40413The issue list fiter "Watched by" only dereferences "watched by group" for "me" valueWhen using the @<< me >>@ value for the "Watched by" filter on the issue list, group memberships will be dereferenced and issues the user watches via groups will be show in the results (if the user has @view_issue_watchers@ permission, see #40412).
Group memberships however will not be considered for this filter when using named users for the value of the filter. Groups memberships should also be applied for named users.
Note: This also means that using this filter with @<< me >>@ will produce different results for a user than when the user selects herself In the list.0false1932024-03-15T21:20:32Z2024-03-15T21:20:32Z40412Issue list filter "Watched by: me" only shows issues watched via group for projects with the view_issue_watchers permissionWhen using the "Watched by: me" filter on the issue list, the filtered list will show all issues the current user is directly watching. The filtered list will also show issues watched via a group membership, but only for issues in a project the user has the @view_issue_watchers@ permission.0false1932024-03-15T21:16:52Z2024-03-15T21:16:52Z40410Watcher groups on new issue form get dereferenced on validation errorWhen creating a new issue, selecting a group as a watcher and causing a validation error (for example leave the subject blank), all users of the group will be selected in addition to the initially selected group.
This test shows the problem:
<pre><code class="diff">
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index cce8ddc625..fb401c701d 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -4778,6 +4778,25 @@ class IssuesControllerTest < Redmine::ControllerTest
assert_select 'input[name=?][value="8"][checked=checked]', 'issue[watcher_user_ids][]'
end
+ def test_post_create_with_failure_should_not_dereference_group_watchers
+ @request.session[:user_id] = 1
+ post(
+ :create,
+ :params => {
+ :project_id => 5,
+ :issue => {
+ :tracker_id => 1,
+ :watcher_user_ids => ['11']
+ }
+ }
+ )
+ assert_response :success
+
+ # The group's user was not explicitely selected
+ assert_select 'input[name=?][value="8"][checked=checked]', 'issue[watcher_user_ids][]', 0
+ assert_select 'input[name=?][value="11"][checked=checked]', 'issue[watcher_user_ids][]', 1
+ end
+
def test_post_create_should_ignore_non_safe_attributes
@request.session[:user_id] = 2
assert_nothing_raised do
</code></pre>
(Please note: The test above the one proposed in the diff uses the @:not(checked)@ pseudo-selector, this however does not seem to work as expected)0false2024-03-15T21:04:35Z2024-03-15T21:04:35Z40403Subtasks of all levels are shown in the parent issueThis thing is better shown by an example.
Given we have three issues: issue 1 which is a parent issue; issue 2, subtask of issue 1; and issue 3, subtask of issue 2.
In this situation, when I go to issue 1, I expect to see only issue 2 as its subtask, but I see two subtasks, issues 2 and 3. If I go to issue 2, everything is correct: I see issue 1 as parent and issue 3 as subtask.
It would be nice to separate direct subtasks from subtasks of other levels.0false1862024-03-14T20:51:05Z2024-03-14T20:51:05Z40389Missing fixture: add :groups_users fixture to Redmine::ApiTest::UsersTestHello
The new test "GET /users.json with legacy filter params" in @Redmine::ApiTest::UsersTest@ is failing if we run it alone.
We should add the fixture "groups_users" in the users_test.rb file.0false2024-03-12T11:51:10Z2024-03-14T16:49:36Z40362Autocomplete double hash keep system test failsIn latest versions of Redmine (5.0.8 and 5.1.2) the system test 'test_inline_autocomplete_for_issues_with_double_hash_keep_syntax' fails for no '.tribute-container' section is found0false1922024-03-07T16:40:16Z2024-03-07T16:40:16Z40348Parent Task field not available in Import issues screenHi,
I'm having troubles when importing issues. I make an import of 5 tasks. Then, I assign those task to several subtasks in a CSV file as Parent Tasks, basically to import all subtasks in this second step.
However, when importing, the field "Parent Task" doesn't appear in the list, so I can't make . Parent TaskField is active in the corresponding tracker. I test it in 2 different instances (4.2.2. and 5.1.2.), and they have the same problem. I can't find a configuration for this, is there someting that I'm missing? Many txs!
(sorry, my instance is in spanish. The field name in spanish for "Parent Task" is "Tarea Padre", and is not there)
!clipboard-202403051849-2kdqp.png!
