Permalink
Browse files

Merge branch 'master' of github.com:mantisbt/mantisbt

  • Loading branch information...
2 parents 60c216d + b8b4134 commit b4ce7d195e675df4056043ed120c08625eddefcc @grangeway grangeway committed Oct 19, 2013
View
@@ -76,6 +76,8 @@
#============ Permissions ============
auth_ensure_user_authenticated();
+auth_reauthenticate();
+
current_user_ensure_unprotected();
html_page_top( lang_get( 'account_link' ) );
@@ -153,6 +155,11 @@
<span class="label-style"></span>
</div>
<div class="field-container">
+ <label for="password" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'current_password' ) ?></span></label>
+ <span class="input"><input id="password-current" type="password" name="password_current" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" /></span>
+ <span class="label-style"></span>
+ </div>
+ <div class="field-container">
<label for="password" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'password' ) ?></span></label>
<span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" /></span>
<span class="label-style"></span>
View
@@ -55,6 +55,8 @@
require_api( 'user_api.php' );
require_api( 'utility_api.php' );
+auth_reauthenticate();
+
form_security_validate('account_update');
auth_ensure_user_authenticated();
@@ -63,6 +65,7 @@
$f_email = gpc_get_string( 'email', '' );
$f_realname = gpc_get_string( 'realname', '' );
+$f_password_current = gpc_get_string( 'password_current', '' );
$f_password = gpc_get_string( 'password', '' );
$f_password_confirm = gpc_get_string( 'password_confirm', '' );
@@ -109,7 +112,11 @@
if ( $f_password != $f_password_confirm ) {
trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
} else {
- if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
+ if ( !auth_does_password_match( $t_user_id, $f_password_current ) ) {
+ trigger_error( ERROR_USER_CURRENT_PASSWORD_MISMATCH, ERROR );
+ }
+
+ if ( !auth_does_password_match( $t_user_id, $f_password ) ) {
user_set_password( $t_user_id, $f_password );
$t_password_updated = true;
}
@@ -777,8 +777,6 @@ function mc_issue_add( $p_username, $p_password, $p_issue ) {
email_new_bug( $t_issue_id );
- error_log("Status is " . $t_bug_data->status . ", default is " . config_get('bug_submit_status'));
-
if ( $t_bug_data->status != config_get('bug_submit_status') )
history_log_event($t_issue_id, 'status', config_get('bug_submit_status') );
View
@@ -4249,4 +4249,4 @@
# Temporary variables should not remain defined in global scope
-unset( $t_protocol, $t_host, $t_hosts, $t_port, $t_self, $t_path, $t_use_iis );
+unset( $t_protocol, $t_host, $t_hosts, $t_port, $t_self, $t_path );
View
@@ -181,17 +181,9 @@ function __autoload( $className ) {
if ( strlen( $GLOBALS['g_mantistouch_url'] ) > 0 && mobile_is_mobile_browser() ) {
$t_url = sprintf( $GLOBALS['g_mantistouch_url'], $GLOBALS['g_path'] );
- if ( OFF == $g_use_iis ) {
- header( 'Status: 302' );
- }
-
header( 'Content-Type: text/html' );
- if ( ON == $g_use_iis ) {
- header( "Refresh: 0;$t_url" );
- } else {
- header( "Location: $t_url" );
- }
+ header( "Location: $t_url" );
exit; # additional output can cause problems so let's just stop output here
}
View
@@ -289,6 +289,7 @@
define( 'ERROR_USER_REAL_NAME_INVALID', 809 );
define( 'ERROR_USER_BY_NAME_NOT_FOUND', 810 );
define( 'ERROR_USER_BY_ID_NOT_FOUND', 811 );
+define( 'ERROR_USER_CURRENT_PASSWORD_MISMATCH', 812 );
# ERROR_AUTH_*
define( 'ERROR_AUTH_INVALID_COOKIE', 900 );
View
@@ -264,7 +264,8 @@ function email_collect_recipients( $p_bug_id, $p_notify_type, $p_extra_user_ids_
WHERE bug_id=" . db_param();
$t_result = db_query_bound( $t_query, array( $p_bug_id ) );
- while( $t_user_id = db_result( $t_result ) ) {
+ while( $t_row = db_fetch_array( $t_result ) ) {
+ $t_user_id = $t_row['user_id'];
$t_recipients[$t_user_id] = true;
log_event( LOG_EMAIL_RECIPIENT, sprintf( 'Issue = #%d, add Monitor = @U%d', $p_bug_id, $t_user_id ) );
}
@@ -283,8 +284,8 @@ function email_collect_recipients( $p_bug_id, $p_notify_type, $p_extra_user_ids_
FROM $t_bugnote_table
WHERE bug_id = " . db_param();
$t_result = db_query_bound( $t_query, array( $p_bug_id ) );
-
- while( $t_user_id = db_result( $t_result ) ) {
+ while( $t_row = db_fetch_array( $t_result ) ) {
+ $t_user_id = $t_row['reporter_id'];
$t_recipients[$t_user_id] = true;
log_event( LOG_EMAIL_RECIPIENT, sprintf( 'Issue = #%d, add Note Author = @U%d', $p_bug_id, $t_user_id ) );
}
View
@@ -351,6 +351,7 @@ $s_email_label = 'E-mail';
$s_password = 'Password';
$s_no_password_change = 'The password is controlled by another system, hence cannot be edited here.';
$s_confirm_password = 'Confirm Password';
+$s_current_password = 'Current Password';
$s_access_level = 'Access Level';
$s_access_level_label = 'Access Level';
$s_update_user_button = 'Update User';
@@ -1590,6 +1591,7 @@ $MANTIS_ERROR[ERROR_AUTH_INVALID_COOKIE] = 'The login information stored by your
$MANTIS_ERROR[ERROR_USER_PREFS_NOT_FOUND] = 'Preferences could not be found for this user.';
$MANTIS_ERROR[ERROR_NEWS_NOT_FOUND] = 'News item not found.';
$MANTIS_ERROR[ERROR_USER_CREATE_PASSWORD_MISMATCH] = 'Password does not match verification.';
+$MANTIS_ERROR[ERROR_USER_CURRENT_PASSWORD_MISMATCH] = 'Current password is incorrect.';
$MANTIS_ERROR[ERROR_GPC_ARRAY_EXPECTED] = 'An array was expected but a string was received for %1$s.';
$MANTIS_ERROR[ERROR_GPC_ARRAY_UNEXPECTED] = 'A string was expected but an array was received for %1$s.';
$MANTIS_ERROR[ERROR_GPC_NOT_NUMBER] = 'A number was expected for %1$s.';
@@ -50,6 +50,8 @@ sleep 10
# trigger installation
curl --data "install=2&hostname=localhost&db_username=${DB_USER}&db_type=${DB}&db_password=&database_name=bugtracker&admin_username=${DB_USER}&admin_password=" http://localhost/admin/install.php
+echo " \$g_crypto_master_salt='1234567890abcdef'; " | sudo tee -a config_inc.php
+
# create the first project
if [ $DB = 'mysql' ]; then
mysql -e "INSERT INTO mantis_project_table(name, inherit_global) VALUES('First project', 1)" bugtracker

0 comments on commit b4ce7d1

Please sign in to comment.