Tuesday, 2010-08-03

*** Joins: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39)		01:54
*** Joins: giallu (~giallu@fedora/giallu)		02:01
*** Joins: kirillka (~Miranda@global-n01.vester.ru)		02:02
*** Joins: Cupertino (~Cupez@unaffiliated/cupertino)		02:29
*** Quits: siebrand (~beis@sm.xs4all.nl) (Ping timeout: 245 seconds)		02:37
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 258 seconds)		02:38
davidinc	Who is responsible for preparing and arranging the docbook for mantisbt????	02:39
davidinc	hi	02:39
*** Joins: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk)		03:07
*** Quits: kirillka (~Miranda@global-n01.vester.ru) (Quit: kirillka)		03:11
*** Joins: giallu (~giallu@fedora/giallu)		03:22
davidinc	nuclear_eclipse: Hi	03:28
*** Joins: thefake (838267d2@gateway/web/freenode/ip.131.130.103.210)		03:47
thefake	hi there, i've a question about the roadmap, specially versions: Hot to remove the release date "Scheduled For Release" like the Mantis Project did at it's own installation, do i really have to edit the source by my own?	03:49
thefake	found it in an old ticket :) $g_show_roadmap_dates = OFF;	03:56
thefake	thx for	03:56
thefake	audience ;)	03:56
*** Quits: thefake (838267d2@gateway/web/freenode/ip.131.130.103.210) (Quit: Page closed)		03:56
*** Joins: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl)		04:10
*** Quits: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) (Ping timeout: 252 seconds)		04:53
*** Joins: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39)		05:00
*** Joins: fanno (~Morten@90.184.93.233)		05:05
*** Joins: paulr (~paul@cpc1-enfi9-0-0-cust389.hari.cable.virginmedia.com)		05:08
*** Quits: davidinc (d5374b27@gateway/web/freenode/ip.213.55.75.39) (Ping timeout: 252 seconds)		05:22
*** Joins: samtuke (~samtuke@p57A0D252.dip.t-dialin.net)		06:06
samtuke	hi, as I recall there used to be a feature allowing documents to be added to a mantis install, allowing users to view them. I can't see this link or configuration option in 1.2.1, has it been depreciated, or how do I use it? I'm referring to the old 'project documentation'	06:08
samtuke	has this been moved to a plugin?	06:10
dhx_m	it's still built in	06:15
dhx_m	but it doesn't get used much by MantisBT users so it could be buggy/non-functional at the moment	06:16
dhx_m	it's a prime candidate for being cut out into a separate plugin	06:16
dhx_m	see config_defaults_inc.php for settings that control this feature on/off, etc	06:16
samtuke	hmm, why was it removed, seems like a simple and useful feature?	06:16
samtuke	thanks, ive found it there	06:18
dhx_m	it's not removed	06:18
samtuke	ill re-enable it and see what happens	06:18
dhx_m	yep	06:18
samtuke	OK, I mean, why was it disabled and not maintained	06:18
dhx_m	it's disabled by default like a lot of MantisBT features	06:18
dhx_m	and it's "not maintained" in the sense that few people (especially developers) seem to use the feature	06:19
*** Joins: atrol (57a67003@gateway/web/freenode/ip.87.166.112.3)		06:19
*** Quits: atrol (57a67003@gateway/web/freenode/ip.87.166.112.3) (Client Quit)		06:20
samtuke	OK, thanks for the info :)	06:24
*** Quits: samtuke (~samtuke@p57A0D252.dip.t-dialin.net) (Quit: Leaving)		06:24
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer)		06:42
*** Joins: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123)		07:34
nuclear_eclipse	davidinc: hi	07:34
davidinc	nuclear_eclipse: hi	07:34
nuclear_eclipse	I wrote almost everything in the developer guide, but the admin guide is more or less a conversion of the old 1.0.x and 1.1.x manuals, and nobody is officially in charge of maintaining them... =\	07:35
*** Joins: mantisbt_04241 (c2d05861@gateway/web/freenode/ip.194.208.88.97)		07:35
davidinc	ok	07:40