0false1932024-03-05T21:55:39Z2024-03-05T21:55:39Z40347Mismatching main project and subprojectI was trying to create new subprojects by first creating a new main project and then adding the subprojects to it. Initially, everything seemed to work fine. However, later on, I noticed that some of the newly created projects, along with their subprojects, were being placed under existing projects. Eventually, the projects tab became rearranged, and all of the projects were mismatched. It's important to mention that all the project settings are correctly aligned with their respective subprojects. Now I'm stuck and unable to reverse the process or proceed with it. I've also restarted my server, but the issues persist. Please help.0false2024-03-05T19:23:50Z2024-03-05T19:23:50Z40323Filter for tracker doesn't display choiceHello,
I have an issue on Redmine 5.1.1, on the issues page, when I want to applicate filter, for example "Tracker", it doesn't display the list of tracker, so it's impossible de filter and applied.
!clipboard-202402281041-sdhdf.png!
Here is my Redmine installation :
nvironment:
Redmine version 5.1.1.stable
Ruby version 3.1.2-p20 (2022-04-12) [x86_64-linux-gnu]
Rails version 6.1.7.6
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Circle (includes JavaScript)
SCM:
Git 2.39.2
Filesystem
Redmine plugins:
additionals 3.2.0-main
redmine_agile 1.6.8
redmine_checklists 3.1.23
redmine_ckeditor 1.2.4
redmine_contacts 4.4.0
redmine_contacts_helpdesk 4.2.2
redmine_issue_view_columns 2.0.3
redmine_lightbox 1.0.2
redmine_people 1.6.5
redmine_reporter 2.0.4
redmineup_tags 2.0.13
Regards.0false1912024-02-28T09:42:08Z2024-02-28T14:11:42Z40310Open Wiki Syntax quick reference in a modalBased on the work done in #40137, I'm wondering if it is a good ideea to open the quick reference in a jQuery modal instead of the current implementation.
Current:
!{height:500px; border: 1px solid grey;}Screenshot%202024-02-26%20at%2001.16.02.png!
Modal:
!{height:500px;}Screenshot%202024-02-26%20at%2001.17.23.png!
0false2024-02-25T23:18:54Z2024-02-25T23:18:54Z40303Design of the code block in the issue list block column is brokenI believe the following incorrect css is being applied to the code block in the issue list block column.
https://www.redmine.org/projects/redmine/repository/svn/entry/branches/5.1-stable/public/stylesheets/application.css#L293
<pre><code class="css">
table.issues td.block_column span {font-weight: bold; display: block; margin-bottom: 4px;}
table.issues td.block_column pre {white-space:normal;}
</code></pre>
For example:
https://redmine.org/projects/redmine/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=issue_id&op%5Bissue_id%5D=%3D&v%5Bissue_id%5D%5B%5D=40014&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=updated_on&c%5B%5D=category&group_by=&c%5B%5D=description&t%5B%5D=
!clipboard-202402231722-kyavh.png!0false1912024-02-23T08:23:05Z2024-02-23T08:23:05Z40301Issue - New version: Error when create a version with custom field of "File" typeFollowing this path:
Open existing issue -> Edit -> Target Version -> Create new one with green button.
I have a "File" custom field that is not required but when i try to save version after enter the name, the system say me that the custom field is not valid.
I try to delete it and create another one but i obtain the same error ( only with "File" custom field ).
System informations:
Environment:
Redmine version 5.1.0.stable
Ruby version 3.0.2-p107 (2021-07-07) [x86_64-linux-gnu]
Rails version 6.1.7.6
Environment production
SCM:
Mercurial 6.1.1
Git 2.34.1
Filesystem
Redmine plugins:
redmine_dmsf 3.1.30false1762024-02-22T14:17:32Z2024-03-13T04:37:48Z40298Regarding databaseMysql database is not working0false192024-02-22T06:19:47Z2024-02-22T13:16:43Z40297Projects Quick Search includes Favorite Projects and Recently Used above search resultsProjects Quick Search includes Favorite Projects and Recently Used above search results. The real search results may appear on the very bottom of the results.0false1912024-02-21T14:33:09Z2024-02-21T14:33:09Z40276Following issues dates do no update when non-working days are updated.When updating the non-working days administrative option, extant issues set as "Following" do not have their start and due dates updated to reflect the change in non-working days.
To test:
0. Have the system configured as non-working days: Saturday, Sunday
1. Create an issue to be completed on Thursday.
2. Create an issue that Follows the previous issue, with 0 days' delay (which means that this issue will be done the next day, e.g. Friday)
3. Ensure that in fact, the new issue is correctly set to start and be due on Friday.
4. In `Administration -> Settings -> Issue tracking -> Non-working days` change the setting to Friday, Saturday.
5. Return to the "Following" issue.
Expected results:
The "Following" issue should have its start and due dates set to the next Sunday.
What actually happens:
The "Following" issues' start and due dates have not been updated.
Note that removing the Following relationship and putting it back does in fact set the correct start and due dates (e.g. to Sunday).
