diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2012-11-14 17:25:01 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-11-14 17:25:01 +0100 |
| commit | e4e3c1b860c47976dc7314ec26d336caa59bebd0 (patch) | |
| tree | 5161f7edb5d9b9046d7b98af3d000f37880f389b | |
| parent | 38fa3fab5ae996c6116b55fe87e60ea6b53b2923 (diff) | |
| parent | 442d6df4683b7219738bb799a3650dd8b9c8431f (diff) | |
| download | bugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.gz bugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.xz | |
merged with bugzilla/4.2
27 files changed, 213 insertions, 105 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index b61062a9f..9d69cd65c 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -593,7 +593,8 @@ sub fields { } } - return $do_by_name ? \%requested : [values %requested]; + return $do_by_name ? \%requested + : [sort { $a->sortkey <=> $b->sortkey || $a->name cmp $b->name } values %requested]; } sub active_custom_fields { @@ -865,7 +866,7 @@ in a hashref: =item C<by_name> If false (or not specified), this method will return an arrayref of -the requested fields. The order of the returned fields is random. +the requested fields. If true, this method will return a hashref of fields, where the keys are field names and the valules are L<Bugzilla::Field> objects. diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index b80228e78..aa7eee2a7 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -771,11 +771,8 @@ sub validate_obsolete { $attachment->validate_can_edit($bug->product_id) || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); - $vars->{'description'} = $attachment->description; - if ($attachment->bug_id != $bug->bug_id) { $vars->{'my_bug_id'} = $bug->bug_id; - $vars->{'attach_bug_id'} = $attachment->bug_id; ThrowCodeError('mismatched_bug_ids_on_obsolete', $vars); } diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 68ba98549..f8566be4a 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -523,17 +523,14 @@ sub possible_duplicates { if ($dbh->FULLTEXT_OR) { my $joined_terms = join($dbh->FULLTEXT_OR, @words); ($where_sql, $relevance_sql) = - $dbh->sql_fulltext_search('bugs_fulltext.short_desc', - $joined_terms, 1); + $dbh->sql_fulltext_search('bugs_fulltext.short_desc', $joined_terms); $relevance_sql ||= $where_sql; } else { my (@where, @relevance); - my $count = 0; foreach my $word (@words) { - $count++; my ($term, $rel_term) = $dbh->sql_fulltext_search( - 'bugs_fulltext.short_desc', $word, $count); + 'bugs_fulltext.short_desc', $word); push(@where, $term); push(@relevance, $rel_term || $term); } diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index aba988c18..0658244a1 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.3+"; +use constant BUGZILLA_VERSION => "4.2.4+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index da263e084..ebf59533f 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -56,6 +56,8 @@ use constant BLOB_TYPE => { ora_type => ORA_BLOB }; use constant MIN_LONG_READ_LEN => 32 * 1024; use constant FULLTEXT_OR => ' OR '; +our $fulltext_label = 0; + sub new { my ($class, $params) = @_; my ($user, $pass, $host, $dbname, $port) = @@ -124,7 +126,8 @@ sub bz_explain { sub sql_group_concat { my ($self, $text, $separator) = @_; $separator = $self->quote(', ') if !defined $separator; - return "group_concat(T_CLOB_DELIM($text, $separator))"; + my ($distinct, $rest) = $text =~/^(\s*DISTINCT\s|)(.+)$/i; + return "group_concat($distinct T_CLOB_DELIM(NVL($rest, ' '), $separator))"; } sub sql_regexp { @@ -170,11 +173,13 @@ sub sql_from_days{ return " TO_DATE($date,'J') "; } + sub sql_fulltext_search { - my ($self, $column, $text, $label) = @_; + my ($self, $column, $text) = @_; $text = $self->quote($text); trick_taint($text); - return "CONTAINS($column,$text,$label) > 0", "SCORE($label)"; + $fulltext_label++; + return "CONTAINS($column,$text,$fulltext_label) > 0", "SCORE($fulltext_label)"; } sub sql_date_format { @@ -545,14 +550,17 @@ sub bz_setup_database { . " RETURN NUMBER IS BEGIN RETURN LENGTH(COLUMN_NAME); END;"); # Create types for group_concat - my $t_clob_delim = $self->selectcol_arrayref(" - SELECT TYPE_NAME FROM USER_TYPES WHERE TYPE_NAME=?", - undef, 'T_CLOB_DELIM'); - - if ( !