74f4 Display all versions in query filter (#19271). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14623 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-09-26 08:12:44 +00:00
Jean-Philippe Lang
49604a3bae Table renders wrong if a trailing space is after | symbol (#18223). 
Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@14611 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-09-20 11:02:01 +00:00
Jean-Philippe Lang
5fffbdc016 CSV importer raises I18n::InvalidLocale exception if current user's language is "(auto)" (#905, #20535). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14504 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-08-15 09:19:12 +00:00
Jean-Philippe Lang
c88ecf0e93 Markdown formatter not running on rake test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14317 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-16 18:30:30 +00:00
Jean-Philippe Lang
e911ce7cb4 Remove style tags from html body (#15716). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14315 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-16 18:23:25 +00:00
Jean-Philippe Lang
3ae42cb326 Better handle html-only emails (#16962). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14313 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-15 21:16:42 +00:00
Jean-Philippe Lang
3077ed8d3a Add BOM to UTF-8 encoded CSV (#7037). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14303 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-13 07:55:30 +00:00
Jean-Philippe Lang
09356f4e67 Can't apply textile modifiers to 1 non-ASCII character (#19995). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14295 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-06 07:15:55 +00:00
Jean-Philippe Lang
c4374cb960 Email addresses with slashes are not linked correctly (#19735). 
Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@14237 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-05-08 07:03:00 +00:00
Jean-Philippe Lang
4a6b784d14 Don't use current user locale to format dates (#19039). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13978 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-02-08 09:34:48 +00:00
Jean-Philippe Lang
d347fd4d39 link_to in Redmine::Hook::ViewListener omits relative url root (#19024). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13960 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-02-07 07:32:25 +00:00
Toshi MARUYAMA
98683d0097 fix tests (#13120) 
git-svn-id: http://svn.redmine.org/redmine/trunk@13910 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-18 18:00:38 +00:00
Toshi MARUYAMA
4dfc0f04ad add missing fixture to Redmine::Hook::ManagerTest 
git-svn-id: http://svn.redmine.org/redmine/trunk@13898 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-18 14:05:27 +00:00
Jean-Philippe Lang
d85f73a30d Upgrade to Rails 4.2.0 (#14534). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13892 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-17 17:02:55 +00:00
Jean-Philippe Lang
000124f44f Copyright update. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13872 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-11 09:09:50 +00:00
Jean-Philippe Lang
3fcd683e6b Force UTF-8 encoding of language names. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13807 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-26 11:38:52 +00:00
Jean-Philippe Lang
31a60c252e Set en locale in test (#18679). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13789 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-21 21:24:46 +00:00
Jean-Philippe Lang
b8a586c475 Fixed: LabelledFormBuilder#label outputs 2 label elements (#18679). 
Patch by Masato NODA.

git-svn-id: http://svn.redmine.org/redmine/trunk@13786 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-21 20:19:39 +00:00
Jean-Philippe Lang
b1d2312dbf Make sure that themes are reloaded after test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13777 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-20 14:33:17 +00:00
Jean-Philippe Lang
c6e8f537bd Removes test menu item after test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13773 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-20 13:42:57 +00:00
Jean-Philippe Lang
64fea07aff Support for named route in project menu and a new :permission option (#6426). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13765 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-14 21:46:53 +00:00
Jean-Philippe Lang
ef5ff1630a Textile: ignore invalid lang attribute values (#18501). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13677 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-30 14:55:03 +00:00
Jean-Philippe Lang
dacae57a38 Gantt unit tests cleanup. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13673 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-30 13:28:53 +00:00
Jean-Philippe Lang
1316f6b491 Removed some test contexts. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13647 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-23 20:39:16 +00:00
Jean-Philippe Lang
2a43f1adbc Quote values in DOM selectors for Nokogiri compatibility. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13619 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-20 19:38:40 +00:00
Jean-Philippe Lang
c12ba8a76c Fixed that URLs separated by line break are not rendered as links (#18349). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13592 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-14 20:18:09 +00:00
Jean-Philippe Lang
2d1866d966 Merged rails-4.1 branch (#14534). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13482 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-10-22 17:37:16 +00:00
Jean-Philippe Lang
c4484a40c0 Use relative URL for thumbnails according to :only_path option (#18119). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13451 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-10-18 10:14:17 +00:00
Jean-Philippe Lang
6bdef3ca64 Ignore locales without :general_lang_name key (#18110). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13450 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-10-18 09:07:51 +00:00
Toshi MARUYAMA
7e88c2a990 add missing fixtures to Redmine::VersionFieldFormatTest 
git-svn-id: http://svn.redmine.org/redmine/trunk@13385 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-09-12 13:39:58 +00:00