Package: collabtive / 2.0+dfsg-5~bpo70+1

Metadata

Package Version Patches format
collabtive 2.0+dfsg-5~bpo70+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
follow_symlinks_for_templates | (download)

include/class.settings.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 follow symbolic links when listing available templates
 The Debian package moves the templates to /etc, to allow the local
 administrator to add his own. This needs Collabtive to be able to
 follow the symlinks.
admins_can_edit_any_project | (download)

include/initfunctions.php | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 
 allow administrative users to edit any project
 Without this patch, all projects are listed, but clicking on any of
 them yields a "not your project" access denied error.
check_if_already_installed | (download)

install.php | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

 
 fix install.php so it does not require to be disabled
 The upstream-supplied install.php can be a huge security risk. We had
 disabled it, but it does importantly reduce ease of
 installation. This patch re-enables it, but does some sanity checks
 to avoid a rogue user disrupting the site.
specify_paths_in_install_templates | (download)

templates/standard/install1.tpl | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 display full pathnames in the install.php requirements
 Debian-specific patch: The installer complains regarding permissions
 of certain files. In Debian, those files are not restricted to
 Collabtive's directory, but are spread all over the filesystem  So
 the user should be prompted with the full pathname.
smarty3_compatibility | (download)

init.php | 6 6 + 0 - 0 !
language/lt/lng.conf | 32 16 + 16 - 0 !
2 files changed, 22 insertions(+), 16 deletions(-)

 
 changes needed for smarty 3.x compatibility
 The Debian package providing Smarty 2.x has just been dropped, in
 favor of the updated 3.x series. This version is much stricter. This
 patch implements the needed changes for it to be used. Note that
 Collabtive's sources still ship with Smarty 2.x included - Our binary
 package disables it.
plugin_disclaimer | (download)

templates/standard/install3.tpl | 6 5 + 1 - 0 !
templates/standard/update.tpl | 7 6 + 1 - 0 !
2 files changed, 11 insertions(+), 2 deletions(-)

 
 add a disclaimer mentioning debian does not endorse the propietary collabtive plugins
check_existence_before_fetch | (download)

include/class.company.php | 16 10 + 6 - 0 !
include/class.datei.php | 49 31 + 18 - 0 !
include/class.message.php | 61 40 + 21 - 0 !
include/class.milestone.php | 88 52 + 36 - 0 !
include/class.mylog.php | 32 19 + 13 - 0 !
include/class.project.php | 69 46 + 23 - 0 !
include/class.roles.php | 20 14 + 6 - 0 !
include/class.search.php | 48 30 + 18 - 0 !
include/class.settings.php | 2 1 + 1 - 0 !
include/class.tags.php | 24 15 + 9 - 0 !
include/class.task.php | 83 54 + 29 - 0 !
include/class.tasklist.php | 59 39 + 20 - 0 !
include/class.timetracker.php | 52 33 + 19 - 0 !
include/class.user.php | 62 43 + 19 - 0 !
include/initfunctions.php | 5 4 + 1 - 0 !
managetimetracker.php | 11 8 + 3 - 0 !
16 files changed, 439 insertions(+), 242 deletions(-)

 
 makes sure a query has items before iterating over it
 If a query yields no results and we proceed to iterate over it, the
 returned object will be empty and PHP will die with an error such as
 this one:
 .
 PHP Fatal error:  Call to a member function fetch() on a non-object in /usr/share/collabtive/www/include/class.milestone.php on line 527, referer: http://localhost/collabtive/index.php
 .
 This patch ensures there are items to iterate before beginning to do so.
fix_sql_inj_getprojectfolders | (download)

include/class.datei.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix a sql injection vulnerability in project.datei.php
 CVE-2014-3246 (Debian bug #748828) mentions a SQL injection
 vulnerability due a not properly sanitized input variable.
fix_quoting_in_translations | (download)

language/al/lng.conf | 2 1 + 1 - 0 !
language/en/lng.conf | 10 5 + 5 - 0 !
language/es/lng.conf | 2 1 + 1 - 0 !
language/et/lng.conf | 2 1 + 1 - 0 !
language/gl/lng.conf | 6 3 + 3 - 0 !
language/tr/lng.conf | 4 2 + 2 - 0 !
6 files changed, 13 insertions(+), 13 deletions(-)

 
 fix quoting omissions on several languages
 My browser's Javascript console gives me the following warning when
 using the Spanish translation, both on my installation and in your
 demo site:
 .
 SyntaxError: unterminated string literal
 "Seleccione un valor valido para \"%FIELDNAME%\, por favor."";
 .
 I fixed this wrong quote, and added escapes to all quoting characters in other locales.
skip_getupdate | (download)

index.php | 19 0 + 19 - 0 !
1 file changed, 19 deletions(-)

 
 skip checks for updated package versions
 As this is a Debian-provided package, checking the upstream site for
 new releases is not the expected way to get updates. Apt-get is.
fix_having_clauses | (download)

include/class.milestone.php | 2 1 + 1 - 0 !
include/class.search.php | 14 7 + 7 - 0 !
include/class.tags.php | 4 2 + 2 - 0 !
include/class.task.php | 10 5 + 5 - 0 !
4 files changed, 15 insertions(+), 15 deletions(-)

 
 fix erroneous use of `having' clauses
 Following up this bug report:
 .
 http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=13178&sid=2d54503049b4dd323fc7751c7f51f8a6
 .
 The use of HAVING in queries where no aggregate functions are
 executed is wrong, and makes MySQL return an error message. The most
 visible effect is the loss of two of the tabs in the main view
 ("dashboard accordion").