Package: collabtive / 2.0+dfsg-5~bpo70+1
Metadata
Package | Version | Patches format |
---|---|---|
collabtive | 2.0+dfsg-5~bpo70+1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
follow_symlinks_for_templates | (download) |
include/class.settings.php |
2 1 + 1 - 0 ! |
follow symbolic links when listing available templates The Debian package moves the templates to /etc, to allow the local administrator to add his own. This needs Collabtive to be able to follow the symlinks. |
admins_can_edit_any_project | (download) |
include/initfunctions.php |
8 8 + 0 - 0 ! |
allow administrative users to edit any project Without this patch, all projects are listed, but clicking on any of them yields a "not your project" access denied error. |
check_if_already_installed | (download) |
install.php |
17 16 + 1 - 0 ! |
fix install.php so it does not require to be disabled The upstream-supplied install.php can be a huge security risk. We had disabled it, but it does importantly reduce ease of installation. This patch re-enables it, but does some sanity checks to avoid a rogue user disrupting the site. |
specify_paths_in_install_templates | (download) |
templates/standard/install1.tpl |
6 3 + 3 - 0 ! |
display full pathnames in the install.php requirements Debian-specific patch: The installer complains regarding permissions of certain files. In Debian, those files are not restricted to Collabtive's directory, but are spread all over the filesystem So the user should be prompted with the full pathname. |
smarty3_compatibility | (download) |
init.php |
6 6 + 0 - 0 ! |
changes needed for smarty 3.x compatibility The Debian package providing Smarty 2.x has just been dropped, in favor of the updated 3.x series. This version is much stricter. This patch implements the needed changes for it to be used. Note that Collabtive's sources still ship with Smarty 2.x included - Our binary package disables it. |
plugin_disclaimer | (download) |
templates/standard/install3.tpl |
6 5 + 1 - 0 ! |
add a disclaimer mentioning debian does not endorse the propietary collabtive plugins |
check_existence_before_fetch | (download) |
include/class.company.php |
16 10 + 6 - 0 ! |
makes sure a query has items before iterating over it If a query yields no results and we proceed to iterate over it, the returned object will be empty and PHP will die with an error such as this one: . PHP Fatal error: Call to a member function fetch() on a non-object in /usr/share/collabtive/www/include/class.milestone.php on line 527, referer: http://localhost/collabtive/index.php . This patch ensures there are items to iterate before beginning to do so. |
fix_sql_inj_getprojectfolders | (download) |
include/class.datei.php |
2 1 + 1 - 0 ! |
fix a sql injection vulnerability in project.datei.php CVE-2014-3246 (Debian bug #748828) mentions a SQL injection vulnerability due a not properly sanitized input variable. |
fix_quoting_in_translations | (download) |
language/al/lng.conf |
2 1 + 1 - 0 ! |
fix quoting omissions on several languages My browser's Javascript console gives me the following warning when using the Spanish translation, both on my installation and in your demo site: . SyntaxError: unterminated string literal "Seleccione un valor valido para \"%FIELDNAME%\, por favor.""; . I fixed this wrong quote, and added escapes to all quoting characters in other locales. |
skip_getupdate | (download) |
index.php |
19 0 + 19 - 0 ! |
skip checks for updated package versions As this is a Debian-provided package, checking the upstream site for new releases is not the expected way to get updates. Apt-get is. |
fix_having_clauses | (download) |
include/class.milestone.php |
2 1 + 1 - 0 ! |
fix erroneous use of `having' clauses Following up this bug report: . http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=13178&sid=2d54503049b4dd323fc7751c7f51f8a6 . The use of HAVING in queries where no aggregate functions are executed is wrong, and makes MySQL return an error message. The most visible effect is the loss of two of the tabs in the main view ("dashboard accordion"). |