```
Environment:
Redmine version 5.1.1.stable
Ruby version 3.2.3-p157 (2024-01-18) [x86_64-linux]
Rails version 6.1.7.6
Environment production
Database adapter PostgreSQL
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Default
SCM:
Subversion 1.14.2
Mercurial 6.3.2
Bazaar 3.3.2
Git 2.39.2
Filesystem
Redmine plugins:
no plugin installed
```0false1912024-02-20T01:44:12Z2024-02-20T01:44:12Z40249Clear filter option is not working properlywhile clicking clear filter button , status check box is not cleared0false1902024-02-18T07:51:27Z2024-02-26T20:02:20Z40215422 Invalid form authenticity token.Error 422 Invalid form authenticity token is poping when accessing redmine from a different subnet.0false1552024-02-08T17:20:47Z2024-02-08T17:20:47Z40189about packaging and distribution on fedoraWe would like to package redmine for the fedora distribution, however we hace not found information in the sources about the licenses with the distribution is allowed.0false1912024-02-03T04:04:57Z2024-02-03T06:23:00Z40121InvalidCrossOriginRequest exception raised by automated pentests or malicous userh2. Problem
When an automated pentest or a malicous user requests for example:
<pre>
https://<your-domain>.tld/projects/autocomplete.js
</pre>
the following exception will be raised:
<pre>
An ActionController::InvalidCrossOriginRequest occurred in projects#autocomplete:
Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
</pre>
*Note:* Any other url containing *.js will raise this exception.
All currently supported versions of Redmine are affected.
h2. Solution
The solution is to rescue from ActionController::InvalidCrossOriginRequest.
The attached patch file fix_invalid_cross_origin_request_exception.patch gives an example how to do that. A test is also included.0false1912024-01-24T11:58:52Z2024-01-29T14:03:23Z40100User ordering by name is incorrect for french language
by example in user list to pick for ticket assignement users with accentuated characters don't follow natural french ordering.
It should normalize name with accentuated characters like éè to correponding non accenutated letter prior of ordering.
when the list is very long it can lead to the false impression that user is not registered.
in redmine : Claire < Clovis < Clément < Constantin < Cyril < Céline
while we would expect : Céline (Celine) < Claire < Clément (Clement) < Clovis < Constantin < Cyril 0false2024-01-23T14:33:10Z2024-02-08T10:02:02Z40086500 Internal Server Error: undefined method `is_closed?'Started GET "/issues/11925"
[3375]: ActionView::Template::Error (undefined method `is_closed?' for nil:NilClass):
[3375]: 1: <%= render :partial => 'action_menu' %>
[3375]: 2:
[3375]: 3: <h2 class="inline-flex"><%= issue_heading(@issue) %></h2>
[3375]: 4: <%= issue_status_type_badge(@issue.status) %>
[3375]: 5: <% if @issue.is_private? %>
[3375]: 6: <span class="badge badge-private private"><%= l(:field_is_private) %></span>
[3375]: 7: <% end %>0false2024-01-20T13:47:59Z2024-01-29T04:33:23Z40052Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_idThere is a warning comming probably from CustomFieldEnumerationsController#update_each_params:
<pre><code class="ruby">
Current user: admin (id=1)
CustomField Load (0.1ms) SELECT "custom_fields".* FROM "custom_fields" WHERE "custom_fields"."id" = ? LIMIT ? [["id", 2], ["LIMIT", 1]]
↳ app/controllers/custom_field_enumerations_controller.rb:66:in `find_custom_field'
Unpermitted parameters: :utf8, :_method, :authenticity_token, :commit, :custom_field_id # <--- WARNING!
TRANSACTION (0.1ms) begin transaction
↳ app/models/custom_field_enumeration.rb:57:in `block (2 levels) in update_each'
</code></pre>
Transmitted params are:
<pre><code class="ruby">
Started PUT "/custom_fields/2/enumerations" for 192.168.3.25 at 2024-01-12 14:36:41 +0100
Processing by CustomFieldEnumerationsController#update_each as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"RN//3j3QMblduDEe326nLo63fbre28/fL091OexG097Qb9Mn5dEsyYUZNhVnX//KBz7QR1sJQ9XT5eBsx2YCZw==", "custom_field_enumerations"=>{"1"=>{"position"=>"0", "name"=>"Wert 1", "active"=>"1"}, "2"=>{"position"=>"1", "name"=>"Wert 2", "active"=>"1"}, "3"=>{"position"=>"2", "name"=>"Wert 3", "active"=>"1"}}, "commit"=>"Speichern", "custom_field_id"=>"2"}
</code></pre>
<pre><code class="ruby">
# CustomFieldEnumerationsController#update_each_params
def update_each_params
# params.require(:custom_field_enumerations).permit(:name, :active, :position) does not work here with param like this:
# "custom_field_enumerations":{"0":{"name": ...}, "1":{"name...}}
params.permit(:custom_field_enumerations => [:name, :active, :position]).require(:custom_field_enumerations)
end
</code></pre>
0false1892024-01-12T13:50:01Z2024-01-14T01:47:46Z40011Email receiving problem closed issue is #39931 I'm sorry, but the following problem appeared. Everything is specified correctly in the configuration.yml file, the correct login and password were created specifically for this in the Active Directory (checked). Shown in the UGFzc3dvcmQ6 bug is the Base 64 encrypted word "Password". The fact is that in configuration.yml this parameter is indicated correctly as below (for confidentiality, some data has been changed). There are no screens between the Redmine and Postfix (there are no restrictions here either) servers; they are on the same subnet.
