diff options
| -rwxr-xr-x | buglist.cgi | 10 | ||||
| -rw-r--r-- | docs/en/xml/using.xml | 10 | ||||
| -rw-r--r-- | template/en/default/list/list.js.tmpl | 37 |
3 files changed, 0 insertions, 57 deletions
diff --git a/buglist.cgi b/buglist.cgi index ca51e6243..d4ddfbd63 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -112,16 +112,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { $cgi->param('ctype', "atom"); } -# The js ctype presents a security risk; a malicious site could use it -# to gather information about secure bugs. So, we only allow public bugs to be -# retrieved with this format. -# -# Note that if and when this call clears cookies or has other persistent -# effects, we'll need to do this another way instead. -if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) { - Bugzilla->logout_request(); -} - # An agent is a program that automatically downloads and extracts data # on its user's behalf. If this request comes from an agent, we turn off # various aspects of bug list functionality so agent requests succeed diff --git a/docs/en/xml/using.xml b/docs/en/xml/using.xml index 6d575c0c1..3bf0558fc 100644 --- a/docs/en/xml/using.xml +++ b/docs/en/xml/using.xml @@ -659,16 +659,6 @@ </member> </simplelist> </para> - - <para> - If you would like to access the bug list from another program - it is often useful to have the list returned in something other - than HTML. By adding the ctype=type parameter into the bug list URL - you can specify several alternate formats. Besides the types described - above, the following formats are also supported: ECMAScript, also known - as JavaScript (ctype=js), and Resource Description Framework RDF/XML - (ctype=rdf). - </para> </section> <section id="individual-buglists"> diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl deleted file mode 100644 index 7e9664c43..000000000 --- a/template/en/default/list/list.js.tmpl +++ /dev/null @@ -1,37 +0,0 @@ -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Netscape Communications - # Corporation. Portions created by Netscape are - # Copyright (C) 1998 Netscape Communications Corporation. All - # Rights Reserved. - # - # Contributor(s): Gervase Markham <gerv@gerv.net> - #%] - -// Note: only publicly-accessible bugs (those not in any group) will be -// listed when using this JavaScript format. This is to prevent malicious -// sites stealing information about secure bugs. - -bugs = new Array; - -[% FOREACH bug = bugs %] - bugs[[% bug.bug_id %]] = [ - [% FOREACH column = displaycolumns %] - "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %] - [% END %] - ]; -[% END %] - -if (window.buglistCallback) { - buglistCallback(bugs); -} |