40490login page back_url always use http not httpsI hava a Redmine 5.1.2.stable executed in container, and I use Apache HTTPD to proxy https to http port 3000. Evertyhing is working perfect, but my webpage is scaned by system and get a "Site does not enforce HTTPS" issue.
It says my login URL's back_url is http, not https. But all my service is running in https URL. How can I solve this issue to be
https://redmine.XXX.com/login?back_url=https%3A%2F%2Fredmine.XXX.com%2F
not
https://redmine.XXX.com/login?back_url=http%3A%2F%2Fredmine.XXX.com%2F0false2024-03-28T03:56:29Z2024-03-28T07:32:08Z40488 Login page: the button 'Sign in' is displayed after clicking on the page*STR* :
* Open the login page
* Navigate to 'Sign in' button
* Click on the page on any place
*Result* :
The button 'Sign in' is displayed after clicking on the page according mockups
*Expected result:*
The button 'Sign in' is located on the page according to the mockups0false2024-03-27T19:09:20Z2024-03-27T19:09:20Z40449Add updated_on field in the issue journalWe would like to synchronize the redmine issues with our internal system via API.
For this purpose, we fetch the issues with:
<pre>
curl -H "X-Redmine-API-Key: secret" "https://domain.com/issues/58.json?include=children%2Cattachments%2Crelations%2Cchangesets%2Cjournals%2Cwatchers%2Callowed_statuses" -vv
</pre>
The journal is returned but we can't determine, which entry changed.
Therefore, it would be helpful to not only have the created_on but also the updated_on field.
The file app/views/issues/show.api.rsb needs an extra line at line 61:
...
api.created_on journal.created_on
*api.updated_on journal.updated_on*
api.private_notes journal.private_notes
...
0false1932024-03-25T13:52:42Z2024-03-25T13:53:55Z40448Accessing relations during issue destructionHello,
My goal is to propagate the deletion of an issue to change a custom field of the linked issue. So, I intercept the destruction of an issue.
I am encountering a problem with my script. During the destruction of an issue, I am unable to access the issue’s relations.
Is this a known and unsolvable problem due to the framework’s architecture, or am I just handling it very poorly?
Thank you in advance for your help.0false1922024-03-25T12:19:11Z2024-03-25T12:19:11Z40444The text on the location box isn't fully displayed after setting the text size on the device to XXL*Preconditions:*
The text size on the device is set to XXL
*Steps to reproduce:*
> > 1. Tap the "Weather icon".
> > 2. Swipe left to the "Weather location" page.
> > 3. Pay attention to the location box.
*Actual result:* The text on the location box isn't fully displayed after setting the text size on the device to XXL.
*Expected result:* The text on the location box is fully displayed after setting the text size on the device to XXL.0false242024-03-23T16:50:38Z2024-03-23T16:52:00Z40426Can't view on RedmineDear Team Supoort,
In my internal system there is a redmine system to serve users. I had a project 5 years ago. Now I have to trace the log as well as that ticket. I can still open that ticket but I cannot open the file. attach on that ticket, is this the redmine system that deletes itself or something like that? help me
Thanks0false2024-03-19T11:57:41Z2024-03-19T12:51:47Z40413The issue list fiter "Watched by" only dereferences "watched by group" for "me" valueWhen using the @<< me >>@ value for the "Watched by" filter on the issue list, group memberships will be dereferenced and issues the user watches via groups will be show in the results (if the user has @view_issue_watchers@ permission, see #40412).
Group memberships however will not be considered for this filter when using named users for the value of the filter. Groups memberships should also be applied for named users.
Note: This also means that using this filter with @<< me >>@ will produce different results for a user than when the user selects herself In the list.0false1932024-03-15T21:20:32Z2024-03-15T21:20:32Z40412Issue list filter "Watched by: me" only shows issues watched via group for projects with the view_issue_watchers permissionWhen using the "Watched by: me" filter on the issue list, the filtered list will show all issues the current user is directly watching. The filtered list will also show issues watched via a group membership, but only for issues in a project the user has the @view_issue_watchers@ permission.0false1932024-03-15T21:16:52Z2024-03-15T21:16:52Z40410Watcher groups on new issue form get dereferenced on validation errorWhen creating a new issue, selecting a group as a watcher and causing a validation error (for example leave the subject blank), all users of the group will be selected in addition to the initially selected group.
