summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Token.pm9
-rw-r--r--Bugzilla/User.pm25
-rwxr-xr-xbuglist.cgi31
-rwxr-xr-xcreateaccount.cgi5
-rw-r--r--docs/en/xml/administration.xml57
-rw-r--r--template/en/default/account/create.html.tmpl1
6 files changed, 88 insertions, 40 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 4e32436c0..4804851bb 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -178,9 +178,14 @@ sub issue_hash_token {
$data ||= [];
$time ||= time();
+ # For the user ID, use the actual ID if the user is logged in.
+ # Otherwise, use the remote IP, in case this is for something
+ # such as creating an account or logging in.
+ my $user_id = Bugzilla->user->id || remote_ip();
+
# The concatenated string is of the form
- # token creation time + site-wide secret + user ID + data
- my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data);
+ # token creation time + site-wide secret + user ID (either ID or remote IP) + data
+ my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data);
my $token = join('*', @args);
# Wide characters cause md5_hex() to die.
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 5b4f9a814..c1c364fd9 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -517,26 +517,21 @@ sub save_last_search {
return if !@$bug_ids;
+ my $search;
if ($self->id) {
on_main_db {
- my $search;
if ($list_id) {
- # Use eval so that people can still use old search links or
- # links that don't belong to them.
- $search = eval { Bugzilla::Search::Recent->check(
- { id => $list_id }) };
+ $search = Bugzilla::Search::Recent->check_quietly({ id => $list_id });
}
if ($search) {
- # We only update placeholders. (Placeholders are
- # Saved::Search::Recent objects with empty bug lists.)
- # Otherwise, we could just keep creating new searches
- # for the same refreshed list over and over.
- if (!@{ $search->bug_list }) {
- $search->set_list_order($order);
+ if (join(',', @{$search->bug_list}) ne join(',', @$bug_ids)) {
$search->set_bug_list($bug_ids);
- $search->update();
}
+ if (!$search->list_order || $order ne $search->list_order) {
+ $search->set_list_order($order);
+ }
+ $search->update();
}
else {
# If we already have an existing search with a totally
@@ -549,11 +544,14 @@ sub save_last_search {
user_id => $self->id, bug_list => $list_string });
if (!scalar(@$existing_search)) {
- Bugzilla::Search::Recent->create({
+ $search = Bugzilla::Search::Recent->create({
user_id => $self->id,
bug_list => $bug_ids,
list_order => $order });
}
+ else {
+ $search = $existing_search->[0];
+ }
}
};
delete $self->{recent_searches};
@@ -575,6 +573,7 @@ sub save_last_search {
$vars->{'toolong'} = 1;
}
}
+ return $search;
}
sub settings {
diff --git a/buglist.cgi b/buglist.cgi
index 85a8ae760..7b513e607 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -164,14 +164,13 @@ my $params;
# If the user is retrieving the last bug list they looked at, hack the buffer
# storing the query string so that it looks like a query retrieving those bugs.
if (my $last_list = $cgi->param('regetlastlist')) {
- my ($bug_ids, $order);
+ my $bug_ids;
# Logged-out users use the old cookie method for storing the last search.
if (!$user->id or $last_list eq 'cookie') {
- $cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie");
- $order = "reuse last sort" unless $order;
- $bug_ids = $cgi->cookie('BUGLIST');
+ $bug_ids = $cgi->cookie('BUGLIST') or ThrowUserError("missing_cookie");
$bug_ids =~ s/[:-]/,/g;
+ $order ||= "reuse last sort";
}
# But logged in users store the last X searches in the DB so they can
# have multiple bug lists available.
@@ -179,10 +178,11 @@ if (my $last_list = $cgi->param('regetlastlist')) {
my $last_search = Bugzilla::Search::Recent->check(
{ id => $last_list });
$bug_ids = join(',', @{ $last_search->bug_list });
- $order = $last_search->list_order if !$order;
+ $order ||= $last_search->list_order;
}
# set up the params for this new query
$params = new Bugzilla::CGI({ bug_id => $bug_ids, order => $order });
+ $params->param('list_id', $last_list);
}
# Figure out whether or not the user is doing a fulltext search. If not,
@@ -972,14 +972,6 @@ if ($format->{'extension'} eq 'ics') {
}
}
-# The list of query fields in URL query string format, used when creating
-# URLs to the same query results page with different parameters (such as
-# a different sort order or when taking some action on the set of query
-# results). To get this string, we call the Bugzilla::CGI::canoncalise_query
-# function with a list of elements to be removed from the URL.