@$t_clob_delim ) { - $self->do("CREATE OR REPLACE TYPE T_CLOB_DELIM AS OBJECT " - . "( p_CONTENT CLOB, p_DELIMITER VARCHAR2(256));"); - } + $self->do("DROP TYPE T_GROUP_CONCAT"); + $self->do("CREATE OR REPLACE TYPE T_CLOB_DELIM AS OBJECT " + . "( p_CONTENT CLOB, p_DELIMITER VARCHAR2(256)" + . ", MAP MEMBER FUNCTION T_CLOB_DELIM_ToVarchar return VARCHAR2" + . ");"); + $self->do("CREATE OR REPLACE TYPE BODY T_CLOB_DELIM IS + MAP MEMBER FUNCTION T_CLOB_DELIM_ToVarchar return VARCHAR2 is + BEGIN + RETURN p_CONTENT; + END; + END;"); $self->do("CREATE OR REPLACE TYPE T_GROUP_CONCAT AS OBJECT ( CLOB_CONTENT CLOB, diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm index b6be64011..4f818932b 100644 --- a/Bugzilla/DB/Pg.pm +++ b/Bugzilla/DB/Pg.pm @@ -215,11 +215,12 @@ sub bz_check_server_version { my $self = shift; my ($db) = @_; my $server_version = $self->SUPER::bz_check_server_version(@_); - my ($major_version) = $server_version =~ /^(\d+)/; - # Pg 9 requires DBD::Pg 2.17.2 in order to properly read bytea values. + my ($major_version, $minor_version) = $server_version =~ /^0*(\d+)\.0*(\d+)/; + # Pg 9.0 requires DBD::Pg 2.17.2 in order to properly read bytea values. + # Pg 9.2 requires DBD::Pg 2.19.3 as spclocation no longer exists. if ($major_version >= 9) { - local $db->{dbd}->{version} = '2.17.2'; - local $db->{name} = $db->{name} . ' 9+'; + local $db->{dbd}->{version} = ($minor_version >= 2) ? '2.19.3' : '2.17.2'; + local $db->{name} = $db->{name} . " ${major_version}.$minor_version"; Bugzilla::DB::_bz_check_dbd(@_); } } diff --git a/Bugzilla/Field.pm b/Bugzilla/Field.pm index 5442c6401..8ebf08672 100644 --- a/Bugzilla/Field.pm +++ b/Bugzilla/Field.pm @@ -1025,11 +1025,6 @@ sub create { my ($params) = @_; my $dbh = Bugzilla->dbh; - # This makes sure the "sortkey" validator runs, even if - # the parameter isn't sent to create(). - $params->{sortkey} = undef if !exists $params->{sortkey}; - $params->{type} ||= 0; - # BMO: disable bug updates during field creation # using an eval as try/finally my $field; @@ -1039,32 +1034,27 @@ sub create { write_params(); } - # Purpose: if the field is active in the fields list before all of the - # data structures are created, anything accessing Bug.pm will crash. So - # stash a copy of the intended obsolete value for later and force it - # to be obsolete on initial creation. - # Upstreaming: https://bugzilla.mozilla.org/show_bug.cgi?id=531243 - my $original_obsolete; - if ($params->{'custom'}) { - $original_obsolete = $params->{'obsolete'}; - $params->{'obsolete'} = 1; - } + # This makes sure the "sortkey" validator runs, even if + # the parameter isn't sent to create(). + $params->{sortkey} = undef if !exists $params->{sortkey}; + $params->{type} ||= 0; + # We mark the custom field as obsolete till it has been fully created, + # to avoid race conditions when viewing bugs at the same time. + my $is_obsolete = $params->{obsolete}; + $params->{obsolete} = 1 if $params->{custom}; $dbh->bz_start_transaction(); $class->check_required_create_fields(@_); my $field_values = $class->run_create_validators($params); my $visibility_values = delete $field_values->{visibility_values}; my $field = $class->insert_create_data($field_values); - + $field->set_visibility_values($visibility_values); $field->_update_visibility_values(); $dbh->bz_commit_transaction(); if ($field->custom) { - # Restore the obsolete value that got stashed earlier (in memory) - $field->set_obsolete($original_obsolete); - my $name = $field->name; my $type = $field->type; if (SQL_DEFINITIONS->{$type}) { @@ -1082,8 +1072,9 @@ sub create { $dbh->do("INSERT INTO $name (value) VALUES ('---')"); } - # Safe to write the original 'obsolete' value to the database now - $field->update; + # Restore the original obsolete state of the custom field. + $dbh->do('UPDATE fielddefs SET obsolete = 0 WHERE id = ?', undef, $field->id) + unless $is_obsolete; } }; diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 5fc00e137..617ea54b7 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -95,7 +95,7 @@ use constant VALIDATORS => { description => \&_check_description, cc_list => \&_check_cc_list, target_type => \&_check_target_type, - sortkey => \&_check_sortey, + sortkey => \&_check_sortkey, is_active => \&Bugzilla::Object::check_boolean, is_requestable => \&Bugzilla::Object::check_boolean, is_requesteeble => \&Bugzilla::Object::check_boolean, @@ -325,7 +325,7 @@ sub _check_target_type { return $target_type; } -sub _check_sortey { +sub _check_sortkey { my ($invocant, $sortkey) = @_; (detaint_natural($sortkey) && $sortkey <= MAX_SMALLINT) diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 