dhx_m	I heard there is an opening for "Official MantisBT Documentation Maintainer" with davidinc's name written all over it :p	07:44
nuclear_eclipse	lol	07:44
* nuclear_eclipse shakes davidinc's hand		07:44
dhx_m	... by force? :p	07:45
davidinc	no pro	07:45
davidinc	cool	07:45
nuclear_eclipse	dammit man, think of the children!	07:45
nuclear_eclipse	just imagine all those classrooms full of innocent kids, crying because our manual is out of date... you can change that...	07:46
davidinc	YOU mean dhx_m	07:47
dhx_m	lol	07:48
davidinc	lol	07:48
nuclear_eclipse	it was an all-inclusive "you"; I don't care who it is as long as it isn't me.. ;)	07:48
*** Joins: LFH_SPA (52960006@gateway/web/freenode/ip.82.150.0.6)		08:07
LFH_SPA	Hello	08:07
LFH_SPA	I am new in the mantis world	08:07
LFH_SPA	and I am facing some problems when i try to install it with SQL server	08:08
LFH_SPA	I am getting the folliwing error: Database query failed. Error received from database was #206: Conflicto de tipos de operandos: int es incompatible con text for the query: INSERT INTO mantis_config_table	08:08
LFH_SPA	I had applied the patchs especified in http://www.mantisbt.org/bugs/view.php?id=10742	08:09
LFH_SPA	but they didn´t help	08:09
LFH_SPA	the ecosystem is: Win XP, PHP 5.2, SQL Server 2005, Mantis 1.2.2	08:11
paulr	dhx_m: yours :P	08:11
dhx_m	paulr: yours :P get the Moodle DB layer working already :p	08:12
dhx_m	LFH_SPA: we have known issues with database upgrades when using MS SQL (perhaps other database types too) due to inconsistencies between database server SQL implementations	08:14
paulr	dhx_m: ahh I was gonna ask you about that	08:14
dhx_m	LFH_SPA: I suggest upgrading to 1.2.0, then 1.2.1 then 1.2.2 (don't skip versions)?	08:14
paulr	dhx_m: if we write our own layer based on the moodle code, it wouldn't be GPL right?	08:14
dhx_m	LFH_SPA: AFAIK I broke things in 1.2.1 by dropping some of our custom ADOdb hacks (hence why paulr palmed off this issue to me!)... I am ideally trying to get those patches accepted upstream where they belong	08:15
*** Joins: fanno (~b3g@193.3.95.240)		08:16
dhx_m	paulr: I suspect not... depending on just how much it is based	08:16
paulr	do we need to support db2?	08:17
dhx_m	do any developers use it? if not, then no... as no one will have any interest in maintaining that support	08:18
dhx_m	if a DB2 user wants to help maintain DB2 support then they can always add that support later	08:18
dhx_m	IMO anyway ;)	08:18
LFH_SPA	I am not upgradding	08:19
LFH_SPA	it´s a brand new installation	08:19
dhx_m	brand new database? :o	08:20
LFH_SPA	DHX_M: What should I do? Install teh 1.2.0 version?	08:20
dhx_m	probably, yes	08:20
dhx_m	then upgrade 1.2.0 to 1.2.2	08:20
dhx_m	at least until we fix things up	08:20
LFH_SPA	ok	08:20
LFH_SPA	thanks for your help	08:20
LFH_SPA	I will do it and let you know	08:21
dhx_m	no problem, let me know how you go	08:21
LFH_SPA	by the way	08:22
LFH_SPA	where is the 1.2.0 version available	08:22
dhx_m	sourceforge should have it	08:23
LFH_SPA	I took a look and the 1.2.2 is the only stable one available	08:23
LFH_SPA	ok	08:23
LFH_SPA	ok	08:24
LFH_SPA	thanks	08:24
LFH_SPA	bye	08:24
dhx_m	sounds like you have to go urgently? cya	08:25
*** Quits: LFH_SPA (52960006@gateway/web/freenode/ip.82.150.0.6) (Quit: Page closed)		08:25
*** Quits: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) (Ping timeout: 264 seconds)		08:33
*** Joins: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl)		08:57
*** Joins: dhx_z (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au)		09:11
*** Quits: dhx_m (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) (Ping timeout: 264 seconds)		09:12
*** Quits: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) (Ping timeout: 252 seconds)		09:17
*** Joins: nkj (~nkj252@rb5db132.net.upc.cz)		09:22
*** Joins: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123)		09:22
nkj	hi everyone	09:22
