summaryrefslogtreecommitdiffstats
path: root/template/en/default/admin/confirm-action.html.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'template/en/default/admin/confirm-action.html.tmpl')
-rw-r--r--template/en/default/admin/confirm-action.html.tmpl97
1 files changed, 97 insertions, 0 deletions
diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl
new file mode 100644
index 000000000..6e8caa6ac
--- /dev/null
+++ b/template/en/default/admin/confirm-action.html.tmpl
@@ -0,0 +1,97 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Frédéric Buclin.
+ #
+ # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+ #%]
+
+[%# INTERFACE:
+ # abuser: identity of the user who created the (invalid?) token.
+ # token_action: the action the token was supposed to serve.
+ # expected_action: the action the user was going to do.
+ # script_name: the script generating this warning.
+ #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl title = "Suspicious Action"
+ style_urls = ['skins/standard/global.css'] %]
+
+[% IF abuser %]
+ <div class="throw_error">
+ <p>When you view an administrative form in [% terms.Bugzilla %], a token string
+ is randomly generated and stored both in the database and in the form you loaded,
+ to make sure that the requested changes are being made as a result of submitting
+ a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
+ is incorrect, meaning that it looks like you didn't come from the right page.
+ The following token has been used :</p>
+
+ <table border="0" cellpadding="5" cellspacing="0">
+ [% IF token_action != expected_action %]
+ <tr>
+ <th>Action&nbsp;stored:</th>
+ <td>[% token_action FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This action doesn't match the one expected ([% expected_action FILTER html %]).
+ </td>
+ </tr>
+ [% END %]
+
+ [% IF abuser != user.identity %]
+ <tr>
+ <th>Generated&nbsp;by:</th>
+ <td>[% abuser FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This token has not been generated by you. It is possible that someone
+ tried to trick you!
+ </td>
+ </tr>
+ [% END %]
+ </table>
+
+ <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
+ </div>
+[% ELSE %]
+ <div class="throw_error">
+ It looks like you didn't come from the right page (you have no valid token for
+ the <em>[% expected_action FILTER html %]</em> action while processing the
+ '[% script_name FILTER html%]' script). The reason could be one of:<br>
+ <ul>
+ <li>You clicked the "Back" button of your web browser after having successfully
+ submitted changes, which is generally not a good idea (but harmless).</li>
+ <li>You entered the URL in the address bar of your web browser directly,
+ which should be safe.</li>
+ <li>You clicked on a URL which redirected you here <b>without your consent</b>,
+ in which case this action is much more critical.</li>
+ </ul>
+ Are you sure you want to commit these changes anyway? This may result in
+ unexpected and undesired results.
+ </div>
+
+ <form name="check" id="check" method="post" action="[% script_name FILTER html %]">
+ [% PROCESS "global/hidden-fields.html.tmpl"
+ exclude="^(Bugzilla_login|Bugzilla_password)$" %]
+ <input type="submit" id="confirm" value="Confirm Changes">
+ </form>
+ <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]">
+ [%- script_name FILTER html %]</a>.</p>
+[% END %]
+
+[% PROCESS global/footer.html.tmpl %]