| ../irclogs/#mantishelp.2009-06-26.log | ||
| --- scribe started --- | 00:00 | |
| ToffeePops | Hi, For our mantis users, 'developers' can see private issues, 'updaters' cannot. Cool. So normally if a developer raises a private issue, an updater will not be able to see it. | 00:14 |
|---|---|---|
| ToffeePops | But if an updater raises an issue and the administrator decides to change the category and mark the issue private (wants the issue to be no longer visible to updaters), should the updater that originally raised the call still be able to see it? | 00:14 |
| CIA-18 | Mantisbt: hickseydr * r5242a870ae53 /account_prefs_update.php: admin_site_threshold not needed to update prefs | 04:26 |
| siebrand | hola. Where'd the repo go (again)? | 07:40 |
| dhx_m | ah it's dead again? | 07:43 |
| dhx_m | was going to do some work :D | 07:43 |
| siebrand | dhx_m: same here; want to push L10n updates | 07:50 |
| mantisbot | New bug: Bug 10627 - dhx - open - assigned | 09:36 |
| mantisbot | New bug: Ensure all forms use CSRF protection - http://www.mantisbt.org/bugs/view.php?id=10627 | 09:36 |
| CIA-18 | Mantisbt: hickseydr * r13939d6549d8 / (.gitignore core.php): Deprecate use of custom_constant_inc.php | 09:39 |
| nuclear_eclipse | morning all | 12:37 |
| dhx_m | hey | 12:42 |
| dhx_m | this CSRF stuff is not going to be easy to fix | 12:49 |
| nuclear_eclipse | why not? | 12:50 |
| dhx_m | because the form code is not purged when an error is encountered at the target script | 12:50 |
| nuclear_eclipse | that's the whole point :P | 12:51 |
| dhx_m | so you can have lots of form codes lingering around per user for up to 3 days | 12:51 |
| nuclear_eclipse | that doesn't need fixing -- that's all by design... | 12:51 |
| dhx_m | yeah I understand the reason why it isn't purged straight off the bat | 12:51 |
| dhx_m | I take it that it is OK for a user to have loads of forgotten form codes then? | 12:51 |
| nuclear_eclipse | yep | 12:52 |
| dhx_m | ok | 12:52 |
| dhx_m | well in that case I'm about 50% through fixing all instances of <form> to have a form security field attached | 12:53 |
| dhx_m | no idea why this wasn't done before... easy work for big gains :) | 12:53 |
| nuclear_eclipse | do note that not all forms need csrf | 12:53 |
| dhx_m | any form that modifies data would though I guess | 12:54 |
| nuclear_eclipse | only forms that result in some sort of actual destructive/secure change to the system | 12:54 |
| dhx_m | yep | 12:54 |
| nuclear_eclipse | eg, filters form doesn't need csrf | 12:54 |
| dhx_m | yep | 12:54 |
| nuclear_eclipse | k | 12:54 |
| dhx_m | yeah if it was done for filters you'd probably end up caching a LOT of unused codes ;) | 12:55 |
| nuclear_eclipse | and it probably never happened because I had about 10 million other things on my plate and never got past the initial rollout in order to take care of the initial security issues | 12:56 |
| nuclear_eclipse | eg, like creating users with admin privileges | 12:56 |
| nuclear_eclipse | well, assuming that filters would rarely "error", it would purge most of the codes, but it would be extra work on the server for no reason | 12:57 |
| nuclear_eclipse | but anywho... | 12:58 |
| nuclear_eclipse | any work you do for this should definitely go into 1.2, and likely 1.1 if it ports easily | 12:59 |
| nuclear_eclipse | considering that CSRF prevention *is* a security issue :P | 12:59 |
| dhx_m | ok | 12:59 |
| dhx_m | yep | 12:59 |
| dhx_m | we could release 1.1.9 after these fixes are made | 13:00 |
| nuclear_eclipse | probably | 13:00 |
