merged with bugzilla/4.2

6 files changed, 88 insertions, 40 deletions

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 4e32436c0..4804851bb 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -178,9 +178,14 @@ sub issue_hash_token {
     $data ||= [];
     $time ||= time();
 
+    # For the user ID, use the actual ID if the user is logged in.
+    # Otherwise, use the remote IP, in case this is for something
+    # such as creating an account or logging in.
+    my $user_id = Bugzilla->user->id || remote_ip();
+
     # The concatenated string is of the form
-    # token creation time + site-wide secret + user ID + data
-    my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data);
+    # token creation time + site-wide secret + user ID (either ID or remote IP) + data
+    my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data);
 
     my $token = join('*', @args);
     # Wide characters cause md5_hex() to die.
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 5b4f9a814..c1c364fd9 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -517,26 +517,21 @@ sub save_last_search {
 
     return if !@$bug_ids;
 
+    my $search;
     if ($self->id) {
         on_main_db {
-            my $search;
             if ($list_id) {
-                # Use eval so that people can still use old search links or
-                # links that don't belong to them.
-                $search = eval { Bugzilla::Search::Recent->check(
-                                    { id => $list_id }) };
+                $search = Bugzilla::Search::Recent->check_quietly({ id => $list_id });
             }
 
             if ($search) {
-                # We only update placeholders. (Placeholders are
-                # Saved::Search::Recent objects with empty bug lists.)
-                # Otherwise, we could just keep creating new searches
-                # for the same refreshed list over and over.
-                if (!@{ $search->bug_list }) {
-                    $search->set_list_order($order);
+                if (join(',', @{$search->bug_list}) ne join(',', @$bug_ids)) {
                     $search->set_bug_list($bug_ids);
-                    $search->update();
                 }
+                if (!$search->list_order || $order ne $search->list_order) {
+                    $search->set_list_order($order);
+                }
+                $search->update();
             }
             else {
                 # If we already have an existing search with a totally
@@ -549,11 +544,14 @@ sub save_last_search {
                     user_id => $self->id, bug_list => $list_string });
            
                 if (!scalar(@$existing_search)) {
-                    Bugzilla::Search::Recent->create({
+                    $search = Bugzilla::Search::Recent->create({
                         user_id    => $self->id,
                         bug_list   => $bug_ids,
                         list_order => $order });
                 }
+                else {
+                    $search = $existing_search->[0];
+                }
             }
         };
         delete $self->{recent_searches};
@@ -575,6 +573,7 @@ sub save_last_search {
             $vars->{'toolong'} = 1;
         }
     }
+    return $search;
 }
 
 sub settings {
diff --git a/buglist.cgi b/buglist.cgi
index 85a8ae760..7b513e607 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -164,14 +164,13 @@ my $params;
 # If the user is retrieving the last bug list they looked at, hack the buffer
 # storing the query string so that it looks like a query retrieving those bugs.
 if (my $last_list = $cgi->param('regetlastlist')) {
-    my ($bug_ids, $order);
+    my $bug_ids;
 
     # Logged-out users use the old cookie method for storing the last search.
     if (!$user->id or $last_list eq 'cookie') {
-        $cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie");
-        $order = "reuse last sort" unless $order;
-        $bug_ids = $cgi->cookie('BUGLIST');
+        $bug_ids = $cgi->cookie('BUGLIST') or ThrowUserError("missing_cookie");
         $bug_ids =~ s/[:-]/,/g;
+        $order ||= "reuse last sort";
     }
     # But logged in users store the last X searches in the DB so they can
     # have multiple bug lists available.
@@ -179,10 +178,11 @@ if (my $last_list = $cgi->param('regetlastlist')) {
         my $last_search = Bugzilla::Search::Recent->check(
             { id => $last_list });
         $bug_ids = join(',', @{ $last_search->bug_list });
-        $order   = $last_search->list_order if !$order;
+        $order ||= $last_search->list_order;
     }
     # set up the params for this new query
     $params = new Bugzilla::CGI({ bug_id => $bug_ids, order => $order });
+    $params->param('list_id', $last_list);
 }
 
 # Figure out whether or not the user is doing a fulltext search.  If not,
@@ -972,14 +972,6 @@ if ($format->{'extension'} eq 'ics') {
     }
 }
 
-# The list of query fields in URL query string format, used when creating
-# URLs to the same query results page with different parameters (such as
-# a different sort order or when taking some action on the set of query
-# results).  To get this string, we call the Bugzilla::CGI::canoncalise_query
-# function with a list of elements to be removed from the URL.
-$vars->{'urlquerypart'} = $params->canonicalise_query('order',
-                                                      'cmdtype',
-                                                      'query_based_on');
 $vars->{'order'} = $order;
 $vars->{'caneditbugs'} = 1;
 $vars->{'time_info'} = $time_info;
@@ -1113,17 +1105,20 @@ my $contenttype;
 my $disposition = "inline";
 
 if ($format->{'extension'} eq "html" && !$agent) {
-    if (!$cgi->param('regetlastlist')) {
-        Bugzilla->user->save_last_search(
-            { bugs => \@bugidlist, order => $order, vars => $vars,
-              list_id => scalar $cgi->param('list_id') });
-    }
+    my $list_id = $cgi->param('list_id') || $cgi->param('regetlastlist');
+    my $search = $user->save_last_search(
+        { bugs => \@bugidlist, order => $order, vars => $vars, list_id => $list_id });
+    $cgi->param('list_id', $search->id) if $search;
     $contenttype = "text/html";
 }
 else {
     $contenttype = $format->{'ctype'};
 }
 
