diff options
author | gerv%gerv.net <> | 2002-09-29 06:44:24 +0200 |
---|---|---|
committer | gerv%gerv.net <> | 2002-09-29 06:44:24 +0200 |
commit | 8a9666557189baca9f404da532f17359b419621e (patch) | |
tree | a5e55ee6184f287d7f54410b1226b9dfc7a5fce4 | |
parent | 07d9826a90f7efb3d31f9001d5fb26d2db5511dc (diff) | |
download | bugzilla-8a9666557189baca9f404da532f17359b419621e.tar.gz bugzilla-8a9666557189baca9f404da532f17359b419621e.tar.xz |
Bug 163114 - Templatise all calls to DisplayError. Patch B. Patch by gerv; r=burnus.
-rw-r--r-- | CGI.pl | 37 | ||||
-rwxr-xr-x | buglist.cgi | 42 | ||||
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 11 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 68 |
4 files changed, 91 insertions, 67 deletions
@@ -270,19 +270,7 @@ sub ValidateBugID { my $alias = $id; if (!detaint_natural($id)) { $id = BugAliasToID($alias); - if (!$id) { - my $html_id = html_quote($_[0]); - my $alias_specific_message = Param("usebugaliases") ? - " (it is neither a bug number nor an alias to a bug number)" : ""; - DisplayError(qq| - The bug number <em>$html_id</em> is invalid$alias_specific_message. - If you are trying to use QuickSearch, you need to enable JavaScript - in your browser. To help us fix this limitation, add your comments - to <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=70907">bug - 70907</a>. - |); - exit; - } + $id || ThrowUserError("invalid_bug_id_or_alias", {'bug_id' => $id}); } # Modify the calling code's original variable to contain the trimmed, @@ -293,8 +281,7 @@ sub ValidateBugID { SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $id"); FetchOneColumn() - || DisplayError("Bug #$id does not exist.") - && exit; + || ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id}); return if $skip_authorization; @@ -305,16 +292,10 @@ sub ValidateBugID { # The error the user sees depends on whether or not they are logged in # (i.e. $::userid contains the user's positive integer ID). if ($::userid) { - DisplayError("You are not authorized to access bug #$id."); + ThrowUserError("bug_access_denied", {'bug_id' => $id}); } else { - DisplayError( - qq|You are not authorized to access bug #$id. To see this bug, you - must first <a href="show_bug.cgi?id=$id&GoAheadAndLogIn=1">log in - to an account</a> with the appropriate permissions.| - ); + ThrowUserError("bug_access_query", {'bug_id' => $id}); } - exit; - } sub ValidateComment { @@ -323,8 +304,7 @@ sub ValidateComment { my ($comment) = @_; if (defined($comment) && length($comment) > 65535) { - DisplayError("Comments cannot be longer than 65,535 characters."); - exit; + ThrowUserError("comment_too_long"); } } @@ -573,9 +553,7 @@ sub confirm_login { # Make sure the user exists or throw an error (but do not admit it was a username # error to make it harder for a cracker to find account names by brute force). - $userid - || DisplayError("The username or password you entered is not valid.") - && exit; + $userid || ThrowUserError("invalid_username_or_password"); # If this is a new user, generate a password, insert a record # into the database, and email their password to them. @@ -605,8 +583,7 @@ sub confirm_login { # Make sure the passwords match or throw an error. ($enteredCryptedPassword eq $realcryptpwd) - || DisplayError("The username or password you entered is not valid.") - && exit; + || ThrowUserError("invalid_username_or_password"); # If the user has successfully logged in, delete any password tokens # lying around in the system for them. diff --git a/buglist.cgi b/buglist.cgi index f466780b1..8c8f52008 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -75,11 +75,7 @@ my $dotweak = $::FORM{'tweak'} ? 1 : 0; # Log the user in if ($dotweak) { confirm_login(); - if (!UserInGroup("editbugs")) { - DisplayError("Sorry, you do not have sufficient privileges to edit - multiple bugs."); - exit; - } + UserInGroup("editbugs") || ThrowUserError("insufficient_perms_for_multi"); GetVersionTable(); } else { @@ -120,12 +116,8 @@ my $order_from_cookie = 0; # True if $order set using $::COOKIE{'LASTORDER'} # If the user is retrieving the last bug list they looked at, hack the buffer # storing the query string so that it looks like a query retrieving those bugs. if ($::FORM{'regetlastlist'}) { - if (!