| dhx_m | I doubt there are going to be any other obvious security problems... I'm looking as I go | 13:00 |
| nuclear_eclipse | thankfully, these days we have automated scripts for building a full release :P | 13:00 |
| dhx_m | nice :) | 13:01 |
| nuclear_eclipse | yeah, that's the mantisbt-dev.git repo btw, nothing but external scripts for building docbooks, building releases, checking language strings, etc | 13:01 |
| dhx_m | cool | 13:02 |
| dhx_m | btw any reason the CSRF timeout is a whopping 3 days? | 13:02 |
| dhx_m | in case someone takes 3 days to fill out a form? :p | 13:02 |
| nuclear_eclipse | yep | 13:02 |
| dhx_m | I'd hope that user isn't running Windows ME then... :D | 13:03 |
| nuclear_eclipse | Start a form friday right before end of working hours, and the form token is still valid monday morning when you get back in to work | 13:03 |
| dhx_m | hmmm not a bad idea I suppose | 13:04 |
| nuclear_eclipse | yeah, I'm good like that ;) | 13:04 |
| nuclear_eclipse | and modest, to boot! | 13:05 |
| dhx_m | someone has obviously been caught out with expiring CSRF tokens before on a form that took a long time to fill in :p | 13:05 |
| dhx_m | haha | 13:05 |
| dhx_m | well I'll be back in about an hour | 13:05 |
| nuclear_eclipse | ok, cheers | 13:05 |
| dhx_m | this branch I'm making will be quite funny because I'm averaging 4 lines of really code per hour | 13:06 |
| nuclear_eclipse | lol | 13:06 |
| dhx_m | -really | 13:06 |
| dhx_m | just doing it in spare seconds | 13:06 |
| dhx_m | anyhow, brb :) | 13:06 |
| [KK]Kirill | hi all | 13:21 |
| nuclear_eclipse | howdy | 13:24 |
| [KK]Kirill | nice | 13:25 |
| [KK]Kirill | what's new? | 13:25 |
| mantisbot | New bug: Bug 10628 - klugmantisadmin - open - new | 13:27 |
| mantisbot | New bug: Lost Password feature does not send eMail - http://www.mantisbt.org/bugs/view.php?id=10628 | 13:27 |
| nuclear_eclipse | not much | 13:30 |
| [KK]Kirill | who know where siebrand? | 14:20 |
| [KK]Kirill | I don't see some days | 14:21 |
| dhx_m | [KK]Kirill: he came in here a few hours ago to complain about git being offline :p | 14:23 |
| nuclear_eclipse | dhx_m: did you break something? | 15:33 |
| dhx_m | nuclear_eclipse: oh :o | 15:37 |
| dhx_m | nuclear_eclipse: what happened? | 15:37 |
| dhx_m | nuclear_eclipse: custom_constant_inc.php no longer exists in 1.3? :p | 15:37 |
| nuclear_eclipse | getting a whole bunch of errors regarding user_get_field... | 15:39 |
| * nuclear_eclipse pastes | 15:39 | |
| nuclear_eclipse | http://mantis.pastebin.com/d4952e1a4 | 15:39 |
| dhx_m | OOOPS | 15:40 |
| nuclear_eclipse | WHAT DID YOU DO?! | 15:40 |
| nuclear_eclipse | OMG, HE'S DYING!!!!11 | 15:41 |
| dhx_m | lol | 15:41 |
| CIA-18 | Mantisbt: hickseydr * r06f0cfba5dd6 /core/user_api.php: Missing parameter to user_get_field | 15:43 |
| dhx_m | how embarassing... you | 15:43 |
| dhx_m | you'd think I didn't test that one first lol | 15:43 |
| dhx_m | just goes to show you have to test even the simplest things | 15:44 |
| nuclear_eclipse | dhx_m: it's only, we'll only make fun of you for a few days :P | 15:45 |
| dhx_m | lol | 15:45 |
| mantisbot | New bug: Bug 10629 - najina - open - new | 17:03 |
| mantisbot | New bug: Related to 9576 - http://www.mantisbt.org/bugs/view.php?id=10629 | 17:03 |
| paul_ | moo | 17:26 |
| nuclear_eclipse | howdy | 17:27 |
| paul_ | so how am i spending my weekend | 17:27 |
| paul_ | dhx_m: i think you might miss the point of the bug | 17:31 |
| nuclear_eclipse | paul_: finish fixing SOAP API? | 17:32 |
| dhx_m | paul_: ? | 17:32 |
| paul_ | hi | 17:32 |