This test shows the problem:
<pre><code class="diff">
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index cce8ddc625..fb401c701d 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -4778,6 +4778,25 @@ class IssuesControllerTest < Redmine::ControllerTest
assert_select 'input[name=?][value="8"][checked=checked]', 'issue[watcher_user_ids][]'
end
+ def test_post_create_with_failure_should_not_dereference_group_watchers
+ @request.session[:user_id] = 1
+ post(
+ :create,
+ :params => {
+ :project_id => 5,
+ :issue => {
+ :tracker_id => 1,
+ :watcher_user_ids => ['11']
+ }
+ }
+ )
+ assert_response :success
+
+ # The group's user was not explicitely selected
+ assert_select 'input[name=?][value="8"][checked=checked]', 'issue[watcher_user_ids][]', 0
+ assert_select 'input[name=?][value="11"][checked=checked]', 'issue[watcher_user_ids][]', 1
+ end
+
def test_post_create_should_ignore_non_safe_attributes
@request.session[:user_id] = 2
assert_nothing_raised do
</code></pre>
(Please note: The test above the one proposed in the diff uses the @:not(checked)@ pseudo-selector, this however does not seem to work as expected)0false2024-03-15T21:04:35Z2024-03-15T21:04:35Z40403Subtasks of all levels are shown in the parent issueThis thing is better shown by an example.
Given we have three issues: issue 1 which is a parent issue; issue 2, subtask of issue 1; and issue 3, subtask of issue 2.
In this situation, when I go to issue 1, I expect to see only issue 2 as its subtask, but I see two subtasks, issues 2 and 3. If I go to issue 2, everything is correct: I see issue 1 as parent and issue 3 as subtask.
It would be nice to separate direct subtasks from subtasks of other levels.0false1862024-03-14T20:51:05Z2024-03-14T20:51:05Z40362Autocomplete double hash keep system test failsIn latest versions of Redmine (5.0.8 and 5.1.2) the system test 'test_inline_autocomplete_for_issues_with_double_hash_keep_syntax' fails for no '.tribute-container' section is found0false1922024-03-07T16:40:16Z2024-03-07T16:40:16Z40348Parent Task field not available in Import issues screenHi,
I'm having troubles when importing issues. I make an import of 5 tasks. Then, I assign those task to several subtasks in a CSV file as Parent Tasks, basically to import all subtasks in this second step.
However, when importing, the field "Parent Task" doesn't appear in the list, so I can't make . Parent TaskField is active in the corresponding tracker. I test it in 2 different instances (4.2.2. and 5.1.2.), and they have the same problem. I can't find a configuration for this, is there someting that I'm missing? Many txs!
(sorry, my instance is in spanish. The field name in spanish for "Parent Task" is "Tarea Padre", and is not there)
!clipboard-202403051849-2kdqp.png!
0false1932024-03-05T21:55:39Z2024-03-05T21:55:39Z40347Mismatching main project and subprojectI was trying to create new subprojects by first creating a new main project and then adding the subprojects to it. Initially, everything seemed to work fine. However, later on, I noticed that some of the newly created projects, along with their subprojects, were being placed under existing projects. Eventually, the projects tab became rearranged, and all of the projects were mismatched. It's important to mention that all the project settings are correctly aligned with their respective subprojects. Now I'm stuck and unable to reverse the process or proceed with it. I've also restarted my server, but the issues persist. Please help.0false2024-03-05T19:23:50Z2024-03-05T19:23:50Z40323Filter for tracker doesn't display choiceHello,
I have an issue on Redmine 5.1.1, on the issues page, when I want to applicate filter, for example "Tracker", it doesn't display the list of tracker, so it's impossible de filter and applied.
!clipboard-202402281041-sdhdf.png!
Here is my Redmine installation :
nvironment:
Redmine version 5.1.1.stable
Ruby version 3.1.2-p20 (2022-04-12) [x86_64-linux-gnu]
Rails version 6.1.7.6
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Circle (includes JavaScript)
SCM:
Git 2.39.2
Filesystem
Redmine plugins:
additionals 3.2.0-main
redmine_agile 1.6.8
redmine_checklists 3.1.23
redmine_ckeditor 1.2.4
redmine_contacts 4.4.0
redmine_contacts_helpdesk 4.2.2
redmine_issue_view_columns 2.0.3
redmine_lightbox 1.0.2
redmine_people 1.6.5
redmine_reporter 2.0.4
redmineup_tags 2.0.13
Regards.0false1912024-02-28T09:42:08Z2024-02-28T14:11:42Z40310Open Wiki Syntax quick reference in a modalBased on the work done in #40137, I'm wondering if it is a good ideea to open the quick reference in a jQuery modal instead of the current implementation.
Current:
!{height:500px; border: 1px solid grey;}Screenshot%202024-02-26%20at%2001.16.02.png!
Modal:
!{height:500px;}Screenshot%202024-02-26%20at%2001.17.23.png!
