Bug 772953: Remove the token from buglist urls

r=dkl, a=LpSolit

4 files changed, 24 insertions, 3 deletions

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 21d4303a8..d0b3f3711 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -169,6 +169,11 @@ sub clean_search_url {
     # Delete leftovers from the login form
     $self->delete('Bugzilla_remember', 'GoAheadAndLogIn');
 
+    # Delete the token if we're not updating the defaults
+    unless (defined $self->param('remtype') && $self->param('remtype') eq 'asdefault') {
+        $self->delete("token");
+    }
+
     foreach my $num (1,2,3) {
         # If there's no value in the email field, delete the related fields.
         if (!$self->param("email$num")) {
diff --git a/buglist.cgi b/buglist.cgi
index b4c322a58..c5c06bdc8 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1116,7 +1116,8 @@ else {
 
 # Set 'urlquerypart' once the buglist ID is known.
 $vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
-                                                      'query_based_on');
+                                                      'query_based_on',
+                                                      'token');
 
 if ($format->{'extension'} eq "csv") {
     # We set CSV files to be downloaded, as they are designed for importing
diff --git a/js/custom-search.js b/js/custom-search.js
index 0ee7d2488..73897035d 100644
--- a/js/custom-search.js
+++ b/js/custom-search.js
@@ -146,7 +146,15 @@ function fix_query_string(form_member) {
         return;
 
     var form = YAHOO.util.Dom.getAncestorByTagName(form_member, 'form');
+    // Disable the token field so setForm doesn't include it
+    var reenable_token = false;
+    if (form['token'] && !form['token'].disabled) {
+      form['token'].disabled = true;
+      reenable_token = true;
+    }
     var query = YAHOO.util.Connect.setForm(form);
+    if (reenable_token)
+      form['token'].disabled = false;
     window.History.replaceState(null, document.title, '?' + query);
 }
 
diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl
index ef7fa769a..780d54edd 100644
--- a/template/en/default/search/search-advanced.html.tmpl
+++ b/template/en/default/search/search-advanced.html.tmpl
@@ -31,7 +31,13 @@
 
 
 [% js_data = BLOCK %]
-var queryform = "queryform"
+var queryform = "queryform";
+function remove_token() {
+  if (queryform.token) {
+    var asDefault = document.getElementById('remasdefault');
+    queryform.token.disabled = !asDefault.checked;
+  }
+}
 [% END %]
 
 [% PROCESS global/header.html.tmpl
@@ -53,7 +59,8 @@ var queryform = "queryform"
 
 <p id="search_help">Hover your mouse over each field label to get help for that field.</p>
 
-<form method="post" action="buglist.cgi" name="queryform" id="queryform">
+<form method="post" action="buglist.cgi" name="queryform" id="queryform"
+      onsubmit="remove_token()">
 
 [% PROCESS search/form.html.tmpl %]