| paul_ | nuclear_eclipse: could do | 17:32 |
| dhx_m | hey | 17:32 |
| paul_ | your list mail | 17:32 |
| dhx_m | isn't the problem that he's getting a history of 400+ modifications of the bug sent to him? | 17:33 |
| paul_ | I thouhgt the problem might be we allow users to limit bugnotes | 17:34 |
| paul_ | and iirc specify the order | 17:34 |
| paul_ | therefore, if you limit it to 5 with oldest first | 17:34 |
| paul_ | what happens? ;/ | 17:34 |
| paul_ | iirc, the limit or order thing was broken and got fixed | 17:34 |
| paul_ | I might be wrong here | 17:35 |
| nuclear_eclipse | yeah, I fixed that | 17:35 |
| dhx_m | I'm confused now :p | 17:35 |
| dhx_m | I'll leave it up to you :D | 17:35 |
| paul_ | nooononoo | 17:35 |
| dhx_m | haha | 17:35 |
| paul_ | dhx_m: you can configure how many bugnotes | 17:35 |
| paul_ | you get in email notifications | 17:35 |
| dhx_m | oh you already can... oops :) | 17:35 |
| paul_ | dhx_m: you can also configure newest/oldest first | 17:35 |
| paul_ | therefore | 17:35 |
| paul_ | if you configure a limit of 10 and oldest first | 17:35 |
| nuclear_eclipse | however, you can't specify a limit on history entries... | 17:36 |
| paul_ | you'd potentially get the '2006 issues' and not see the newest bugnote | 17:36 |
| paul_ | I see | 17:36 |
| dhx_m | ah good, so I wasn't wrong :p | 17:36 |
| nuclear_eclipse | and no | 17:36 |
| nuclear_eclipse | you'll always get the X latest bugnotes | 17:36 |
| paul_ | does mantis feel faster? | 17:36 |
| nuclear_eclipse | regardless of order you request, you'll always get the latest bugnotes | 17:36 |
| nuclear_eclipse | they'll just show in a different order | 17:37 |
| nuclear_eclipse | the real problem with receiving notifications for 4286 is the absolutely gigantic history log associated with it... | 17:37 |
| paul_ | :) | 17:37 |
| * paul_ downloads php5.3.0 final | 17:38 | |
| nuclear_eclipse | which is something I've been investigating changing -- perhaps to match the setting of how many bugnotes you receive | 17:38 |
| nuclear_eclipse | eg, if you ask for only the five latest bugnotes, you should only get history entries starting from the first bugnote in the set that you receive | 17:39 |
| nuclear_eclipse | so, eg, if the last five bugnotes were posted in may, then you'd only receive history entries from may forward | 17:39 |
| nuclear_eclipse | any thoughts from you two on that idea? | 17:41 |
| CIA-18 | Mantisbt: s.mazeland * rf180b7a71b12 / (21 files in 4 dirs): Localisation updates from http://translatewiki.net (2009-06-26 07:29 UTC) | 17:43 |
| CIA-18 | Mantisbt: s.mazeland * rbbc99b420bf0 / (4 files in 2 dirs): Merge branch 'master' of git://mantisbt.org/mantisbt | 17:43 |
| paul_ | nuclear_eclipse: I defer | 17:43 |
| siebrand | can someone please merge rf180b7a71b12 into the 1.2 branch? | 17:45 |
| paul_ | sure ask nuclear_eclipse :) | 17:45 |
| nuclear_eclipse | siebrand: got it | 17:46 |
| dhx_m | bug #10000 lol | 17:46 |
| mantisbot | Bug 10000 - anusha - open - new | 17:46 |
| mantisbot | How to get users list in "Assigned To" field - http://www.mantisbt.org/bugs/view.php?id=10000 | 17:46 |
| dhx_m | someone attached a screenshot inside a powerpoint presentation | 17:47 |
| CIA-18 | Mantisbt: s.mazeland master-1.2.x * rf198b1ce4baa / (21 files in 4 dirs): Localisation updates from http://translatewiki.net (2009-06-26 07:29 UTC) | 17:47 |
| nuclear_eclipse | dhx_m: facepalm | 17:47 |
| dhx_m | I'm triaging old stuff at the moment | 17:47 |
