Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-10 07:16:03 +01:00
Code Issues Packages Projects Releases Activity
12,660 Commits 35 Branches 222 Tags
b37e19e4158ead9990cb15d26ffb38984bd4a2ce
Commit Graph

513 Commits

Author SHA1 Message Date
Toshi MARUYAMA
5a2c8f57a7 Merged r17062 from trunk to 3.3-stable (#27516) 
mercurial: work around faulty parsing of early command options

Use -sVALUE and --long=VALUE instead of "-s VALUE" and "--long VALUE"
respectively.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@17072 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:19:39 +00:00
Toshi MARUYAMA
feb8c98e1b Merged r17060 from trunk to 3.3-stable (#27516) 
mercurial: reject malicious command argument

We've got a security report from the Phabricator team, which basically says
--config and --debugger arguments can be injected anywhere to lead to an
arbitrary command execution.

https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314

This is a fundamental issue of the argument parsing rules in Mercurial, which
allows extensions to populate their parsing rules and such extensions can be
loaded by "--config extensions.<name>=". There's a chicken and egg problem.
We're working on hardening the parsing rules, but which won't come in by
default as it would be a behavior change.

This patch adds a verification to reject malicious command arguments as a
last ditch. The subsequent patches will fix the problem in more appropriate
way.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@17070 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:19:13 +00:00
Jean-Philippe Lang
49108983cb Merged r16622 to r16625 (#26055). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@16630 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 19:35:27 +00:00
Jean-Philippe Lang
ec59ffc8f3 Merged r16500 to r16503 (#25503). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@16523 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-08 07:45:20 +00:00
Jean-Philippe Lang
5dd1fe1345 Merged r16059, r16060, r16064, r16072. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@16106 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 16:02:38 +00:00
Jean-Philippe Lang
c6e20372fd Merged r15846 (#23841). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15867 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-10-02 10:12:19 +00:00
Jean-Philippe Lang
0b67170baf Merged r15607 (#23246). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15614 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-10 07:46:52 +00:00
Jean-Philippe Lang
1f79610fdc Merged r15536 and r15541 (#23083). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15560 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-18 10:18:40 +00:00
Jean-Philippe Lang
5169055276 Merged r15539 and r15550 (#23067). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15557 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-18 10:16:43 +00:00
Jean-Philippe Lang
748fd10893 Merged r15501 to r15508 (#15880). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15513 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-12 05:50:26 +00:00
Jean-Philippe Lang
8c09e330d4 Merged r15431 to r15435 (#22924, #22925, #22926). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15440 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:24:45 +00:00
Jean-Philippe Lang
961c0e0de9 Merged r15429 (#22911). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15438 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:19:20 +00:00
Jean-Philippe Lang
8cbfeddeb0 Child nodes should only be rendered if the user is actually authorized to see them (#15880). 
Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@15393 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-05-08 06:48:36 +00:00
Jean-Philippe Lang
64afa24a7f Replaces acts_as_list with an implementation that handles #position= (#12909). 
Objects are reordered using the regular attribute writer #position= and AR callbacks.

git-svn-id: http://svn.redmine.org/redmine/trunk@15335 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-04-17 06:57:20 +00:00
Jean-Philippe Lang
25eb92c0dc Text in the "removed" part of a diff is double-escaped (#22115). 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@15287 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-26 10:20:10 +00:00
Jean-Philippe Lang
cda9c63d9c Updates copyright for 2016. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15238 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 10:30:10 +00:00
Toshi MARUYAMA
c9730d077b output what language fails at test_number_to_human_size_for_each_language 
git-svn-id: http://svn.redmine.org/redmine/trunk@15187 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-04 15:32:21 +00:00
Jean-Philippe Lang
cb38ee0e35 Adds a test for #21202 (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14867 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-11 07:39:09 +00:00
Jean-Philippe Lang
868d949f47 Reverts r14812 (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14863 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-11 07:34:15 +00:00
Jean-Philippe Lang
c6283d7ce5 Fixed that less-than sign is not escaped by textile formatter (#6969). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14812 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-07 10:20:57 +00:00
Jean-Philippe Lang
f29aa17f1b Fixed that #l_hours_short shows 2 h (#21069). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14766 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-30 08:56:19 +00:00
Jean-Philippe Lang
68c192064a Set locale in tests (#21060). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14748 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-25 09:05:39 +00:00
Jean-Philippe Lang
2f51dc11cf Adds Enumeration custom field format (#21060). 
Similar to List format but stores possible values as records.