-$vars->{'urlquerypart'} = $params->canonicalise_query('order',
- 'cmdtype',
- 'query_based_on');
$vars->{'order'} = $order;
$vars->{'caneditbugs'} = 1;
$vars->{'time_info'} = $time_info;
@@ -1113,17 +1105,20 @@ my $contenttype;
my $disposition = "inline";
if ($format->{'extension'} eq "html" && !$agent) {
- if (!$cgi->param('regetlastlist')) {
- Bugzilla->user->save_last_search(
- { bugs => \@bugidlist, order => $order, vars => $vars,
- list_id => scalar $cgi->param('list_id') });
- }
+ my $list_id = $cgi->param('list_id') || $cgi->param('regetlastlist');
+ my $search = $user->save_last_search(
+ { bugs => \@bugidlist, order => $order, vars => $vars, list_id => $list_id });
+ $cgi->param('list_id', $search->id) if $search;
$contenttype = "text/html";
}
else {
$contenttype = $format->{'ctype'};
}
+# Set 'urlquerypart' once the buglist ID is known.
+$vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
+ 'query_based_on');
+
if ($format->{'extension'} eq "csv") {
# We set CSV files to be downloaded, as they are designed for importing
# into other programs.
diff --git a/createaccount.cgi b/createaccount.cgi
index db0727add..2348d4e91 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -62,6 +62,11 @@ unless ($createexp) {
my $login = $cgi->param('login');
if (defined($login)) {
+ # Check the hash token to make sure this user actually submitted
+ # the create account form.
+ my $token = $cgi->param('token');
+ check_hash_token($token, ['create_account']);
+
$login = Bugzilla::User->check_login_name_for_creation($login);
$vars->{'login'} = $login;
diff --git a/docs/en/xml/administration.xml b/docs/en/xml/administration.xml
index cabb772d2..1630e2e45 100644
--- a/docs/en/xml/administration.xml
+++ b/docs/en/xml/administration.xml
@@ -2408,6 +2408,16 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
<listitem>
<para>
+ <emphasis>Reverse Relationship Description:</emphasis>
+ When the custom field is of type <quote>Bug ID</quote>, you can
+ enter text here which will be used as label in the referenced
+ bug to list bugs which point to it. This gives you the ability
+ to have a mutual relationship between two bugs.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
<emphasis>Can be set on bug creation:</emphasis>
Boolean that determines whether this field can be set on
bug creation. If not selected, then a bug must be created
@@ -2442,6 +2452,35 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
must be entered.
</para>
</listitem>
+
+ <listitem>
+ <para>
+ <emphasis>Field only appears when:</emphasis>
+ A custom field can be made visible when some criteria is met.
+ For instance, when the bug belongs to one or more products,
+ or when the bug is of some given severity. If left empty, then
+ the custom field will always be visible, in all bugs.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis>Field that controls the values that appear in this field:</emphasis>
+ When the custom field is of type <quote>Drop Down</quote> or
+ <quote>Multiple-Selection Box</quote>, you can restrict the
+ availability of the values of the custom field based on the
+ value of another field. This criteria is independent of the
+ criteria used in the <quote>Field only appears when</quote>
+ setting. For instance, you may decide that some given value
+ <quote>valueY</quote> is only available when the bug status
+ is RESOLVED while the value <quote>valueX</quote> should
+ always be listed.
+ Once you have selected the field which should control the
+ availability of the values of this custom field, you can
+ edit values of this custom field to set the criteria, see
+ <xref linkend="edit-values-list" />.
+ </para>
+ </listitem>
</itemizedlist>
</para>
</section>
@@ -2476,13 +2515,12 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
<title>Legal Values</title>
<para>
- Since Bugzilla 2.20 RC1, legal values for Operating Systems, platforms,
- bug priorities and severities can be edited from the User Interface
- directly. This means that it is no longer required to manually edit
- <filename>localconfig</filename>. Starting with Bugzilla 2.23.3,
- the list of valid resolutions can be customized from the same interface.
- Since Bugzilla 3.1.1 the list of valid bug statuses can be customized
- as well.
+ Legal values for the operating system, platform, bug priority and
+ severity, custom fields of type <quote>Drop Down</quote> and
+ <quote>Multiple-Selection Box</quote> (see <xref linkend="custom-fields" />),
+ as well as the list of valid bug statuses and resolutions can be
+ customized from the same interface. You can add, edit, disable and
+ remove values which can be used with these fields.
</para>
<section id="edit-values-list">
@@ -2498,6 +2536,11 @@ ReadOnly: ENTRY, NA/NA, CANEDIT
must be unique to that field. The sortkey is important to display these
values in the desired order.
</para>
+ <para>
+ When the availability of the values of a custom field is controlled
+ by another field, you can select from here which value of the other field
+ must be set for the value of the custom field to appear.
+ </para>
</section>
<section id="edit-values-delete">
diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl
index 5b8220193..5acd9f541 100644
--- a/template/en/default/account/create.html.tmpl
+++ b/template/en/default/account/create.html.tmpl
@@ -73,6 +73,7 @@
</tr>
</table>
<br>
+ <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]">
<input type="submit" id="send" value="Send">
</form>