nkj	i just setup v1.2.2 on my server	09:22
nkj	however, i'm having trouble getting any new accounts created.	09:22
nkj	everytime i get the new account link (to set the password for the first time) after filling out the form I get the error #2800	09:23
nkj	"Invalid form security token. Did you submit the form twice by accident?"	09:23
nkj	which I didn't	09:23
nkj	same thing happens when I try to submit the 'lost password' form, i enter my username and email address, and click submit - and get the error #2800	09:24
nkj	seems to be happening with any form submission at all	09:25
nkj	i don't see any errors in the apache log files	09:26
nkj	does anyone have any ideas as to what this might be?	09:26
nkj	searching on google has come up with no relevant, up to date, info on the problem	09:27
nkj	apparently people have had similar issues, but nothing related to simply trying to activate an account in the first place.	09:27
nkj	and most issues i found on google were reported & fixed/resolved on the 1.1.x branch up to 2 years ago.	09:28
nkj	which makes me think this has got to be a configuration issue, just not sure where to start looking.	09:28
nkj	as I'm not sure how mantisBT decides that error #2800 is what it should display	09:29
nkj	i could reverse engineer it, but my time is very limited and so I thought I'd ask for help/advice/tips/clues here first.	09:30
nuclear_eclipse	nkj: is there a proxy server between your machine and the mantis server?	09:33
*** Quits: giallu (~giallu@fedora/giallu) (Ping timeout: 258 seconds)		09:33
nkj	nuclear_eclipse: the server is on the rackspace cloud, but i dont think there is any proxying going on	09:34
nuclear_eclipse	nkj: ah, it sounds like the server's aren't correctly sharing your session data	09:35
nkj	nuclear_eclipse: i had the default ubuntu package installed first (1.1.8 i believe) but removed it and installed 1.2.2 from tarball.	09:35
nkj	the ubuntu package seemed to work fine.	09:36
nkj	nuclear_eclipse: so far, it's just running on one server	09:36
nuclear_eclipse	oh	09:36
nkj	the dev server is solo	09:36
nuclear_eclipse	well, you can disable form security protection, but do note that it opens a potential attack vector against administrators: http://en.wikipedia.org/wiki/Cross-site_request_forgery	09:37
nuclear_eclipse	ubuntu may have disabled it by default, or maybe they are using a patched version of 1.1.x of some sort	09:37
nkj	nuclear_eclipse: that exploit is only possible from an already trusted user, correct?	09:39
nuclear_eclipse	no	09:39
nkj	from someone with no account at all?	09:39
nkj	ah	09:39
nkj	i think i get it	09:40
nkj	hmm, well - i will have the site protected behind http auth as well	09:40
nkj	so i think it should be ok	09:40
nuclear_eclipse	a malicious person could post an <img> tag on a site that points to some form on your site, and anyone already logged into your site that views that <img> tag could unknowingly submit forms, like creating a new user, etc	09:40
nkj	right - hijacking the session cookie	09:40
nuclear_eclipse	nkj: the attack has to be specifically targetted against your site, so private sites at least are obscure enough to have a low chance of attack, but it's still possible	09:41
nkj	nuclear_eclipse: how do I disable the security protection>	09:41
nkj	is it g_session_validation?	09:42
nuclear_eclipse	the main cause for problems with that protection is proxy servers (or even reverse proxy servers) that incorrectly cache pages and serve old versions with stale or invalid CSRF tokens	09:42