4db37f72f..8089c6ccc 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -809,7 +809,7 @@ your own C<DB_COLUMNS> subroutine in a subclass.) The name of the column that should be considered to be the unique "name" of this object. The 'name' is a B<string> that uniquely identifies this Object in the database. Defaults to 'name'. When you specify -C<{name => $name}> to C<new()>, this is the column that will be +C<< {name => $name} >> to C<new()>, this is the column that will be matched against in the DB. =item C<ID_FIELD> @@ -972,7 +972,7 @@ for each placeholder in C<condition>, in order. This is to allow subclasses to have complex parameters, and then to translate those parameters into C<condition> and C<values> when they -call C<$self->SUPER::new> (which is this function, usually). +call C<< $self->SUPER::new >> (which is this function, usually). If you try to call C<new> outside of a subclass with the C<condition> and C<values> parameters, Bugzilla will throw an error. These parameters @@ -1097,8 +1097,9 @@ Notes: In order for this function to work in your subclass, your subclass's L</ID_FIELD> must be of C<SERIAL> type in the database. - Subclass Implementors: This function basically just - calls L</check_required_create_fields>, then +Subclass Implementors: + This function basically just calls + L</check_required_create_fields>, then L</run_create_validators>, and then finally L</insert_create_data>. So if you have a complex system that you need to implement, you can do it by calling these @@ -1291,9 +1292,9 @@ C<0> otherwise. Returns: A list of objects, or an empty list if there are none. - Notes: Note that you must call this as C<$class->get_all>. For - example, C<Bugzilla::Keyword->get_all>. - C<Bugzilla::Keyword::get_all> will not work. + Notes: Note that you must call this as $class->get_all. For + example, Bugzilla::Keyword->get_all. + Bugzilla::Keyword::get_all will not work. =back diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index c7c5038be..542b01045 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -2348,9 +2348,9 @@ sub _content_matches { # Create search terms to add to the SELECT and WHERE clauses. my ($term1, $rterm1) = - $dbh->sql_fulltext_search("$table.$comments_col", $value, 1); + $dbh->sql_fulltext_search("$table.$comments_col", $value); my ($term2, $rterm2) = - $dbh->sql_fulltext_search("$table.short_desc", $value, 2); + $dbh->sql_fulltext_search("$table.short_desc", $value); $rterm1 = $term1 if !$rterm1; $rterm2 = $term2 if !$rterm2; diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 59aab9b55..6274c3a78 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -166,6 +166,7 @@ use constant WS_ERROR_CODE => { group_exists => 801, empty_group_description => 802, invalid_regexp => 803, + invalid_group_name => 804, # Errors thrown by the WebService itself. The ones that are negative # conform to http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index feb80e9d0..206f0c657 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -25,7 +25,9 @@ use Scalar::Util qw(blessed); sub handle_login { my ($self, $class, $method, $full_method) = @_; - ThrowCodeError('unknown_method', {method => $full_method}) if !$class; + # Throw error if the supplied class does not exist or the method is private + ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/); + eval "require $class"; ThrowCodeError('unknown_method', {method => $full_method}) if $@; return if ($class->login_exempt($method) diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index d9fc890f7..758c69aa8 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -242,12 +242,18 @@ sub _filter_users_by_group { # If no groups are specified, we return all users. return $users if (!$group_ids and !