$::COOKIE{'BUGLIST'}) { - DisplayError(qq|Sorry, I seem to have lost the cookie that recorded - the results of your last query. You will have to start - over at the <a href="query.cgi">query page</a>.|); - exit; - } + $::COOKIE{'BUGLIST'} || ThrowUserError("missing_cookie"); + $::FORM{'bug_id'} = join(",", split(/:/, $::COOKIE{'BUGLIST'})); $order = "reuse last sort" unless $order; $::buffer = "bug_id=$::FORM{'bug_id'}&order=" . url_quote($order); @@ -186,11 +178,7 @@ sub LookupNamedQuery { my $qname = SqlQuote($name); SendSQL("SELECT query FROM namedqueries WHERE userid = $userid AND name = $qname"); my $result = FetchOneColumn(); - if (!$result) { - my $qname = html_quote($name); - DisplayError("The query named <em>$qname</em> seems to no longer exist."); - exit; - } + $result || ThrowUserError("missing_query", {'queryname' => '$name'}); return $result; } @@ -305,13 +293,8 @@ elsif ($::FORM{'cmdtype'} eq "doit" && $::FORM{'remember'}) { my $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"}); my $name = trim($::FORM{'newqueryname'}); - $name - || DisplayError("You must enter a name for your query.") - && exit; - $name =~ /[<>&]/ - && DisplayError("The name of your query cannot contain any - of the following characters: <, >, &.") - && exit; + $name || ThrowUserError("query_name_missing"); + $name !~ /[<>&]/ || ThrowUserError("illegal_query_name"); my $qname = SqlQuote($name); $::buffer =~ s/[\&\?]cmdtype=[a-z]+//; @@ -507,18 +490,15 @@ if ($order) { # Accept an order fragment matching a column name, with # asc|desc optionally following (to specify the direction) if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) { - my $qfragment = html_quote($fragment); - my $error = "The custom sort order you specified in your " - . "form submission contains an invalid column " - . "name <em>$qfragment</em>."; + $vars->{'fragment'} = $fragment; if ($order_from_cookie) { my $cookiepath = Param("cookiepath"); print "Set-Cookie: LASTORDER= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n"; - $error =~ s/form submission/cookie/; - $error .= " The cookie has been cleared."; + ThrowCodeError("invalid_column_name_cookie"); + } + else { + ThrowCodeError("invalid_column_name_form"); } - DisplayError($error); - exit; } } # Now that we have checked that all columns in the order are valid, diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 1981364f1..dbe4a1732 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -73,6 +73,17 @@ The attachment number of one of the attachments you wanted to obsolete, [% attach_id FILTER html %], is invalid. + [% ELSIF error == "invalid_column_name_cookie" %] + [% title = "Invalid Column Name" %] + The custom sort order specified in your cookie contains an invalid + column name <em>[% fragment FILTER html %]</em>. + The cookie has been cleared. + + [% ELSIF error == "invalid_column_name_form" %] + [% title = "Invalid Column Name" %] + The custom sort order specified in your form submission contains an + invalid column name <em>[% fragment FILTER html %]</em>. + [% ELSIF error == "mismatched_bug_ids_on_obsolete" %] Attachment [% attach_id FILTER html %] ([% description FILTER html %]) is attached to bug [% attach_bug_id FILTER html %], but you tried to diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index c9dca30d4..593c8bede 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -81,7 +81,17 @@ [% ELSIF error == "attachment_access_denied" %] [% title = "Access Denied" %] - You are not permitted access to this attachment. + You are not authorized to access this attachment. + + [% ELSIF error == "bug_access_denied" %] + [% title = "Access Denied" %] + You are not authorized to access bug #[% bug_id %]. + + [% ELSIF error == "bug_access_query" %] + [% title = "Access Denied" %] + You are not authorized to access bug #[% bug_id %]. To see this bug, you + must first <a href="show_bug.cgi?id=[% bug_id %]&GoAheadAndLogIn=1">log + in to an account</a> with the appropriate permissions. [% ELSIF error == "buglist_parameters_required" %] [% title = "Parameters Required" %] @@ -98,6 +108,10 @@ You have to specify a <b>comment</b> on this change. Please give some words on the reason for your change. + [% ELSIF error == "comment_too_long" %] + [% title = "Comment Too Long" %] + Comments cannot be longer than 65,535 characters. + [% ELSIF error == "dependency_loop_multi" %] [% title = "Dependency Loop Detected" %] The following bug(s) would appear on both the "depends on" @@ -192,11 +206,38 @@ [% title = "Your Query Makes No Sense" %] The only legal values for the <em>Attachment is obsolete</em> field are 0 and 1. - + + [% ELSIF error == "illegal_query_name" %] + [% title = "Illegal Query Name" %] + The name of your query cannot contain any of the following characters: + <, >, &. + + [% ELSIF error == "insufficient_privs_for_multi" %] + [% title = "Insufficient Privileges" %] + Sorry, you do not have sufficient privileges to edit multiple bugs. + [% ELSIF error == "invalid_attach_id" %] [% title = "Invalid Attachment ID" %] The attachment id [% attach_id FILTER html %] is invalid. + [% ELSIF error == "invalid_bug_id" %] + [% title = "Invalid Bug ID" %] + The bug id [% bug_id FILTER html %] is invalid. + + [% ELSIF error == "invalid_bug_id_non_existent" %] + [% title = "Invalid Bug ID" %] + Bug #[% bug_id %] does not exist. + + [% ELSIF error == "invalid_bug_id_or_alias" %] + [% title = "Invalid Bug ID" %] + The 'bug number' <em>[% bug_id FILTER html %]</em> is invalid. + [% IF Param("usebugaliases") %] + It is neither a bug number nor an alias to a bug number. + [% END %] + If you are trying to use QuickSearch, you need to enable JavaScript + in your browser. To help us fix this limitation, add your comments to + <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=70907">bug 70907</a>. + [% ELSIF error == "invalid_content_type" %] [% title = "Invalid Content-Type" %] The content type <em>[% contenttype FILTER html %]</em> is invalid. @@ -204,10 +245,6 @@ is either <em>application, audio, image, message, model, multipart, text,</em> or <em>video</em>. - [% ELSIF error == "invalid_bug_id" %] - [% title = "Invalid Bug ID" %] - The bug id [% bug_id FILTER html %] is invalid. - [% ELSIF error == "invalid_product_name" %] [% title = "Invalid Product Name" %] The product name '[% product FILTER html %]' is invalid or does not exist. @@ -217,6 +254,10 @@ The name <tt>[% name FILTER html %]</tt> is not a valid username. Either you misspelled it, or the person has not registered for a Bugzilla account. + + [% ELSIF error == "invalid_username_or_password" %] + [% title = "Invalid Username Or Password" %] + The username or password you entered is not valid. [% ELSIF error == "milestone_required" %] [% title = "Milestone Required" %] @@ -240,11 +281,22 @@ either <em>auto-detect</em>, <em>select from list</em>, or <em>enter manually</em>. + [% ELSIF error == "missing_cookie" %] + [% title = "Missing Cookie" %] + Sorry, I seem to have lost the cookie that recorded + the results of your last search. I'm afraid you will have to start + again on the <a href="query.cgi">search page</a>. + [% ELSIF error == "missing_email_type" %] [% title = "Your Query Makes No Sense" %] You must specify one or more fields in which to search for <tt>[% email %]</tt>. + [% ELSIF error == "missing_query" %] + [% title = "Missing Query" %] + The query named <em>[% queryname FILTER html %]</em> seems to no longer + exist. + [% ELSIF error == "need_component" %] [% title = "Component Required" %] You must specify a component to help determine the new owner of these bugs. @@ -292,6 +344,10 @@ Patches cannot be more than [% Param('maxpatchsize') %] KB in size. Try breaking your patch into several pieces. + [% ELSIF error == "query_name_missing" %] + [% title = "No Query Name Specified" %] + You must enter a name for your query. + [% ELSIF error == "reassign_to_empty" %] [% title = "Illegal Reassignment" %] You cannot reassign to a bug to nobody. Unless you |