diff options
| author | lpsolit%gmail.com <> | 2009-05-25 18:59:18 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2009-05-25 18:59:18 +0200 |
| commit | 62097c29203f5e5a5e63168298c3fd1f1b846fb0 (patch) | |
| tree | f2c67aaef06cbaa0f210f63cb1e5e02ee18b4cf7 | |
| parent | 35626e6efffd5660091d94d1599f12fc3ae83115 (diff) | |
| download | bugzilla-62097c29203f5e5a5e63168298c3fd1f1b846fb0.tar.gz bugzilla-62097c29203f5e5a5e63168298c3fd1f1b846fb0.tar.xz | |
Bug 494369: Do not throw an error if the 'order' parameter contains invalid columns for buglists - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
| -rwxr-xr-x | buglist.cgi | 19 | ||||
| -rw-r--r-- | template/en/default/global/code-error.html.tmpl | 11 | ||||
| -rw-r--r-- | template/en/default/global/messages.html.tmpl | 5 |
3 files changed, 12 insertions, 23 deletions
diff --git a/buglist.cgi b/buglist.cgi index 2cf7a0136..2eee0edd9 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -165,7 +165,6 @@ my $serverpush = || $cgi->param('serverpush'); my $order = $cgi->param('order') || ""; -my $order_from_cookie = 0; # True if $order set using the LASTORDER cookie # The params object to use for the actual query itself my $params; @@ -890,8 +889,6 @@ if (!$order || $order =~ /^reuse/i) { # Cookies from early versions of Specific Search included this text, # which is now invalid. $order =~ s/ LIMIT 200//; - - $order_from_cookie = 1; } else { $order = ''; # Remove possible "reuse" identifier as unnecessary @@ -920,7 +917,7 @@ if ($order) { last ORDER; }; do { - my @order; + my (@order, @invalid_fragments); my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); # A custom list of columns. Make sure each column is valid. foreach my $fragment (split(/,/, $order)) { @@ -933,16 +930,14 @@ if ($order) { push(@order, $fragment); } else { - my $vars = { fragment => $fragment }; - if ($order_from_cookie) { - $cgi->remove_cookie('LASTORDER'); - ThrowCodeError("invalid_column_name_cookie", $vars); - } - else { - ThrowCodeError("invalid_column_name_form", $vars); - } + push(@invalid_fragments, $fragment); } } + if (scalar @invalid_fragments) { + $vars->{'message'} = 'invalid_column_name'; + $vars->{'invalid_fragments'} = \@invalid_fragments; + } + $order = join(",", @order); # Now that we have checked that all columns in the order are valid, # detaint the order string. diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index a2863336a..da71da30d 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -190,17 +190,6 @@ The attachment number of one of the attachments you wanted to obsolete, [% attach_id FILTER html %], is invalid. - [% ELSIF error == "invalid_column_name_cookie" %] - [% title = "Invalid Column Name" %] - The custom sort order specified in your cookie contains an invalid - column name <em>[% fragment FILTER html %]</em>. - The cookie has been cleared. - - [% ELSIF error == "invalid_column_name_form" %] - [% title = "Invalid Column Name" %] - The custom sort order specified in your form submission contains an - invalid column name <em>[% fragment FILTER html %]</em>. - [% ELSIF error == "invalid_customfield_type" %] [% title = "Invalid Field Type" %] The type <em>[% type FILTER html %]</em> is not a valid field type. diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index d2915780c..1bc10daa9 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -455,6 +455,11 @@ group. [% END %] + [% ELSIF message_tag == "invalid_column_name" %] + The custom sort order specified contains one or more invalid + column names: <em>[% invalid_fragments.join(', ') FILTER html %]</em>. + They have been removed from the sort list. + [% ELSIF message_tag == "job_queue_depth" %] [% count FILTER html %] jobs in the queue. |