specific configuration options for production environment
that overrides the default ones
production:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: My IP
port: 587
domain: x.com
authentication: :login
user_name: redmine@x.com
password: NAdsfjghsdk
enable_starttls_auto: true
I even wrote these parameters in the configuration.yml file
to view the logs it showed that there were no problems
openssl_verify_mode: none
logger: true
Even on the mail server side, everything is fine in the logs.
Based on the Postfix and Amavis logs you provided, it appears that emails from redmine@x.com are actually being accepted and processed by your mail server.
DKIM Verification: There are records indicating that emails from redmine@x.com pass DKIM (DomainKeys Identified Mail) verification. This is a good sign, since DKIM is an important part of sender authentication.
Amavis Processing: Amavis, a content filtering system for mail servers, processes messages and marks them as "CLEAN". This means that the emails do not contain viruses and are not considered spam.
Transfer to Postfix: Emails are successfully transferred back to Postfix for further processing and delivery.
Letter delivery: There are records of letters being queued for delivery and being successfully delivered. For example, lines with queued as 4SzMqV30PRz8JwW7 and status=sent (delivered via dovecot service) indicate that the delivery process is successful.
But the error still appears.
Please share your knowledge. Maybe I'm doing something wrong?
!clipboard-202401080054-7gvnj.png!
!clipboard-202401080054-l8uer.png!
0false1782024-01-07T20:59:55Z2024-01-31T09:22:30Z39893Password reset is not possibleHello, I'm trying to reset my password, but I don't get any email with a reset option.0false2023-12-20T15:36:43Z2023-12-24T15:30:16Z39883Edge-cases in link parsing of links nested inside nested bracketsThere seems to be an/some obscure, edge-case defect(s) in the link parsing of links nested inside nested brackets (both parentheses and square brackets).
Some examples:
# txt1 (txt "txt":https://www.example.org ("txt":https://www.example.net))
** <pre>txt1 (txt "txt":https://www.example.org ("txt":https://www.example.net))</pre>
# txt2 (txt "txt":https://www.example.org ("txt":https://www.example.net) )
** <pre>txt2 (txt "txt":https://www.example.org ("txt":https://www.example.net) )</pre>
# txt3 (txt "txt":https://www.example.org ["txt":https://www.example.net])
** <pre>txt3 (txt "txt":https://www.example.org ["txt":https://www.example.net])</pre>
# txt4 (txt "txt":https://www.example.org ["txt":https://www.example.net] )
** <pre>txt4 (txt "txt":https://www.example.org ["txt":https://www.example.net] )</pre>
# txt5 (txt "txt":https://www.example.org ["txt":https://www.example.net]).
** <pre>txt5 (txt "txt":https://www.example.org ["txt":https://www.example.net]).</pre>
# txt6 (txt "txt":https://www.example.org ["txt":https://www.example.net]);
** <pre>txt6 (txt "txt":https://www.example.org ["txt":https://www.example.net]);</pre>
# txt7 (txt "txt":https://www.example.org ["txt":https://www.example.net]...)
** <pre>txt7 (txt "txt":https://www.example.org ["txt":https://www.example.net]...)</pre>
# txt8 (txt "txt":https://www.example.org ["txt":https://www.example.net]... ).
** <pre>txt8 (txt "txt":https://www.example.org ["txt":https://www.example.net]... ).</pre>
# txt9 (txt "txt":https://www.example.org ["txt":https://www.example.net] );
** <pre>txt9 (txt "txt":https://www.example.org ["txt":https://www.example.net] );</pre>
From the nine examples given above, only no. 2, 4, 8 and 9 render proper, usable output. The others mangles the second link one way or another.
This was observed while writing #39881.
Given the rarity of these formattings I wonder if this deserves much attention so I'll set a low priority.
0false2023-12-20T02:51:28Z2023-12-20T02:52:27Z