nuclear_eclipse	no	09:42
nuclear_eclipse	$g_form_security_validation = ON;	09:42
nkj	ok	09:43
nkj	nuclear_eclipse: thanks, i'll give it a shot now	09:44
nuclear_eclipse	I'd imagine that rackspace cloud probably has a reverse proxy in front of their servers that's either ignoring the caching headers we send or something of the sort	09:44
nkj	thats very possible, this is my first time using them so i don't know how their systems are setup	09:49
nkj	nuclear_eclipse: that solved the problem, thanks - however now I've got a problem actually setting the new users password	10:25
nkj	when I enter the desired password, click submit, i don't get the error, it then redirects to the main login page... when I test the username/password i get the incorrect login error message	10:26
nkj	"Your account may be disabled or blocked or the username/password you entered is incorrect."	10:26
nkj	checking in the DB, it looks like the password field for the user was not updated.	10:26
nuclear_eclipse	hate to say it, but it sounds like whatever underlying issue that caused the form security errors might be causing the same problem with the actual form submissions... =\	10:27
*** Quits: davidinc (d5374b7b@gateway/web/freenode/ip.213.55.75.123) (Ping timeout: 252 seconds)		10:28
nkj	hmmm	10:28
nuclear_eclipse	nkj: is php properly configured to store session data?	10:28
nkj	nuclear_eclipse: which setting in the php ini is required?	10:30
nuclear_eclipse	nkj: the entire [session] block (session.*) should looked over and configured to match your setup	10:32
nuclear_eclipse	specifically, session.save_path needs to point somewhere that the webserver account has write access to	10:32
nuclear_eclipse	and session.use_cookies must be enabled	10:32
nuclear_eclipse	depending on the situation, you may also need to update mantis' configuration options for cookies too	10:33
nkj	ok i'll give it a look over	10:37
*** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (Quit: I give up...)		11:02
*** Quits: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) (Quit: Rixie)		11:26
*** Joins: giallu (~giallu@fedora/giallu)		11:48
*** Joins: istvanb (d917e473@gateway/web/freenode/ip.217.23.228.115)		11:55
istvanb	Hi there	11:55
istvanb	The question I have: is there any company deals with Mantis support officially?	11:56
nuclear_eclipse	istvanb: not that I know of	11:57
istvanb	hmm	11:58
istvanb	our IT has this concern that what if we have issues, how can we fix without support	11:58
nuclear_eclipse	istvanb: you can always request help from a mailing list, or you can find the problem and fix it yourself since it's open source...	11:59
istvanb	oh yeah, I completely agree with you. In the other hand I understand the concerns of the IT as well, since if we have a major problem it would be nice to have a phone number where we can ask for help (and pay for them as well:)	12:00
nuclear_eclipse	istvanb: this is the best I can offer: http://www.mantisbt.org/consulting.php	12:02
istvanb	I have dropped a mail there 2 weeks ago when I went for vacation, but recieved no response :(	12:02
nuclear_eclipse	istvanb: I'm not sure where that mail goes to, so I unfortunately can't help you there	12:03
istvanb	:)	12:04
istvanb	its ok	12:04
istvanb	I am not really concerned about this, however for sure it would be great to have something like that!	12:05
nuclear_eclipse	yeah, I agree	12:05
paulr	istvanb: you can pay me for support	12:16
paulr	if anything breaks	12:17
paulr	i'll hit nuclear_eclipse on irc until he fixes it	12:17
nuclear_eclipse	paulr: good luck, I already have a busy enough life... :P	12:17
istvanb	haha :)	12:19
istvanb	funny mate :)	12:19