+# Set 'urlquerypart' once the buglist ID is known.
+$vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
+                                                      'query_based_on');
+
 if ($format->{'extension'} eq "csv") {
     # We set CSV files to be downloaded, as they are designed for importing
     # into other programs.
diff --git a/createaccount.cgi b/createaccount.cgi
index db0727add..2348d4e91 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -62,6 +62,11 @@ unless ($createexp) {
 my $login = $cgi->param('login');
 
 if (defined($login)) {
+    # Check the hash token to make sure this user actually submitted
+    # the create account form.
+    my $token = $cgi->param('token');
+    check_hash_token($token, ['create_account']);
+
     $login = Bugzilla::User->check_login_name_for_creation($login);
     $vars->{'login'} = $login;
 
diff --git a/docs/en/xml/administration.xml b/docs/en/xml/administration.xml
index cabb772d2..1630e2e45 100644
--- a/docs/en/xml/administration.xml
+++ b/docs/en/xml/administration.xml
@@ -2408,6 +2408,16 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
 
           <listitem>
             <para>
+              <emphasis>Reverse Relationship Description:</emphasis>
+              When the custom field is of type <quote>Bug ID</quote>, you can
+              enter text here which will be used as label in the referenced
+              bug to list bugs which point to it. This gives you the ability
+              to have a mutual relationship between two bugs.
+            </para>
+          </listitem>
+
+          <listitem>
+            <para>
               <emphasis>Can be set on bug creation:</emphasis>
               Boolean that determines whether this field can be set on
               bug creation. If not selected, then a bug must be created 
@@ -2442,6 +2452,35 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
               must be entered.
             </para>
           </listitem>
+
+          <listitem>
+            <para>
+              <emphasis>Field only appears when:</emphasis>
+              A custom field can be made visible when some criteria is met.
+              For instance, when the bug belongs to one or more products,
+              or when the bug is of some given severity. If left empty, then
+              the custom field will always be visible, in all bugs.
+            </para>
+          </listitem>
+
+          <listitem>
+            <para>
+              <emphasis>Field that controls the values that appear in this field:</emphasis>
+              When the custom field is of type <quote>Drop Down</quote> or
+              <quote>Multiple-Selection Box</quote>, you can restrict the
+              availability of the values of the custom field based on the
+              value of another field. This criteria is independent of the
+              criteria used in the <quote>Field only appears when</quote>
+              setting. For instance, you may decide that some given value
+              <quote>valueY</quote> is only available when the bug status
+              is RESOLVED while the value <quote>valueX</quote> should
+              always be listed.
+              Once you have selected the field which should control the
+              availability of the values of this custom field, you can
+              edit values of this custom field to set the criteria, see
+              <xref linkend="edit-values-list" />.
+            </para>
+          </listitem>
         </itemizedlist>
       </para>
     </section>
@@ -2476,13 +2515,12 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
     <title>Legal Values</title>
 
     <para>
-      Since Bugzilla 2.20 RC1, legal values for Operating Systems, platforms,
-      bug priorities and severities can be edited from the User Interface
-      directly. This means that it is no longer required to manually edit
-      <filename>localconfig</filename>. Starting with Bugzilla 2.23.3, 
-      the list of valid resolutions can be customized from the same interface.
-      Since Bugzilla 3.1.1 the list of valid bug statuses can be customized
-      as well.
+      Legal values for the operating system, platform, bug priority and
+      severity, custom fields of type <quote>Drop Down</quote> and
+      <quote>Multiple-Selection Box</quote> (see <xref linkend="custom-fields" />),
+      as well as the list of valid bug statuses and resolutions can be
+      customized from the same interface. You can add, edit, disable and
+      remove values which can be used with these fields.
     </para>
 
     <section id="edit-values-list">
@@ -2498,6 +2536,11 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
         must be unique to that field. The sortkey is important to display these
         values in the desired order.
       </para>
+      <para>
+        When the availability of the values of a custom field is controlled
+        by another field, you can select from here which value of the other field
+        must be set for the value of the custom field to appear.
+      </para>
     </section>
 
     <section id="edit-values-delete">
diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl
index 5b8220193..5acd9f541 100644
--- a/template/en/default/account/create.html.tmpl
+++ b/template/en/default/account/create.html.tmpl
@@ -73,6 +73,7 @@
     </tr>
   </table>
   <br>
+  <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]">
   <input type="submit" id="send" value="Send">
 </form>