$group_names); + my $user = Bugzilla->user; + my @groups = map { Bugzilla::Group->check({ id => $_ }) } @{ $group_ids || [] }; - my @name_groups = map { Bugzilla::Group->check($_) } - @{ $group_names || [] }; - push(@groups, @name_groups); - + + if ($group_names) { + foreach my $name (@$group_names) { + my $group = Bugzilla::Group->check({ name => $name, _error => 'invalid_group_name' }); + $user->in_group($group) || ThrowUserError('invalid_group_name', { name => $name }); + push(@groups, $group); + } + } my @in_group = grep { $self->_user_in_any_group($_, \@groups) } @$users; @@ -679,10 +685,10 @@ based on your permission to bless each group. =over -=item 51 (Bad Login Name or Group Name) +=item 51 (Bad Login Name or Group ID) You passed an invalid login name in the "names" array or a bad -group name/id in the C<groups>/C<group_ids> arguments. +group ID in the C<group_ids> argument. =item 304 (Authorization Required) @@ -694,6 +700,11 @@ wanted to get information about by user id. Logged-out users cannot use the "ids" or "match" arguments to this function. +=item 804 (Invalid Group Name) + +You passed a group name in the C<groups> argument which either does not +exist or you do not belong to it. + =back =item B<History> @@ -711,6 +722,9 @@ for C<match> has changed to only returning enabled accounts. =item C<saved_searches> Added in Bugzilla B<4.4>. +=item Error 804 has been added in Bugzilla 4.0.9 and 4.2.4. It's now +illegal to pass a group name you don't belong to. + =back =back diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 6d3a37767..feefd47af 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -153,7 +153,7 @@ a hash to L</filter>, C<0> otherwise. =head2 validate -This helps in the validation of parameters passed into the WebSerice +This helps in the validation of parameters passed into the WebService methods. Currently it converts listed parameters into an array reference if the client only passed a single scalar value. It modifies the parameters hash in place so other parameters should be unaltered. diff --git a/contrib/convert-workflow.pl b/contrib/convert-workflow.pl index 60029f67a..3dce21f12 100755 --- a/contrib/convert-workflow.pl +++ b/contrib/convert-workflow.pl @@ -20,7 +20,6 @@ # Max Kanat-Alexander <mkanat@bugzilla.org> use strict; -use warnings; use lib qw(. lib); use Bugzilla; @@ -82,6 +81,8 @@ $dbh->bz_start_transaction(); foreach my $pair (@translation) { my ($from, $to) = @$pair; print "Converting $from to $to...\n"; + # There is no FK on bugs.bug_status pointing to bug_status.value, + # so it's fine to update the bugs table first. $dbh->do('UPDATE bugs SET bug_status = ? WHERE bug_status = ?', undef, $to, $from); @@ -103,11 +104,53 @@ foreach my $pair (@translation) { # If the new status already exists, just delete the old one, but retain # the workflow items from it. - if (my $existing = new Bugzilla::Status({ name => $to })) { + my $new_status = new Bugzilla::Status({ name => $to }); + my $old_status = new Bugzilla::Status({ name => $from }); + + if ($new_status && $old_status) { + my $to_id = $new_status->id; + my $from_id = $old_status->id; + # The subselect collects existing transitions from the target bug status. + # The main select collects existing transitions from the renamed bug status. + # The diff tells us which transitions are missing from the target bug status. + my $missing_transitions = + $dbh->selectcol_arrayref('SELECT sw1.new_status + FROM status_workflow sw1 + WHERE sw1.old_status = ? + AND sw1.new_status NOT IN (SELECT sw2.new_status + FROM status_workflow sw2 + WHERE sw2.old_status = ?)', + undef, ($from_id, $to_id)); + + $dbh->do('UPDATE status_workflow SET old_status = ? WHERE old_status = ? AND ' + . $dbh->sql_in('new_status', $missing_transitions), + undef, ($to_id, $from_id)) if @$missing_transitions; + + # The subselect collects existing transitions to the target bug status. + # The main select collects existing transitions to the renamed bug status. + # The diff tells us which transitions are missing to the target bug status. + # We have to explicitly exclude NULL from the subselect, because NOT IN + # doesn't know what to do with it (neither true nor false) and no data is returned. + $missing_transitions = + $dbh->selectcol_arrayref('SELECT sw1.old_status + FROM status_workflow sw1 + WHERE sw1.new_status = ? + AND sw1.old_status NOT IN (SELECT sw2.old_status + FROM status_workflow sw2 + WHERE sw2.new_status = ? + AND sw2.old_status IS NOT NULL)', + undef, ($from_id, $to_id)); + + $dbh->do('UPDATE status_workflow SET new_status = ? WHERE new_status = ? AND ' + . $dbh->sql_in('old_status', $missing_transitions), + undef, ($to_id, $from_id)) if @$missing_transitions; + + # Delete rows where old_status = new_status, and then the old status itself. + $dbh->do('DELETE FROM status_workflow WHERE old_status = new_status'); $dbh->do('DELETE FROM bug_status WHERE value = ?', undef, $from); } # Otherwise, rename the old status to the new one. - else { + elsif ($old_status) { $dbh->do('UPDATE bug_status SET value = ? WHERE value = ?', undef, $to, $from); } diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index 1ed72f64a..e8497962d 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -32,9 +32,9 @@ For a devel release, simple bump bz-ver and bz-date --> -<!ENTITY bz-ver "4.2.3"> +<!ENTITY bz-ver "4.2.4"> <!ENTITY bz-nextver "4.4"> -<!ENTITY bz-date "2012-08-30"> +<!ENTITY bz-date "2012-11-13"> <!ENTITY current-year "2012"> <!