istvanb	my plan is to introduce Mantis, screw it then quit and make a support company :)	12:19
istvanb	now I gotta go, but ttys guys	12:20
*** Quits: istvanb (d917e473@gateway/web/freenode/ip.217.23.228.115) (Quit: Page closed)		12:20
*** Quits: rolfkleef (~rolf@82-204-82-162.fttx.bbeyond.nl) (Ping timeout: 276 seconds)		12:31
*** Joins: moto-moi (~hylke@cara.xs4all.nl)		12:31
*** Joins: mantisbt_46530 (ca419e64@gateway/web/freenode/ip.202.65.158.100)		13:08
mantisbt_46530	hi	13:08
*** Quits: mantisbt_46530 (ca419e64@gateway/web/freenode/ip.202.65.158.100) (Client Quit)		13:08
*** Quits: micahg (~micah@ubuntu/member/micahg) (Read error: Operation timed out)		13:32
*** Joins: siebrand (~beis@sm.xs4all.nl)		13:44
*** Quits: fanno (~b3g@193.3.95.240) (Read error: Connection reset by peer)		14:05
*** Joins: micahg (~micah@ubuntu/member/micahg)		14:11
*** Joins: fanno (~Morten@90.184.93.233)		14:37
*** Joins: thraxisp (~thraxisp@24.139.16.154)		15:32
*** Quits: thraxisp (~thraxisp@24.139.16.154) (Client Quit)		15:34
*** Joins: Shakra (d065b84e@gateway/web/freenode/ip.208.101.184.78)		15:34
*** Joins: rolfkleef (~rolf@urtica.xs4all.nl)		15:35
Shakra	dhx_z: are you around today?	15:36
Shakra	I may have found another bug in bug_update.php.	15:37
*** Joins: thraxisp (~thraxisp@24.139.16.154)		15:38
*** Quits: thraxisp (~thraxisp@24.139.16.154) (Client Quit)		15:39
*** Quits: nkj (~nkj252@rb5db132.net.upc.cz) (Ping timeout: 246 seconds)		15:54
paulr	he's sleeping	16:02
paulr	:)	16:02
Shakra	ok no problem :) do you know when he's normally up and about?	16:15
nuclear_eclipse	Shakra: he lives in Australia :P	16:53
paulr	he said he wont be in tomorrow	17:18
paulr	so probably in 30 hours from now	17:19
*** Quits: moto-moi (~hylke@cara.xs4all.nl) (Quit: Ex-Chat)		17:21
killefiz	giallu: is there a reason (except lack of time) why you haven't updated mantis in fedora to 1.2.x yet?	18:26
nuclear_eclipse	tsk tsk giallu, falling behind!	18:28
*** Quits: fanno (~Morten@90.184.93.233) (Read error: Connection reset by peer)		18:29
*** Quits: Shakra (d065b84e@gateway/web/freenode/ip.208.101.184.78) (Quit: Page closed)		18:32
*** Quits: rolfkleef (~rolf@urtica.xs4all.nl) (Read error: Operation timed out)		18:33
giallu	killefiz, well. IIRC 1.2.0 was not that good and 1.2.1 had his share of issues as well (but yes, I also lacked time) ;)	18:33
giallu	now we have CVE-2010-2802	18:34
nuclear_eclipse	giallu: it's called bleeding edge for a reason ;0	18:34
giallu	nuclear_eclipse, well, no, 1.2.0 was supposed to be stable	18:34
giallu	master is bleeding edge...	18:34
nuclear_eclipse	tis a joke buddy	18:35
giallu	oh sorry ;)	18:35
nuclear_eclipse	if we had kept 1.2.0 in the wings any longer it would have been born with grey hair and a wheelchair	18:35
giallu	anyway john, I don't also like to push 1.2 on older Fedora releases because of the manual steps involved	18:36
nuclear_eclipse	oh, I understand	18:36
giallu	but, I'd probably bite the bullet if we haven't a fix for the CVE	18:36
nuclear_eclipse	packaging is difficult with all the restrictions distros put in place...	18:36
nuclear_eclipse	giallu: btw, how the hell do CVE's get created/reported?	18:36
giallu	not sure, I just get notified by Red Hat/Fedora security team	18:37
giallu	nuclear_eclipse, do you have a point for the commit fixing the issue?	18:37
giallu	pointer even	18:37
nuclear_eclipse	hmm, sec	18:38
nuclear_eclipse	giallu: it's related to bug 11952	18:38
foobot	Bug 11952 - dhx - fixed - closed	18:38
foobot	Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks - http://www.mantisbt.org/bugs/view.php?id=11952	18:38
nuclear_eclipse	giallu: http://git.mantisbt.org/?p=mantisbt.git;a=commitdiff;h=618f45ac57a45854fa96bcfd79f9f44dcdfcfab3	18:39