git-svn-id: http://svn.redmine.org/redmine/trunk@14745 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-25 08:32:47 +00:00
Jean-Philippe Lang
540053eb82 Missing fixtures. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14714 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-20 18:38:29 +00:00
Jean-Philippe Lang
ebdfe41cff Add debug info for random test failure. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14669 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-09 19:49:54 +00:00
Jean-Philippe Lang
cf86eae6bb Reset current user to prevent random test failures. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14645 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-04 22:22:25 +00:00
Jean-Philippe Lang
42238a74f4 Display all versions in query filter (#19271). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14623 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-09-26 08:12:44 +00:00
Jean-Philippe Lang
49604a3bae Table renders wrong if a trailing space is after | symbol (#18223). 
Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@14611 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-09-20 11:02:01 +00:00
Jean-Philippe Lang
5fffbdc016 CSV importer raises I18n::InvalidLocale exception if current user's language is "(auto)" (#905, #20535). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14504 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-08-15 09:19:12 +00:00
Jean-Philippe Lang
c88ecf0e93 Markdown formatter not running on rake test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@14317 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-16 18:30:30 +00:00
Jean-Philippe Lang
e911ce7cb4 Remove style tags from html body (#15716). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14315 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-16 18:23:25 +00:00
Jean-Philippe Lang
3ae42cb326 Better handle html-only emails (#16962). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14313 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-15 21:16:42 +00:00
Jean-Philippe Lang
3077ed8d3a Add BOM to UTF-8 encoded CSV (#7037). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14303 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-13 07:55:30 +00:00
Jean-Philippe Lang
09356f4e67 Can't apply textile modifiers to 1 non-ASCII character (#19995). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14295 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-06-06 07:15:55 +00:00
Jean-Philippe Lang
c4374cb960 Email addresses with slashes are not linked correctly (#19735). 
Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@14237 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-05-08 07:03:00 +00:00
Jean-Philippe Lang
4a6b784d14 Don't use current user locale to format dates (#19039). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13978 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-02-08 09:34:48 +00:00
Jean-Philippe Lang
d347fd4d39 link_to in Redmine::Hook::ViewListener omits relative url root (#19024). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13960 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-02-07 07:32:25 +00:00
Toshi MARUYAMA
98683d0097 fix tests (#13120) 
git-svn-id: http://svn.redmine.org/redmine/trunk@13910 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-18 18:00:38 +00:00
Toshi MARUYAMA
4dfc0f04ad add missing fixture to Redmine::Hook::ManagerTest 
git-svn-id: http://svn.redmine.org/redmine/trunk@13898 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-18 14:05:27 +00:00
Jean-Philippe Lang
d85f73a30d Upgrade to Rails 4.2.0 (#14534). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13892 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-17 17:02:55 +00:00
Jean-Philippe Lang
000124f44f Copyright update. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13872 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-11 09:09:50 +00:00
Jean-Philippe Lang
3fcd683e6b Force UTF-8 encoding of language names. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13807 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-26 11:38:52 +00:00
Jean-Philippe Lang
31a60c252e Set en locale in test (#18679). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13789 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-21 21:24:46 +00:00
Jean-Philippe Lang
b8a586c475 Fixed: LabelledFormBuilder#label outputs 2 label elements (#18679). 
Patch by Masato NODA.

git-svn-id: http://svn.redmine.org/redmine/trunk@13786 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-21 20:19:39 +00:00
Jean-Philippe Lang
b1d2312dbf Make sure that themes are reloaded after test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13777 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-20 14:33:17 +00:00
Jean-Philippe Lang
c6e8f537bd Removes test menu item after test. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13773 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-20 13:42:57 +00:00
Jean-Philippe Lang
64fea07aff Support for named route in project menu and a new :permission option (#6426). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13765 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-12-14 21:46:53 +00:00
Jean-Philippe Lang
ef5ff1630a Textile: ignore invalid lang attribute values (#18501). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13677 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-30 14:55:03 +00:00
Jean-Philippe Lang
dacae57a38 Gantt unit tests cleanup. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13673 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-30 13:28:53 +00:00
Jean-Philippe Lang
1316f6b491 Removed some test contexts. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13647 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2014-11-23 20:39:16 +00:00