diff options
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/account/auth/login-small.html.tmpl | 7 | ||||
-rw-r--r-- | template/en/default/account/auth/login.html.tmpl | 1 | ||||
-rw-r--r-- | template/en/default/filterexceptions.pl | 1 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/list/table.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/pages/release-notes.html.tmpl | 41 | ||||
-rw-r--r-- | template/en/default/search/search-advanced.html.tmpl | 9 |
7 files changed, 52 insertions, 11 deletions
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index 606e5c32e..6b41c17e3 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -36,8 +36,8 @@ [% IF cgi.request_method == "GET" AND cgi.query_string %] [% connector = "&" %] [% END %] - [% script_name = login_target _ connector _ "GoAheadAndLogIn=1" %] - <a id="login_link[% qs_suffix %]" href="[% script_name FILTER html %]" + [% script_url = login_target _ connector _ "GoAheadAndLogIn=1" %] + <a id="login_link[% qs_suffix %]" href="[% script_url FILTER html %]" onclick="return show_mini_login_form('[% qs_suffix %]')">Log In</a> [% Hook.process('additional_methods') %] @@ -116,7 +116,7 @@ </li> <li id="forgot_container[% qs_suffix %]"> <span class="separator">| </span> - <a id="forgot_link[% qs_suffix %]" href="[% script_name FILTER html %]#forgot" + <a id="forgot_link[% qs_suffix %]" href="[% script_url FILTER html %]#forgot" onclick="return show_forgot_form('[% qs_suffix %]')">Forgot Password</a> <form action="token.cgi" method="post" id="forgot_form[% qs_suffix %]" class="mini_forgot bz_default_hidden"> @@ -125,6 +125,7 @@ <input id="forgot_button[% qs_suffix %]" value="Reset Password" type="submit"> <input type="hidden" name="a" value="reqpw"> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> <a href="#" onclick="return hide_forgot_form('[% qs_suffix %]')">[x]</a> </form> </li> diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index ec8c11e24..0aac403a5 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -115,6 +115,7 @@ enter your email address below and submit a request to change your password.<br> <input size="35" name="loginname"> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> <input type="submit" id="request" value="Reset Password"> </form> [% END %] diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index ff2620589..99f06ec9d 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -153,7 +153,6 @@ 'list/table.html.tmpl' => [ 'tableheader', 'bug.bug_id', - 'abbrev.$id.title || field_descs.$id || column.title', ], 'list/list.csv.tmpl' => [ diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index f448ee4d4..b3257cea5 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1179,7 +1179,7 @@ [% title = "Missing Search" %] [% docslinks = {'query.html' => "Searching for $terms.bugs", 'query.html#list' => "$terms.Bug lists"} %] - The search named <em>[% queryname FILTER html %]</em> + The search named <em>[% name FILTER html %]</em> [% IF sharer_id && sharer_id != user.id %] has not been made visible to you. [% ELSE %] diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl index c2964f17c..547a9cbe3 100644 --- a/template/en/default/list/table.html.tmpl +++ b/template/en/default/list/table.html.tmpl @@ -139,7 +139,7 @@ [% PROCESS new_order %] [%-#%]&query_based_on= [% defaultsavename OR searchname FILTER uri %]"> - [%- abbrev.$id.title || field_descs.$id || column.title -%] + [%- abbrev.$id.title || field_descs.$id || column.title FILTER html -%] [% PROCESS order_arrow ~%] </a> </th> diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 11c5d5460..35963148a 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -53,6 +53,44 @@ <h2 id="v42_point">Updates in this 4.2.x Release</h2> +<h3>4.2.3</h3> + +<p>This release fixes two security issues. See the + <a href="http://www.bugzilla.org/security/3.6.10/">Security Advisory</a> + for details.</p> + +<p>In addition, the following important fixes/changes have been made in this + release:</p> + +<ul> + <li>Attaching a file to [% terms.abug %] was broken due to a change in + Perl 5.16. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=771100">[% terms.Bug %] 771100</a>)</li> + <li>A regression in [% terms.Bugzilla %] 4.2.2 made Oracle crash when + displaying a buglist. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=780028">[% terms.Bug %] 780028</a>)</li> + <li>It was possible to search on history for comments and attachments you + cannot see (though these private comments and attachments are never disclosed). + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=779709">[% terms.Bug %] 779709</a>)</li> + <li>PostgreSQL databases could be created with the wrong encoding despite + the utf8 parameter being enabled. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=783786">[% terms.Bug %] 783786</a>)</li> + <li>Scheduled whines could be sent at the wrong time on Oracle. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=559539">[% terms.Bug %] 559539</a>)</li> + <li>Tokens are no longer included in saved queries. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=772953">[% terms.Bug %] 772953</a>)</li> + <li>An admin could unintentionally break the display of buglists if a custom + field description contains a < or > character, because these characters + were not filtered. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=785917">[% terms.Bug %] 785917</a>)</li> + <li>Adding or removing a DB column in Oracle didn't handle SERIAL columns + correctly. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=731156">[% terms.Bug %] 731156</a>)</li> + <li>A minor CSRF vulnerability in token.cgi allowed possible unauthorized + password reset e-mail requests. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=706271">[% terms.Bug %] 706271</a>)</li> +</ul> + <h3>4.2.2</h3> <p>This release fixes two security issues. See the @@ -432,6 +470,9 @@ [%- terms.Bug %] 584742</a>: When viewing [% terms.abug %], WebKit-based browsers can automatically reset a field's selected value when the field has disabled values.</li> + <li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=780053"> + [%- terms.Bug %] 780053</a>: Oracle crashes when listing keywords, tags + or flags in buglists.</li> </ul> diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl index 2236bf5d2..780d54edd 100644 --- a/template/en/default/search/search-advanced.html.tmpl +++ b/template/en/default/search/search-advanced.html.tmpl @@ -31,12 +31,11 @@ [% js_data = BLOCK %] -var queryform = "queryform" - +var queryform = "queryform"; function remove_token() { - var asDefault = document.getElementById('remasdefault'); - if (queryform.token && asDefault && !asDefault.checked) { - queryform.token.value = ''; + if (queryform.token) { + var asDefault = document.getElementById('remasdefault'); + queryform.token.disabled = !asDefault.checked; } } [% END %] |