| nuclear_eclipse | I swear, everytime I see someone attach a "screenshot" insed of a word or powerpoint document, I was to reach through the internet and make sure that person can never reproduce | 17:47 |
| paul_ | :) | 17:48 |
| paul_ | so erm | 17:48 |
| dhx_m | lol | 17:48 |
| paul_ | whats the plan now | 17:48 |
| paul_ | work on mantis1.2.1 | 17:48 |
| paul_ | :) | 17:48 |
| paul_ | new features! | 17:48 |
| nuclear_eclipse | no, work on mantis 1.2.0 | 17:48 |
| dhx_m | shouldn't 1.2.x only contain bug fixes? | 17:48 |
| nuclear_eclipse | we haven't officially released 1.2 yet :P | 17:48 |
| dhx_m | 1.3.x for features? | 17:48 |
| paul_ | we've not named our next release yet | 17:49 |
| dhx_m | I'll have a 1.1.9 :p | 17:49 |
| paul_ | could make a soap client | 17:49 |
| paul_ | for mantis | 17:49 |
| dhx_m | something to help us test SOAP would be great | 17:49 |
| paul_ | 26th june today | 17:50 |
| paul_ | what time is it in amercia atm? | 17:51 |
| nuclear_eclipse | 1:51pm here | 17:51 |
| dhx_m | paul_: bug #9996... DESTROY all meta refresh! | 17:52 |
| mantisbot | Bug 9996 - nuscly - open - new | 17:52 |
| mantisbot | Error 500 in apache when creating a new bug or updating a bug status / file : bug_update.php - http://www.mantisbt.org/bugs/view.php?id=9996 | 17:52 |
| paul_ | hmm? | 17:52 |
| dhx_m | meta refresh = bad | 17:52 |
| paul_ | no | 17:52 |
| dhx_m | yep, we should send a 302 response instead | 17:52 |
| nuclear_eclipse | no | 17:53 |
| paul_ | you dont want to fiddle | 17:53 |
| paul_ | you really dont | 17:53 |
| nuclear_eclipse | we use meta refreshes for specific purposes | 17:53 |
| nuclear_eclipse | we use 302's for everything else | 17:53 |
| dhx_m | well I haven't looked into it too much... ah ok | 17:53 |
| dhx_m | that's fine :) | 17:53 |
| dhx_m | I thought it was widespread | 17:53 |
| dhx_m | ... just scraping for things to do | 17:53 |
| nuclear_eclipse | meta refreshes provide a delay for making the page auto-refresh, eg, my view page | 17:53 |
| nuclear_eclipse | and tbh, I don't want to know what that guy is doing to cause that error... | 17:54 |
| dhx_m | lol | 17:54 |
| paul_ | resolve | 17:54 |
| paul_ | not a bug | 17:54 |
| paul_ | btw, we doing rc1 at a slightly bad time | 17:55 |
| nuclear_eclipse | why's that? | 17:55 |
| paul_ | php5.3.0 is tuesday | 17:55 |
| paul_ | so new 3rd party libs | 17:55 |
| nuclear_eclipse | I don't see how that could mean rc1 is at a bad time? | 17:56 |
| nuclear_eclipse | we're not going to rely on 5.3 features... | 17:56 |
| nuclear_eclipse | afk | 17:56 |
| nuclear_eclipse | back | 17:58 |
| nuclear_eclipse | thought I was gonna have to go to a meeting... | 17:59 |
| nuclear_eclipse | hi giallu | 18:09 |
| CIA-18 | Mantisbt: paul * rb20a43a76a5a /library/ (89 files in 7 dirs): Update adodb to 5.09a | 18:22 |
| nuclear_eclipse | paul_: does that adodb update fix anything that would be important to have in 1.2? | 18:40 |
| paul_ | probably not | 18:46 |
| mantisbot | New bug: Bug 10630 - darthmal - open - new | 18:53 |
| mantisbot | New bug: Mantis successfully installed on mubuntu 192.168.0.31 - http://www.mantisbt.org/bugs/view.php?id=10630 | 18:53 |
| paul_ | ? | 18:53 |
| paul_ | hi giallu | 20:00 |
| eqnerd | hi all...so I'm a bit confused, there's this wiki page (http://www.mantisbt.org/wiki/doku.php/mantisbt:issue_voting_requirements?s=vote) claiming that voting exists and is done, and yet I don't see any of the database tables, configs, etc, and there seems to be no "here, it's a module/plugin" text, or "check it out in release ____"....anyone have any ideas? | 22:19 |
| paul_ | dhx_m: you gone? | 23:06 |
Generated by irclog2html.py