summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-11-14 17:25:01 +0100
committerDave Lawrence <dlawrence@mozilla.com>2012-11-14 17:25:01 +0100
commite4e3c1b860c47976dc7314ec26d336caa59bebd0 (patch)
tree5161f7edb5d9b9046d7b98af3d000f37880f389b /template
parent38fa3fab5ae996c6116b55fe87e60ea6b53b2923 (diff)
parent442d6df4683b7219738bb799a3650dd8b9c8431f (diff)
downloadbugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.gz
bugzilla-e4e3c1b860c47976dc7314ec26d336caa59bebd0.tar.xz
merged with bugzilla/4.2
Diffstat (limited to 'template')
-rw-r--r--template/en/default/bug/edit.html.tmpl12
-rw-r--r--template/en/default/bug/field-events.js.tmpl18
-rw-r--r--template/en/default/global/code-error.html.tmpl3
-rw-r--r--template/en/default/global/user-error.html.tmpl2
-rw-r--r--template/en/default/pages/release-notes.html.tmpl53
-rw-r--r--template/en/default/reports/report-table.html.tmpl2
6 files changed, 74 insertions, 16 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index 5fa8d5e6b..52e5865b8 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -30,9 +30,8 @@
[% PROCESS bug/time.html.tmpl %]
- <script type="text/javascript">
- <!--
-
+<script type="text/javascript">
+<!--
[% IF user.is_timetracker %]
var fRemainingTime = [% bug.remaining_time %]; // holds the original value
function adjustRemainingTime() {
@@ -53,6 +52,7 @@
}
[% END %]
+[% IF user.id %]
/* Index all classifications so we can keep track of the classification
* for the selected product, which could control field visibility.
*/
@@ -61,9 +61,9 @@
all_classifications['[% product.name FILTER js %]'] = '
[%- product.classification.name FILTER js %]';
[%- END %]
-
- //-->
- </script>
+[% END %]
+//-->
+</script>
<form name="changeform" id="changeform" method="post" action="process_bug.cgi">
diff --git a/template/en/default/bug/field-events.js.tmpl b/template/en/default/bug/field-events.js.tmpl
index 13ec18d38..f1d5afd32 100644
--- a/template/en/default/bug/field-events.js.tmpl
+++ b/template/en/default/bug/field-events.js.tmpl
@@ -24,11 +24,23 @@
#%]
[% FOREACH controlled_field = field.controls_visibility_of %]
+ [% vis_names = [] %]
+ [% FOREACH visibility_value = controlled_field.visibility_values %]
+ [%# Exclude non-enterable products and components outside the current product. %]
+ [% NEXT IF field.name == "product"
+ && visibility_value.id != product.id
+ && !user.can_enter_product(visibility_value) %]
+ [% NEXT IF field.name == "component" && visibility_value.product_id != product.id %]
+ [% vis_names.push(visibility_value.name) %]
+ [% END %]
+
+ [% NEXT UNLESS vis_names.size %]
+
showFieldWhen('[% controlled_field.name FILTER js %]',
'[% field.name FILTER js %]', [
- [%- FOREACH visibility_value = controlled_field.visibility_values -%]
- '[%- visibility_value.name FILTER js -%]'[% "," UNLESS loop.last %]
- [%- END %]
+ [%~ FOREACH vis_name = vis_names ~%]
+ '[% vis_name FILTER js %]'[% "," UNLESS loop.last %]
+ [%~ END ~%]
]);
[% END %]
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index b4bf0d9bd..ffb39c160 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -244,8 +244,7 @@
setting in [% constants.bz_locations.localconfig FILTER html %].
[% ELSIF error == "mismatched_bug_ids_on_obsolete" %]
- Attachment [% attach_id FILTER html %] ([% description FILTER html %])
- is attached to [% terms.bug %] [%+ attach_bug_id FILTER html %],
+ Attachment [% attach_id FILTER html %] is attached to another [% terms.bug %],
but you tried to flag it as obsolete while creating a new attachment to
[%+ terms.bug %] [%+ my_bug_id FILTER html %].
