Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Nov 15, 2011
  1. Christian Hammond

    Merge branch 'release-1.6.x'

    chipx86 authored
  2. Christian Hammond

    Release Review Board 1.6.3.

    chipx86 authored
  3. Christian Hammond
  4. Christian Hammond

    Release Review Board 1.5.7.

    chipx86 authored
  5. Christian Hammond

    Fix a comment vulnerability allowing scripts to be loaded.

    chipx86 authored
    Due to the way that comments were loaded in, it was possible to
    terminate a script and inject a new one while loading the diff viewer.
    This isn't believed to have been a problem in the wild, but is certainly
    an important one to fix.
    
    We now ensure that the text is escaped at the point where it's being fed
    into the JavaScript. It's no longer possible to inject scripts.
    
    Thanks to Damian Johnson for the heads up and for the fix that this
    change is based on.
    
    This will be going into 1.5.7 and 1.6.3 releases.
Commits on Nov 13, 2011
  1. Christian Hammond

    Fix the location that reviewboard.db is stored in when running prepar…

    chipx86 authored
    …e-dev.
    
    prepare-dev called into rb-site's sync_database, which changed to the
    'reviewboard' directory before running syncdb. This meant that the
    initial database would appear in the wrong place. Now we explicitly
    force it to be the correct directory before calling syncdb.
Commits on Nov 10, 2011
  1. Christian Hammond
  2. Christian Hammond

    Fix a critical issue causing the Django Evolution entries to be wiped.

    chipx86 authored
    Our evolution initial data logic depended on FileDiff.parent_diff being
    a valid database field. The recent addition of the diff
    consolidation/hashing code renamed this, causing that to fail. The
    consequence is that the evolution history got nuked.
    
    Update the field so we don't totally lose everything. Anyone who ran
    into this will need to recreate their DB from scratch. It should only
    affect developers on master.
  3. Christian Hammond

    Ensure creation of the ext directory for the docs media.

    chipx86 authored
    Like the standard install, we need to ensure that docs media has a ext
    directory. Use the same trick for a nearly empty directory.
  4. Christian Hammond

    Add a media/ext/ directory by default.

    chipx86 authored
    We weren't providing the media/ext/ directory on master, which caused
    Review Board to fail until it was provided. Now we create this directory
    by default and just populate it with a .gitignore.
  5. Christian Hammond

    Display the actual error when importing from settings.

    chipx86 authored
    If we failed to import reviewboard.settings in manage.py, we said there
    was an error but didn't say what it was. Now we show that.
  6. Christian Hammond

    Fix property usage on Python 2.5.

    chipx86 authored
    A recent change made use of @property.setter, but this doesn't work on
    2.5. Fix to explicitly use the property(_set, _get) syntax.
  7. Hongbin Lu Christian Hammond

    Fix a syntax error on Python 2.5 with the "with" statement.

    hongbin authored chipx86 committed
    The "with" statement is now being used, which doesn't work on Python 2.5
    without importing from __future__. This fixes this part of the unit
    tests on 2.5.
    
    Reviewed at http://http://reviews.reviewboard.org/r/2687/
  8. Christian Hammond

    Merge branch 'release-1.6.x'

    chipx86 authored
  9. Christian Hammond

    Release Review Board 1.6.2.

    chipx86 authored
  10. Christian Hammond

    Fix the filename for the "New Updates" favicon.

    chipx86 authored
    The .ico file for the "New Updates" was broken, causing some 404 Not
    Found errors. Somehow we had it under the wrong name. That's now fixed.
Commits on Nov 6, 2011
  1. Christian Hammond
  2. Christian Hammond

    Merge branch 'release-1.6.x'

    chipx86 authored
  3. Christian Hammond

    Make use of Djblets's new jquery templates.

    chipx86 authored
    Instead of hard-coding the paths to the jquery and jquery-ui scripts, we
    now use Djblets's new templates, allowing us to adopt any new version we
    use in Djblets, or hard-code a version for older releases.
  4. Christian Hammond

    Hard-code our jQuery and jQuery UI requirements for 1.6.

    chipx86 authored
    The versions of jQuery and jQuery UI will be updated in Djblets soon,
    but Review Board 1.6 isn't designed to work with those changes yet.
    Bundle custom jQuery templates to force the versions we need.
    