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-4.2-branch/"> diff --git a/docs/en/xml/customization.xml b/docs/en/xml/customization.xml index 9b62b1d0b..c1524e07d 100644 --- a/docs/en/xml/customization.xml +++ b/docs/en/xml/customization.xml @@ -110,14 +110,14 @@ The first method of making customizations is to directly edit the templates found in <filename>template/en/default</filename>. This is probably the best way to go about it if you are going to - be upgrading Bugzilla through CVS, because if you then execute - a <command>cvs update</command>, any changes you have made will + be upgrading Bugzilla through Bzr, because if you then execute + a <command>bzr update</command>, any changes you have made will be merged automagically with the updated versions. </para> <note> <para> - If you use this method, and CVS conflicts occur during an + If you use this method, and Bzr conflicts occur during an update, the conflicted templates (and possibly other parts of your installation) will not work until they are resolved. </para> @@ -143,7 +143,7 @@ The second method of customization should be used if you use the overwriting method of upgrade, because otherwise your changes will be lost. This method may also be better if - you are using the CVS method of upgrading and are going to make major + you are using the Bzr method of upgrading and are going to make major changes, because it is guaranteed that the contents of this directory will not be touched during an upgrade, and you can then decide whether to continue using your own templates, or make the effort to merge your diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index e9830e29c..2da3a8e79 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -191,8 +191,8 @@ <para> <ulink url="http://www.bugzilla.org/download/">Download a Bugzilla tarball</ulink> - (or check it out from CVS) and place - it in a suitable directory, accessible by the default web server user + (or <ulink url="https://wiki.mozilla.org/Bugzilla:Bzr">check it out from Bzr</ulink>) + and place it in a suitable directory, accessible by the default web server user (probably <quote>apache</quote> or <quote>www</quote>). Good locations are either directly in the web server's document directories or in <filename>/usr/local</filename> with a symbolic link to the web server's diff --git a/docs/en/xml/using.xml b/docs/en/xml/using.xml index 3bf0558fc..bed776dd3 100644 --- a/docs/en/xml/using.xml +++ b/docs/en/xml/using.xml @@ -665,14 +665,10 @@ <title>Adding/removing tags to/from bugs</title> <para> You can add and remove tags from individual bugs, which let you find and - manage them more easily. Creating a new tag automatically generates a saved - search - whose name is the name of the tag - which lists bugs with this tag. - This saved search will be displayed in the footer of pages by default, as - all other saved searches. The main difference between tags and normal saved - searches is that saved searches, as described in the previous section, are - stored in the form of a list of matching criteria, while the saved search - generated by tags is a list of bug numbers. Consequently, you can easily - edit this list by either adding or removing tags from bugs. To enable this + manage bugs more easily. Tags are per-user and so are only visible and editable + by the user who created them. You can then run queries using tags as a criteria, + either by using the Advanced Search form, or simply by typing "tag:my_tag_name" + in the QuickSearch box at the top (or bottom) of the page. To enable this feature, you have to turn on the <quote>Enable tags for bugs</quote> user preference, see <xref linkend="userpreferences" />. This feature is disabled by default. @@ -684,9 +680,7 @@ these bugs and mixing all these reasons, you can now store these bugs in separate lists, e.g. <quote>Keep in mind</quote>, <quote>Interesting bugs</quote>, or <quote>Triage</quote>. One big advantage of this way to manage bugs - is that you can easily add or remove bugs one by