giallu	anyway: http://seclists.org/oss-sec/2010/q3/136	18:39
giallu	let's see, isn't fileinfo based detection only in 1.2.x?	18:40
nuclear_eclipse	I dunno, ask dhx :P	18:41
giallu	asking google instead...	18:41
nuclear_eclipse	he said he apparently got a request from Red Hat to backport the issue to 1.1.x, so my guess is that it affects that too	18:42
giallu	uhm, I'm pretty sure FileInfo based detection was added later	18:44
giallu	and google agrees with me. now I'd need an 1.2.1 instance to test	18:45
nuclear_eclipse	giallu: you can use my tracker at http://leetcode.net/mantis if you'd like...	18:46
nuclear_eclipse	I haven't gotten around to pulling the latest from git	18:46
killefiz	giallu: ok - let me know if you need any help with the update	18:47
killefiz	I guess at least rawhide and probably f14 should be moved to 1.2.2	18:48
giallu	killefiz, ok, I also prepared a semi decent spec with unbundled libs, but the transition to git is slowing me down a bit (need to learn the new workflow)	18:48
killefiz	i haven't pushed any update with git yet either but it looks like being able to merge between releases is going to be a huge timesaver in the future	18:50
nuclear_eclipse	giallu: that actually looks really nifty	18:51
nuclear_eclipse	gitolite is also pretty nifty	18:51
nuclear_eclipse	tempted to try and set that up on our git server at work	18:51
giallu	http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=d85822de161fcede76fa54ce1f8081135387e8a5	18:54
giallu	killefiz, well. I was always trying to keep branches in sync by copying the spec file. not sure if it will be faster	18:56
giallu	anyway	18:56
paulr	nuclear_eclipse: gitolite ?	19:05
giallu	nuclear_eclipse, you don't enable showing of uploaded images right?	19:13
paulr	giallu	19:20
paulr	<nuclear_eclipse> he said he apparently got a request from Red Hat to backport the issue to 1.1.x, so my guess is that it affects that too	19:20
paulr	do we still support 1.1?	19:20
giallu	irrelevant	19:20
giallu	at least in this context	19:20
paulr	mm, ok	19:20
giallu	but I did not hear anything on the topic from other mantis devs	19:21
giallu	traditionally we stopped support of older stable releases	19:21
giallu	albeit with git it should be a bit easier to backport selected stuff	19:21
paulr	pretty sure dhx (as opposed to nuclear_eclipse) has said he'd like to move to a different version numbering scheme	19:21
paulr	even with git	19:22
paulr	historically there's been so much churn in source, you've got no chance :)	19:22
giallu	I'm not opposed to changes, just tell him to throw the proposal on the dev-list for those who can't be here all the time ;)	19:23
nuclear_eclipse	paulr: gitolite is a repo/acl management system for git that supposedly allows you to have fine grained ACL setups similar to what you get with SVN	19:23
nuclear_eclipse	Fedora has adopted it for their package development workflow	19:24
giallu	anyone with a IE handy?	19:24
paulr	giallu: I think in principle, it was along lines of just use year.month for release or whatever	19:24
* paulr has IE		19:24
paulr	nuclear_eclipse: ahh	19:24
giallu	paulr, can you click on the attachment here: http://leetcode.net/mantis/view.php?id=170	19:25
nuclear_eclipse	paulr: I've told debian/ubuntu people that we'd at least support major security issues in 1.1.x	19:25
nuclear_eclipse	I also told them we might not make a full release of it, but we'd at least accept patches into our repo	19:25
giallu	paulr, what happens with IE there?	19:26
paulr	it offers me a file download of a 48byte file	19:26
* paulr loads fiddler		19:27
paulr	i'll just give you the headers	19:27
nuclear_eclipse	giallu: if you need me to modify config somehow, let me know	19:27
paulr	X-Content-Type-Options: nosniff	19:28
