Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • develop-next
  • 1.14.x
  • 1.12.x
  • master
  • 1.10.x
  • 1.11.x
  • 1.9.x
  • revert-3168-issue/2910
  • 1.8.x
  • 1.8.0.x
  • v1.14.1
  • v1.12.5
  • v1.14
  • v1.12.4
  • v1.14-rc2
  • v1.12.3
  • v1.14.-rc1
  • v1.14-rc1
  • v1.12.2
  • v1.12.1
  • v1.10.7
  • v1.12
  • v1.10.6
  • v1.11
  • v1.10.5
  • v1.11.0-rc1
  • v1.10.4
  • v1.10.3
  • v1.10.2
  • v1.10.1
31 results
Search by author
  • Any Author
  • Daniel Lyubomirov Daniel Lyubomirov daniel.lyubomirov
  • Georg C. F. Greve Georg C. F. Greve georg.greve
  • Georgi Todorov Georgi Todorov georgi.todorov
  • Ivan Vasilev Ivan Vasilev ivan.vasilev
  • Kalin Canov Kalin Canov kalin.canov
  • Kalin Daskalov Kalin Daskalov kalin.daskalov
  • Kristiyan Saparevski Kristiyan Saparevski kristiyan.saparevski
  • Lyuben Penkovski Lyuben Penkovski lyuben.penkovski
  • Petar Dobrinov Petar Dobrinov petar.dobrinov
  • Tancho Mihov Tancho Mihov tancho.mihov
  • Veselin Veselin veselin.gizdov
  • Zdravko Iliev Zdravko Iliev zdravko.iliev
  • deployagent deployagent deployagent
  • **** **** group_48_bot_17e6ea48a1a545e46221f6b39c26dd4a
14 authors
  1. Mar 10, 2015
  3. Mar 06, 2015
  5. Mar 05, 2015
  7. Mar 02, 2015
    • Jared Hancock's avatar
      Revert "filter: Fix filtering by list item properties" · 3331b720
      Jared Hancock authored 
      This partially reverts commit bff191b6.
The hasSpecialSearch() method can be retired in `develop-next` — NOT in the
`develop` branch
      3331b720
    • Jared Hancock's avatar
      oops: Fix corruption of thread body posted by collabs · b143ea6f
      Jared Hancock authored 
      If the system receives an email by a collaborator which has not yet been
added to the ticket (a friend of a friend — that is, a collaborator forwards
an email to a third-party), a header is added to the thread body something
like:

Received From: afriendofafriend@mycompany.tld

However, if the thread body is text and the HTML ticket thread is enabled,
then the text formatting hint will be lost and the body will be assumed as
HTML deeper inside the thread entry creation process. Therefore, the
whitespace inside the resulting thread entry will be collapsed.

This patch addresses the issue by maintaining the original format hint with
the thread body.
      b143ea6f
  9. Feb 27, 2015
  11. Feb 26, 2015
  13. Feb 18, 2015
  15. Feb 17, 2015
  17. Feb 16, 2015
  19. Feb 13, 2015
    • Jared Hancock's avatar
      oops: Fix pjax navigation issue on major panel links · f9547ed3
      Jared Hancock authored
      f9547ed3
    • Jared Hancock's avatar
      priority: Admin can elect the priority of each prio field · 30f56195
      Jared Hancock authored 
      This allows for multiple priority fields to specify differing defaults, and
it also allows for a selection of 'System Default' in the config, which
renders as 'Default' when rendered.

It also fixes up a couple PHP warnings about include/class.forms.php
      30f56195
    • Jared Hancock's avatar
      oops: Fix empty export in some cases · 979e4884
      Jared Hancock authored 
      If the ticket details form has an extra field of type "Priority Level"
(beyond the one built in), exports of tickets will be empty.

This patch addresses the issue in the exporter which uses an older version
of the custom data materialized view (__cdata table), which created separate
columns for selection and ID values. The current cdata system only creates a
single column and stores the ID value. It also addresses an issue where the
ID column was passed to the PriorityField::to_php() as the first argument.
      979e4884
  21. Feb 12, 2015
    • Jared Hancock's avatar
      thread: Fix a couple issues with email message-ids · ae603f80
      Jared Hancock authored 
        * Fix matching of collaborators on return emails. Previously the
    collaborator ID was used instead of the related user ID. Also, the 'C'
    user class (collaborator) was not handled in ::decodeMessageId()
  * Only send a reply separator for email related to a thread
  * Always generate a tag for the email message id. This will allow reply
    from the help desk administrator for the new ticket alert
      ae603f80
  23. Feb 11, 2015
    • Peter Rotich's avatar
      Merge pull request #1727 from greezybacon/issue/login-dos · ca79bd5c
      Peter Rotich authored 
      
login: Require CSRF token to login

Reviewed-By: default avatarPeter Rotich <peter@osticket.com>
      ca79bd5c
    • Jared Hancock's avatar
      oops: Fix truncated random data · ca970b2a
      Jared Hancock authored
      ca970b2a
    • Jared Hancock's avatar
      login: Require CSRF token to login · 504831fe
      Jared Hancock authored 
      This patch fixes a vulnerable scenario, where sequential login attempts can
be made without an existing session, and without a valid CSRF token. This
scenario lends itself well for brute force password attempts, because
attackers can avoid using a session and still send requests to determine if
a set of credentials are valid. This vector also avoids the authentication
lockout mechanism, because it requires an ongoing session to shutdown the
requests.

This patch addresses the issue by requiring a session and a valid CSRF token
generated by the server and placed in the session to be submitted with the
credentials. Therefore, an existing session and a Cookie header are required
to process a login attempt. Secondly, the CSRF token will be changed on the
server after each login processed. Therefore, for each session, a subsequent
GET request would be necessary before submitting another login attempt.
      504831fe
  25. Feb 10, 2015
  27. Feb 06, 2015
  29. Feb 03, 2015
  31. Feb 02, 2015