    We also now bundle the versions of jQuery specifically. Djblets will no
    longer be hosting this, and it'll be up to consumers of Djblets to
    supply the jQuery if they don't wish to use the Google-hosted versions.
  5. Christian Hammond

    Make use of Djblets's new jquery templates.

    chipx86 authored
    Instead of hard-coding the paths to the jquery and jquery-ui scripts, we
    now use Djblets's new templates, allowing us to adopt any new version we
    use in Djblets, or hard-code a version for older releases.
  6. Christian Hammond

    Merge branch 'release-1.6.x'

    chipx86 authored
  7. Christian Hammond
  8. Christian Hammond

    Fix the spinner image location for the admin news widget.

    chipx86 authored
    The spinner URL was using lower-case {{media_url}} and {{media_serial}}
    instead of {{MEDIA_URL}} and {{MEDIA_SERIAL}}, causing a 404 Not Found.
  9. Christian Hammond

    Be explicit in the permissions we expect for htdocs in new configs.

    chipx86 authored
    Some deployments disallow symlinks, breaking media, and are also a bit
    too permissive in what's displayed.
    
    We now turn off indexes and enable symlinks by default for all Apache
    configurations.
  10. Erik Johansson Christian Hammond

    Mark generated e-mails with 'auto-generated' according to RFC 3834.

    erijo authored chipx86 committed
    Set the header 'Auto-Submitted' according to RFC 3834 to hopefully avoid
    auto replies.
    
    Inspired by Bugzilla (Bugzilla/Mailer.pm).
    
    Reviewed at http://http://reviews.reviewboard.org/r/2681/
  11. Christian Hammond
  12. Dave Druska Christian Hammond

    Reduce diff storage by hashing diff uploads

    druska authored chipx86 committed
    Diff files that already exist in the database will no longer be
    double-stored. Diffs are now hashed on upload and correspond to a new
    hash->binary table.  Existing table data is not hashed and will remain
    for backwards compatibility. Evolutions have been made to create the new
    table and rename existing fields, so that model-logic can override
    fields. Test data has also been modified for new field name
    compatibility.
    
    Reviewed at http://http://reviews.reviewboard.org/r/2618/
  13. Christian Hammond

    Fix up some hooks to standardize things and reduce extension develope…

    chipx86 authored
    …r code.
    
    This simplifies our hooks a bit to work without having to subclass all
    hooks. They now take parameters for the default information. Subclasses
    can still be made to override the functions, but they're only needed if
    the returned data is more dynamic.
    
    Some of the hooks that would only inject one entry (navigation and
    dashboard hooks) can now inject several at once, further reducing
    developer code.
    
    As part of this, I've standardized some names. "title" to "label", and
    "uri" to "url". I've also removed the support for javascript: URLs,
    since modern browsers are phasing those out.
Commits on Nov 4, 2011
  1. David Trowbridge

    Add a workaround for a failure in the comment popup in IE

    davidt authored
    This is a workaround for a problem where popping up the comment reply box on the
    diff doesn't show a "Publish" button on IE8. I'm not totally sure about the
    cause of this but this workaround doesn't sacrifice too much functionality.
  2. Chris Tandiono David Trowbridge

    Fix hard-coded media URL.

    christandiono authored davidt committed
    The icon for "Expand all" didn't use MEDIA_PATH and MEDIA_SERIAL correctly.
    
    Fixes bug 2343.
Commits on Oct 20, 2011
  1. Christian Hammond

    Merge branch 'release-1.6.x'

    chipx86 authored
  2. Christian Hammond

    Move our stylesheets to lessCSS.

    chipx86 authored
    This updates all of our stylesheets to be .less files. In the process,
    I've cleaned up most of the rules to add some structure and, in some
    cases, added definitions for colors and other values.
    
    There's still a long ways to go here, but it's a good start and
    definitely makes things more manageable.
    
    Where it made sense, I renamed some classes in the HTML to make things
    more clear and organized.
    
    This will work perfectly fine on production installs or developer installs.
Commits on Oct 19, 2011
  1. David Trowbridge

    Don't crash when specifying bugs on a graphics/files-only review.

    davidt authored
    When a review request is created with no repository, specifying any bugs would
    cause an exception when we tried to look up the bug tracker regexp. This is a
    fix that was suggested on the bug by the reporter.
    
    Fixes bug 2333
Commits on Oct 16, 2011
  1. Christian Hammond

    Fix our calls to parseInt to provide a radix parameter.

    chipx86 authored
    Our JavaScript was calling parseInt without specifying a radix
    parameter. While browsers are pretty forgiving about this, it should be
    specified, and lintian checks require it.
Something went wrong with that request. Please try again.