paulr	Content-Disposition: filename="html_in_disguise.gif"	19:28
nuclear_eclipse	I think it's pretty much default configs for the most part	19:28
paulr	that's got the x-content header in	19:28
giallu	uhm	19:28
giallu	nuclear_eclipse, did you upgrade the tracker to 1.2.2?	19:28
giallu	I'm not sure what I should be looking at right now...	19:29
nuclear_eclipse	ohh..	19:30
nuclear_eclipse	I forgot just how long that patch has been around...	19:30
nuclear_eclipse	lemme checkout 1.2.1 for the site real quick	19:30
paulr	http://bugs.mantisforge.org/file_download.php?file_id=1&type=bug	19:30
nuclear_eclipse	ok, it's at 1.2.1 now	19:31
paulr	Content-Type: image/gif	19:31
paulr	Content-Disposition: filename="html_in_disguise.gif"	19:31
paulr	IE just displays the text for me	19:31
paulr	no javascript alert	19:31
paulr	maybe you need <html> etc at top of file	19:32
nuclear_eclipse	paulr: it's only when you view the img inline in the page	19:32
nuclear_eclipse	going through file_download.php can't trigger it	19:32
paulr	http://bugs.mantisforge.org/view.php?id=1	19:33
paulr	isn't that what that does?	19:33
paulr	img alt="" style="border: 0; max-height:250px;" src="file_download.php?file_id=1&type=bug" /><	19:34
paulr	although that might be older then dhx's initial changes	19:34
nuclear_eclipse	try again on my tracker, I checked out release-1.2.1 on it	19:35
paulr	url	19:36
nuclear_eclipse	http://leetcode.net/mantis/view.php?id=170	19:36
paulr	not getting a popup	19:36
paulr	ahh	19:36
paulr	do when i go to download the file	19:36
paulr	so i'd be inclined to think	19:36
paulr	that dhx broke it	19:37
paulr	then fixed	19:37
paulr	so it might be ok prior to 1.2.1	19:37
paulr	or prior to 1.2.0	19:37
paulr	can you checkout 1.2.0 onto it?	19:37
giallu	nuclear_eclipse, paulr thanks for checking	19:37
nuclear_eclipse	does it only happen to IE?	19:37
nuclear_eclipse	or will Chrome repro it too?	19:37
giallu	nuclear_eclipse, yeah FF looks ok	19:37
giallu	dunno, I've chrome only on windows	19:38
giallu	will check tomorrow	19:38
giallu	now I need some sleep...	19:38
giallu	bye	19:38
nuclear_eclipse	because if I can reproduce it, I can use git-bisect to figure out exactly where it "broke"	19:38
nuclear_eclipse	cya giallu	19:38
giallu	nuclear_eclipse, have a look at the commit I linked before	19:38
paulr	nuclear_eclipse: I can probably tell you that ;p	19:39
nuclear_eclipse	giallu: that was a merge commit?	19:39
giallu	september 8, 2009	19:39
giallu	yeah merge a finfo branch	19:39
nuclear_eclipse	oh, that's when that feature first went in?	19:39
giallu	guess so	19:40
giallu	try a checkout of the previous commit	19:40
nuclear_eclipse	it's checked out on my tracker now	19:41
paulr	think I need sleep too	19:41
*** Quits: siebrand (~beis@sm.xs4all.nl) (Ping timeout: 248 seconds)		19:42
nuclear_eclipse	I just got the JS popup on that, but didn't with 1.2.1 checked out	19:42
nuclear_eclipse	giallu: ping me tomorrow and I'll help you work this all out	19:42
*** Quits: paulr (~paul@cpc1-enfi9-0-0-cust389.hari.cable.virginmedia.com) ()		19:46
*** Joins: siebrand (~beis@sm.xs4all.nl)		19:47
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection)		20:00
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de)		20:00
*** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 260 seconds)		21:57
*** Joins: micahg (~micah@ubuntu/member/micahg)		22:30
*** Quits: micahg (~micah@ubuntu/member/micahg) (Remote host closed the connection)		22:32
*** Joins: micahg (~micah@ubuntu/member/micahg)		22:33
*** Quits: micahg (~micah@ubuntu/member/micahg) (Remote host closed the connection)		22:38
*** Joins: micahg (~micah@ubuntu/member/micahg)		22:43

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!