0false2024-02-25T23:18:54Z2024-02-25T23:18:54Z40303Design of the code block in the issue list block column is brokenI believe the following incorrect css is being applied to the code block in the issue list block column.
https://www.redmine.org/projects/redmine/repository/svn/entry/branches/5.1-stable/public/stylesheets/application.css#L293
<pre><code class="css">
table.issues td.block_column span {font-weight: bold; display: block; margin-bottom: 4px;}
table.issues td.block_column pre {white-space:normal;}
</code></pre>
For example:
https://redmine.org/projects/redmine/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=issue_id&op%5Bissue_id%5D=%3D&v%5Bissue_id%5D%5B%5D=40014&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=updated_on&c%5B%5D=category&group_by=&c%5B%5D=description&t%5B%5D=
!clipboard-202402231722-kyavh.png!0false1912024-02-23T08:23:05Z2024-02-23T08:23:05Z40301Issue - New version: Error when create a version with custom field of "File" typeFollowing this path:
Open existing issue -> Edit -> Target Version -> Create new one with green button.
I have a "File" custom field that is not required but when i try to save version after enter the name, the system say me that the custom field is not valid.
I try to delete it and create another one but i obtain the same error ( only with "File" custom field ).
System informations:
Environment:
Redmine version 5.1.0.stable
Ruby version 3.0.2-p107 (2021-07-07) [x86_64-linux-gnu]
Rails version 6.1.7.6
Environment production
SCM:
Mercurial 6.1.1
Git 2.34.1
Filesystem
Redmine plugins:
redmine_dmsf 3.1.30false1762024-02-22T14:17:32Z2024-03-13T04:37:48Z40298Regarding databaseMysql database is not working0false192024-02-22T06:19:47Z2024-02-22T13:16:43Z40297Projects Quick Search includes Favorite Projects and Recently Used above search resultsProjects Quick Search includes Favorite Projects and Recently Used above search results. The real search results may appear on the very bottom of the results.0false1912024-02-21T14:33:09Z2024-02-21T14:33:09Z40276Following issues dates do no update when non-working days are updated.When updating the non-working days administrative option, extant issues set as "Following" do not have their start and due dates updated to reflect the change in non-working days.
To test:
0. Have the system configured as non-working days: Saturday, Sunday
1. Create an issue to be completed on Thursday.
2. Create an issue that Follows the previous issue, with 0 days' delay (which means that this issue will be done the next day, e.g. Friday)
3. Ensure that in fact, the new issue is correctly set to start and be due on Friday.
4. In `Administration -> Settings -> Issue tracking -> Non-working days` change the setting to Friday, Saturday.
5. Return to the "Following" issue.
Expected results:
The "Following" issue should have its start and due dates set to the next Sunday.
What actually happens:
The "Following" issues' start and due dates have not been updated.
Note that removing the Following relationship and putting it back does in fact set the correct start and due dates (e.g. to Sunday).
```
Environment:
Redmine version 5.1.1.stable
Ruby version 3.2.3-p157 (2024-01-18) [x86_64-linux]
Rails version 6.1.7.6
Environment production
Database adapter PostgreSQL
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Default
SCM:
Subversion 1.14.2
Mercurial 6.3.2
Bazaar 3.3.2
Git 2.39.2
Filesystem
Redmine plugins:
no plugin installed
```0false1912024-02-20T01:44:12Z2024-02-20T01:44:12Z40249Clear filter option is not working properlywhile clicking clear filter button , status check box is not cleared0false1902024-02-18T07:51:27Z2024-02-26T20:02:20Z40215422 Invalid form authenticity token.Error 422 Invalid form authenticity token is poping when accessing redmine from a different subnet.0false1552024-02-08T17:20:47Z2024-02-08T17:20:47Z40189about packaging and distribution on fedoraWe would like to package redmine for the fedora distribution, however we hace not found information in the sources about the licenses with the distribution is allowed.0false1912024-02-03T04:04:57Z2024-02-03T06:23:00Z40121InvalidCrossOriginRequest exception raised by automated pentests or malicous userh2. Problem
When an automated pentest or a malicous user requests for example:
<pre>
https://<your-domain>.tld/projects/autocomplete.js
</pre>
the following exception will be raised:
<pre>
An ActionController::InvalidCrossOriginRequest occurred in projects#autocomplete:
Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
</pre>
*Note:* Any other url containing *.js will raise this exception.
All currently supported versions of Redmine are affected.
h2. Solution
The solution is to rescue from ActionController::InvalidCrossOriginRequest.
The attached patch file fix_invalid_cross_origin_request_exception.patch gives an example how to do that. A test is also included.0false1912024-01-24T11:58:52Z2024-01-29T14:03:23Z40100User ordering by name is incorrect for french language
by example in user list to pick for ticket assignement users with accentuated characters don't follow natural french ordering.
It should normalize name with accentuated characters like éè to correponding non accenutated letter prior of ordering.
when the list is very long it can lead to the false impression that user is not registered.
in redmine : Claire < Clovis < Clément < Constantin < Cyril < Céline
while we would expect : Céline (Celine) < Claire < Clément (Clement) < Clovis < Constantin < Cyril 0false2024-01-23T14:33:10Z2024-02-08T10:02:02Z