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 713dfc36f..c2b2ceb28 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1848,7 +1848,7 @@
[% FOREACH q = Bugzilla.user.queries %]
[% IF q.name == namedcmd %]
- or <a href="query.cgi?[% q.url FILTER uri %]">edit</a>
+ or <a href="query.cgi?[% q.url FILTER html %]">edit</a>
[% END %]
[% END %]
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 35963148a..86a12af8d 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -53,6 +53,53 @@
<h2 id="v42_point">Updates in this 4.2.x Release</h2>
+<h3>4.2.4</h3>
+
+<p>This release fixes several security issues. See the
+ <a href="http://www.bugzilla.org/security/3.6.11/">Security Advisory</a>
+ for details.</p>
+
+<p>In addition, the following important fixes/changes have been made in this
+ release:</p>
+
+<ul>
+ <li>Queries involving group substitution were crashing when the "usevisibilitygroups"
+ parameter was enabled. Also, CVE-2011-2979 was not fully fixed in
+ [%+ terms.Bugzilla %] 4.1.3.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=788098">[% terms.Bug %] 788098</a>)</li>
+ <li>Flag names were not properly escaped when displayed on the "confirm user
+ match" page. An admin could unintentionally break the display of this page
+ if a flag name contains a &lt; or &gt; character, because these characters
+ were not filtered.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=790215">[% terms.Bug %] 790215</a>)</li>
+ <li>We now prevent private WebServices methods from being called by external
+ applications.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=793826">[% terms.Bug %] 793826</a>)</li>
+ <li>PostgreSQL 9.2 requires DBD::Pg 2.19.3.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=799721">[% terms.Bug %] 799721</a>)</li>
+ <li>Oracle was crashing when listing keywords or flags in buglists.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=780053">[% terms.Bug %] 780053</a>)</li>
+ <li>Oracle was crashing when typing several bare words in the QuickSearch field.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=804505">[% terms.Bug %] 804505</a>)</li>
+ <li>[% terms.Bugs %] with the resolution MOVED couldn't be edited anymore.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=757935">[% terms.Bug %] 757935</a>)</li>
+ <li>Editing dependencies from the "Change Several [% terms.Bugs %] at Once"
+ page didn't work as expected. [% terms.Bug %] IDs were incorrectly parsed.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=790909">[% terms.Bug %] 790909</a>)</li>
+ <li>The "Actual Hours" axis now works correctly in tabular and graphical reports.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=794389">[% terms.Bug %] 794389</a>)</li>
+ <li><kbd>checksetup.pl</kbd> was failing to run if the Voting extension was
+ enabled on a fresh installation and some mandatory modules were missing.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652047">[% terms.Bug %] 652047</a>)</li>
+ <li>[% terms.Bugzilla %] no longer crashes when viewing [% terms.abug %] while
+ a custom field is being added.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=531243">[% terms.Bug %] 531243</a>)</li>
+ <li>For improved security, we now send the "X-Content-Type-Options:&nbsp;nosniff"
+ and "X-XSS-Protection:&nbsp;block" headers with every response.
+ ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=671612">671612</a>
+ and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=680771">680771</a>)</li>
+</ul>
+
<h3>4.2.3</h3>
<p>This release fixes two security issues. See the
@@ -129,7 +176,7 @@
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=768870">[% terms.Bug %] 768870</a>)</li>
<li>Two minor CSRF vulnerabilities have been fixed which could let an attacker
alter your default search criteria in the Advanced Search page.
- (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754672">[% terms.Bugs %] 754672</a>
+ ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754672">754672</a>
and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=754673">754673</a>)</li>
</ul>
@@ -613,8 +660,8 @@
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=640719">[% terms.Bug %] 640719</a>)</li>
<li>Email notifications about dependencies and flags had the wrong
timestamp.
- (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=643910">[% terms.Bug %] 643910</a>
- and (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652165">[% terms.Bug %] 652165</a>)</li>
+ ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=643910">643910</a>
+ and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=652165">652165</a>)</li>
<li>You can now select "UTC" as a valid timezone in General Preferences.
(<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=646209">[% terms.Bug %] 646209</a>)</li>
<li>Automatic duplicate detection now works on PostgreSQL (although
diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl
index 8a3ab9524..b41753550 100644
--- a/template/en/default/reports/report-table.html.tmpl
+++ b/template/en/default/reports/report-table.html.tmpl
@@ -102,7 +102,7 @@ YAHOO.util.Event.addListener(window, "load", function() {
var myColumnDefs = [
{key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }},
[% FOREACH col = col_names %]
- {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true,
+ {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true,
formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }},
[% END %]
{key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal,