diff options
| -rw-r--r-- | Bugzilla/Token.pm | 9 | ||||
| -rw-r--r-- | Bugzilla/User.pm | 25 | ||||
| -rwxr-xr-x | buglist.cgi | 31 | ||||
| -rwxr-xr-x | createaccount.cgi | 5 | ||||
| -rw-r--r-- | docs/en/xml/administration.xml | 57 | ||||
| -rw-r--r-- | template/en/default/account/create.html.tmpl | 1 |
6 files changed, 88 insertions, 40 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 4e32436c0..4804851bb 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -178,9 +178,14 @@ sub issue_hash_token { $data ||= []; $time ||= time(); + # For the user ID, use the actual ID if the user is logged in. + # Otherwise, use the remote IP, in case this is for something + # such as creating an account or logging in. + my $user_id = Bugzilla->user->id || remote_ip(); + # The concatenated string is of the form - # token creation time + site-wide secret + user ID + data - my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data); + # token creation time + site-wide secret + user ID (either ID or remote IP) + data + my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data); my $token = join('*', @args); # Wide characters cause md5_hex() to die. diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 5b4f9a814..c1c364fd9 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -517,26 +517,21 @@ sub save_last_search { return if !@$bug_ids; + my $search; if ($self->id) { on_main_db { - my $search; if ($list_id) { - # Use eval so that people can still use old search links or - # links that don't belong to them. - $search = eval { Bugzilla::Search::Recent->check( - { id => $list_id }) }; + $search = Bugzilla::Search::Recent->check_quietly({ id => $list_id }); } if ($search) { - # We only update placeholders. (Placeholders are - # Saved::Search::Recent objects with empty bug lists.) - # Otherwise, we could just keep creating new searches - # for the same refreshed list over and over. - if (!@{ $search->bug_list }) { - $search->set_list_order($order); + if (join(',', @{$search->bug_list}) ne join(',', @$bug_ids)) { $search->set_bug_list($bug_ids); - $search->update(); } + if (!$search->list_order || $order ne $search->list_order) { + $search->set_list_order($order); + } + $search->update(); } else { # If we already have an existing search with a totally @@ -549,11 +544,14 @@ sub save_last_search { user_id => $self->id, bug_list => $list_string }); if (!scalar(@$existing_search)) { - Bugzilla::Search::Recent->create({ + $search = Bugzilla::Search::Recent->create({ user_id => $self->id, bug_list => $bug_ids, list_order => $order }); } + else { + $search = $existing_search->[0]; + } } }; delete $self->{recent_searches}; @@ -575,6 +573,7 @@ sub save_last_search { $vars->{'toolong'} = 1; } } + return $search; } sub settings { diff --git a/buglist.cgi b/buglist.cgi index 85a8ae760..7b513e607 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -164,14 +164,13 @@ my $params; # If the user is retrieving the last bug list they looked at, hack the buffer # storing the query string so that it looks like a query retrieving those bugs. if (my $last_list = $cgi->param('regetlastlist')) { - my ($bug_ids, $order); + my $bug_ids; # Logged-out users use the old cookie method for storing the last search. if (!$user->id or $last_list eq 'cookie') { - $cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie"); - $order = "reuse last sort" unless $order; - $bug_ids = $cgi->cookie('BUGLIST'); + $bug_ids = $cgi->cookie('BUGLIST') or ThrowUserError("missing_cookie"); $bug_ids =~ s/[:-]/,/g; + $order ||= "reuse last sort"; } # But logged in users store the last X searches in the DB so they can # have multiple bug lists available. @@ -179,10 +178,11 @@ if (my $last_list = $cgi->param('regetlastlist')) { my $last_search = Bugzilla::Search::Recent->check( { id => $last_list }); $bug_ids = join(',', @{ $last_search->bug_list }); - $order = $last_search->list_order if !$order; + $order ||= $last_search->list_order; } # set up the params for this new query $params = new Bugzilla::CGI({ bug_id => $bug_ids, order => $order }); + $params->param('list_id', $last_list); } # Figure out whether or not the user is doing a fulltext search. If not, @@ -972,14 +972,6 @@ if ($format->{'extension'} eq 'ics') { } } -# The list of query fields in URL query string format, used when creating -# URLs to the same query results page with different parameters (such as -# a different sort order or when taking some action on the set of query -# results). To get this string, we call the Bugzilla::CGI::canoncalise_query -# function with a list of elements to be removed from the URL. -$vars->{'urlquerypart'} = $params->canonicalise_query('order', - 'cmdtype', - 'query_based_on'); $vars->{'order'} = $order; $vars->{'caneditbugs'} = 1; $vars->{'time_info'} = $time_info; @@ -1113,17 +1105,20 @@ my $contenttype; my $disposition = "inline"; if ($format->{'extension'} eq "html" && !$agent) { - if (!$cgi->param('regetlastlist')) { - Bugzilla->user->save_last_search( - { bugs => \@bugidlist, order => $order, vars => $vars, - list_id => scalar $cgi->param('list_id') }); - } + my $list_id = $cgi->param('list_id') || $cgi->param('regetlastlist'); + my $search = $user->save_last_search( + { bugs => \@bugidlist, order => $order, vars => $vars, list_id => $list_id }); + $cgi->param('list_id', $search->id) if $search; $contenttype = "text/html"; } else { $contenttype = $format->{'ctype'}; } +# Set 'urlquerypart' once the buglist ID is known. +$vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype', + 'query_based_on'); + if ($format->{'extension'} eq "csv") { # We set CSV files to be downloaded, as they are designed for importing # into other programs. diff --git a/createaccount.cgi b/createaccount.cgi index db0727add..2348d4e91 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -62,6 +62,11 @@ unless ($createexp) { my $login = $cgi->param('login'); if (defined($login)) { + # Check the hash token to make sure this user actually submitted + # the create account form. + my $token = $cgi->param('token'); + check_hash_token($token, ['create_account']); + $login = Bugzilla::User->check_login_name_for_creation($login); $vars->{'login'} = $login; diff --git a/docs/en/xml/administration.xml b/docs/en/xml/administration.xml index cabb772d2..1630e2e45 100644 --- a/docs/en/xml/administration.xml +++ b/docs/en/xml/administration.xml @@ -2408,6 +2408,16 @@ ReadOnly: ENTRY, NA/NA, CANEDIT <listitem> <para> + <emphasis>Reverse Relationship Description:</emphasis> + When the custom field is of type <quote>Bug ID</quote>, you can + enter text here which will be used as label in the referenced + bug to list bugs which point to it. This gives you the ability + to have a mutual relationship between two bugs. + </para> + </listitem> + + <listitem> + <para> <emphasis>Can be set on bug creation:</emphasis> Boolean that determines whether this field can be set on bug creation. If not selected, then a bug must be created @@ -2442,6 +2452,35 @@ ReadOnly: ENTRY, NA/NA, CANEDIT must be entered. </para> </listitem> + + <listitem> + <para> + <emphasis>Field only appears when:</emphasis> + A custom field can be made visible when some criteria is met. + For instance, when the bug belongs to one or more products, + or when the bug is of some given severity. If left empty, then + the custom field will always be visible, in all bugs. + </para> + </listitem> + + <listitem> + <para> + <emphasis>Field that controls the values that appear in this field:</emphasis> + When the custom field is of type <quote>Drop Down</quote> or + <quote>Multiple-Selection Box</quote>, you can restrict the + availability of the values of the custom field based on the + value of another field. This criteria is independent of the + criteria used in the <quote>Field only appears when</quote> + setting. For instance, you may decide that some given value + <quote>valueY</quote> is only available when the bug status + is RESOLVED while the value <quote>valueX</quote> should + always be listed. + Once you have selected the field which should control the + availability of the values of this custom field, you can + edit values of this custom field to set the criteria, see + <xref linkend="edit-values-list" />. + </para> + </listitem> </itemizedlist> </para> </section> @@ -2476,13 +2515,12 @@ ReadOnly: ENTRY, NA/NA, CANEDIT <title>Legal Values</title> <para> - Since Bugzilla 2.20 RC1, legal values for Operating Systems, platforms, - bug priorities and severities can be edited from the User Interface - directly. This means that it is no longer required to manually edit - <filename>localconfig</filename>. Starting with Bugzilla 2.23.3, - the list of valid resolutions can be customized from the same interface. - Since Bugzilla 3.1.1 the list of valid bug statuses can be customized - as well. + Legal values for the operating system, platform, bug priority and + severity, custom fields of type <quote>Drop Down</quote> and + <quote>Multiple-Selection Box</quote> (see <xref linkend="custom-fields" />), + as well as the list of valid bug statuses and resolutions can be + customized from the same interface. You can add, edit, disable and + remove values which can be used with these fields. </para> <section id="edit-values-list"> @@ -2498,6 +2536,11 @@ ReadOnly: ENTRY, NA/NA, CANEDIT must be unique to that field. The sortkey is important to display these values in the desired order. </para> + <para> + When the availability of the values of a custom field is controlled + by another field, you can select from here which value of the other field + must be set for the value of the custom field to appear. + </para> </section> <section id="edit-values-delete"> diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl index 5b8220193..5acd9f541 100644 --- a/template/en/default/account/create.html.tmpl +++ b/template/en/default/account/create.html.tmpl @@ -73,6 +73,7 @@ </tr> </table> <br> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]"> <input type="submit" id="send" value="Send"> </form> |