one, which is not - possible to do with saved searches without having to edit the search - criteria again. + is that you can easily add or remove tags from bugs one by one. </para> </section> </section> diff --git a/js/yui/swfstore/swfstore.swf b/js/yui/swfstore/swfstore.swf Binary files differdeleted file mode 100644 index cfd42c18d..000000000 --- a/js/yui/swfstore/swfstore.swf +++ /dev/null diff --git a/report.cgi b/report.cgi index cc43e66e4..5d5033b7d 100755 --- a/report.cgi +++ b/report.cgi @@ -354,5 +354,5 @@ sub get_field_restrictions { my $field = shift; my $cgi = Bugzilla->cgi; - return join('&', map {"$field=$_"} $cgi->param($field)); + return join('&', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field)); } diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index 5fa8d5e6b..52e5865b8 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -30,9 +30,8 @@ [% PROCESS bug/time.html.tmpl %] - <script type="text/javascript"> - <!-- - +<script type="text/javascript"> +<!-- [% IF user.is_timetracker %] var fRemainingTime = [% bug.remaining_time %]; // holds the original value function adjustRemainingTime() { @@ -53,6 +52,7 @@ } [% END %] +[% IF user.id %] /* Index all classifications so we can keep track of the classification * for the selected product, which could control field visibility. */ @@ -61,9 +61,9 @@ all_classifications['[% product.name FILTER js %]'] = ' [%- product.classification.name FILTER js %]'; [%- END %] - - //--> - </script> +[% END %] +//--> +</script> <form name="changeform" id="changeform" method="post" action="process_bug.cgi"> diff --git a/template/en/default/bug/field-events.js.tmpl b/template/en/default/bug/field-events.js.tmpl index 13ec18d38..f1d5afd32 100644 --- a/template/en/default/bug/field-events.js.tmpl +++ b/template/en/default/bug/field-events.js.tmpl @@ -24,11 +24,23 @@ #%] [% FOREACH controlled_field = field.controls_visibility_of %] + [% vis_names = [] %] + [% FOREACH visibility_value = controlled_field.visibility_values %] + [%# Exclude non-enterable products and components outside the current product. %] + [% NEXT IF field.name == "product" + && visibility_value.id != product.id + && !user.can_enter_product(visibility_value) %] + [% NEXT IF field.name == "component" && visibility_value.product_id != product.id %] + [% vis_names.push(visibility_value.name) %] + [% END %] + + [% NEXT UNLESS vis_names.size %] + showFieldWhen('[% controlled_field.name FILTER js %]', '[% field.name FILTER js %]', [ - [%- FOREACH visibility_value = controlled_field.visibility_values -%] - '[%- visibility_value.name FILTER js -%]'[% "," UNLESS loop.last %] - [%- END %] + [%~ FOREACH vis_name = vis_names ~%] + '[% vis_name FILTER js %]'[% "," UNLESS loop.last %] + [%~ END ~%] ]); [% END %] diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index b4bf0d9bd..ffb39c160 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -244,8 +244,7 @@ setting in [% constants.bz_locations.localconfig FILTER html %]. [% ELSIF error == "mismatched_bug_ids_on_obsolete" %] - Attachment [% attach_id FILTER html %] ([% description FILTER html %]) - is attached to [% terms.bug %] [%+ attach_bug_id FILTER html %], + Attachment [% attach_id FILTER html %] is attached to another [% terms.bug %], but you tried to flag it as obsolete while creating a new attachment to [%+ terms.bug %] [%+ my_bug_id FILTER html %]. diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 713dfc36f..c2b2ceb28 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1848,7 +1848,7 @@ [% FOREACH q = Bugzilla.user.queries %] [% IF q.name == namedcmd %] - or <a href="query.cgi?[% q.url FILTER uri %]">edit</a> + or <a href="query.cgi?[% q.url FILTER html %]">edit</a> [% END %] [% END %] diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 35963148a..86a12af8d 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -53,6 +53,53 @@ <h2 id="v42_point">Updates in this 4.2.x Release</h2> +<h3>4.2.4</h3> + +<p>This release fixes several security issues. See the + <a href="http://www.bugzilla.org/security/3.6.11/">Security Advisory</a> + for details.</p> + +<p>In addition, the following important fixes/changes have been made in this + release:</p> + +<ul> + <li>Queries involving group substitution were crashing when the "usevisibilitygroups" + parameter was enabled. Also, CVE-2011-2979 was not fully fixed in + [%+ terms.Bugzilla %] 4.1.3. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=788098">[% terms.Bug %] 788098</a>)</li> + <li>Flag names were not properly escaped when displayed on the "confirm user + match" page. An admin could unintentionally break the display of this page + if a flag name contains a < or > character, because these characters + were not filtered. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=790215">[% terms.Bug %] 790215</a>)</li> + <li>We now prevent private WebServices methods from being called by external + applications. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=793826">[% terms.Bug %] 793826</a>)</li> + <li>PostgreSQL 9.2 requires DBD::Pg 2.19.3. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=799721">[% terms.Bug %] 799721</a>)</li> + <li>Oracle was crashing when listing keywords or flags in buglists. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=780053">[% terms.Bug %] 780053</a>)</li> + <li>Oracle was crashing when typing several bare words in the QuickSearch field. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=804505">[% terms.Bug %] 804505</a>)</li> + <li>[% terms.Bugs %] with the resolution MOVED couldn't be edited anymore. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=757935">[% terms.Bug %] 757935</a>)</li> + <li>Editing dependencies from the "Change Several [% terms.Bugs %] at Once" + page didn't work as expected. [% terms.Bug %] IDs were incorrectly parsed. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=790909">[% terms.Bug %] 790909</a>)</li> + <li>The "Actual Hours" axis now works correctly in tabular and graphical reports. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=794389">[% terms.Bug %] 794389</a>)</li> + <li><kbd>checksetup.pl</kbd> was failing to run if the Voting extension was + enabled on a fresh installation and some mandatory modules were missing. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652047">[% terms.Bug %] 652047</a>)</li> + <li>[% terms.Bugzilla %] no longer crashes when viewing [% terms.abug %] while + a custom field is being added. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=531243">[% terms.Bug %] 531243</a>)</li> + <li>For improved security, we now send the "X-Content-Type-Options: nosniff" + and "X-XSS-Protection: block" headers with every response. + ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=671612">671612</a> + and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=680771">680771</a>)</li> +</ul> + <h3>4.2.3</h3> <p>This release fixes two security issues. See the @@ -129,7 +176,7 @@ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=768870">[% terms.Bug %] 768870</a>)</li> <li>Two minor CSRF vulnerabilities have been fixed which could let an attacker alter your default search criteria in the Advanced Search page. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754672">[% terms.Bugs %] 754672</a> + ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754672">754672</a> and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754673">754673</a>)</li> </ul> @@ -613,8 +660,8 @@ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=640719">[% terms.Bug %] 640719</a>)</li> <li>Email notifications about dependencies and flags had the wrong timestamp. - (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=643910">[% terms.Bug %] 643910</a> - and (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652165">[% terms.Bug %] 652165</a>)</li> + ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=643910">643910</a> + and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652165">652165</a>)</li> <li>You can now select "UTC" as a valid timezone in General Preferences. (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=646209">[% terms.Bug %] 646209</a>)</li> <li>Automatic duplicate detection now works on PostgreSQL (although diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl index 8a3ab9524..b41753550 100644 --- a/template/en/default/reports/report-table.html.tmpl +++ b/template/en/default/reports/report-table.html.tmpl @@ -102,7 +102,7 @@ YAHOO.util.Event.addListener(window, "load", function() { var myColumnDefs = [ {key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }}, [% FOREACH col = col_names %] - {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true, + {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true, formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }}, [% END %] {key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal, |