[% END %]
diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
index 6bf1ca43f..ddd99d7ca 100644
--- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl
+++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
@@ -29,7 +29,7 @@
%]
- There are [% flag_count %] flags of type [% name %].
+ There are [% flag_count %] flags of type [% name FILTER html %].
If you delete this type, those flags will also be deleted. Note that
instead of deleting the type you can
deactivate it,
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index a56c3bb65..58519466d 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -67,10 +67,10 @@
[% FOREACH category = type.inclusions %]
-
+
[% END %]
[% FOREACH category = type.exclusions %]
-
+
[% END %]
diff --git a/template/en/default/attachment/list.html.tmpl b/template/en/default/attachment/list.html.tmpl
index 163071997..1e3618093 100644
--- a/template/en/default/attachment/list.html.tmpl
+++ b/template/en/default/attachment/list.html.tmpl
@@ -53,13 +53,13 @@
[% IF attachment.flags.size == 0 %]
none
[% ELSE %]
- [% FOR flag = attachment.flags %]
+ [% FOREACH flag = attachment.flags %]
[% IF flag.setter %]
[% flag.setter.nick FILTER html %]:
[% END %]
- [%+ flag.type.name %][% flag.status %]
+ [%+ flag.type.name FILTER html %][% flag.status %]
[%+ IF flag.status == "?" && flag.requestee %]
- ([% flag.requestee.nick %])
+ ([% flag.requestee.nick FILTER html %])
[% END %]
[% END %]
[% END %]
diff --git a/template/en/default/bug/activity/table.html.tmpl b/template/en/default/bug/activity/table.html.tmpl
index ec005cc38..af6305b5d 100644
--- a/template/en/default/bug/activity/table.html.tmpl
+++ b/template/en/default/bug/activity/table.html.tmpl
@@ -60,7 +60,7 @@
[% FOREACH operation = operations %]
- [% operation.who %]
+ [% operation.who FILTER html %]
[% operation.when FILTER time %]
diff --git a/template/en/default/bug/create/create-guided.html.tmpl b/template/en/default/bug/create/create-guided.html.tmpl
index fb5828fe8..7e0220b85 100644
--- a/template/en/default/bug/create/create-guided.html.tmpl
+++ b/template/en/default/bug/create/create-guided.html.tmpl
@@ -224,7 +224,8 @@ function PutDescription() {
The area where the problem occurs.
To pick the right component, you could use the same one as
similar [% terms.bugs %] you found in your search, or read the full list of
- component
+ component
descriptions if you need more help.
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index 14ce27180..b15efffac 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -171,7 +171,8 @@ function set_assign_to() {
[% ELSE %]
-
+
[% END %]
diff --git a/template/en/default/bug/dependency-tree.html.tmpl b/template/en/default/bug/dependency-tree.html.tmpl
index 194691e56..16f68b394 100644
--- a/template/en/default/bug/dependency-tree.html.tmpl
+++ b/template/en/default/bug/dependency-tree.html.tmpl
@@ -32,8 +32,14 @@
[% PROCESS depthControlToolbar %]
[%# Display the tree of bugs that this bug depends on. %]
-
+ [% IF hide_resolved %]
+ Open [% terms.bugs %]
+ [% ELSE %]
+ [% terms.Bugs %]
+ [% END %]
+ that [% terms.bug %] [% bugid %]
+ depends on
[% IF dependson_ids.size > 0 %]
(
[% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END %]
@@ -48,8 +54,14 @@
[% END %]
[%# Display the tree of bugs that this bug blocks. %]
-
+ [% IF hide_resolved %]
+ Open [% terms.bugs %]
+ [% ELSE %]
+ [% terms.Bugs %]
+ [% END %]
+ that [% terms.bug %] [% bugid %]
+ blocks
[% IF blocked_ids.size > 0 %]
(
[% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END %]
@@ -112,7 +124,8 @@
[% END %]
-
+
@@ -128,9 +141,8 @@
@@ -165,7 +176,7 @@
@@ -180,10 +191,9 @@
[% END %]
- = realdepth ?
- "disabled" : ""
- %]>
+ = realdepth %]
+ %]>
@@ -194,7 +204,7 @@
+ [% "disabled" IF maxdepth == 0 || maxdepth == realdepth %]>
diff --git a/template/en/default/bug/process/bugmail.html.tmpl b/template/en/default/bug/process/bugmail.html.tmpl
index 631842a40..1e9c13abe 100644
--- a/template/en/default/bug/process/bugmail.html.tmpl
+++ b/template/en/default/bug/process/bugmail.html.tmpl
@@ -61,10 +61,10 @@
[%############################################################################%]
[% BLOCK emails %]
- [% description %]:
+ [% description FILTER html %]:
[% IF names.size > 0 %]
[%+ FOREACH name = names %]
- [% name %][% ", " UNLESS loop.last() %]
+ [% name FILTER html %][% ", " UNLESS loop.last() %]
[% END %]
[% ELSE %]
no one
diff --git a/template/en/default/bug/process/verify-new-product.html.tmpl b/template/en/default/bug/process/verify-new-product.html.tmpl
index fd37707dc..b3e6af250 100644
--- a/template/en/default/bug/process/verify-new-product.html.tmpl
+++ b/template/en/default/bug/process/verify-new-product.html.tmpl
@@ -48,11 +48,13 @@
[% IF use_target_milestone %]
- You are moving the [% terms.bug %](s) to the product [% form.product %],
+ You are moving the [% terms.bug %](s) to the product
+ [% form.product FILTER html %],
and the version, component, and/or target milestone fields are no longer
correct. Please set the correct version, component, and target milestone now:
[% ELSE %]
- You are moving the [% terms.bug %](s) to the product [% form.product %],
+ You are moving the [% terms.bug %](s) to the product
+ [% form.product FILTER html %],
and the version and component fields are no longer correct.
Please set the correct version and component now:
[% END %]
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index bda5e4f91..340a0ebf8 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -97,7 +97,7 @@
- [% attr.description%]:
+ [% attr.description FILTER html %]:
[% bug.${attr.name} FILTER html %]
[% END %]
diff --git a/template/en/default/bug/votes/list-for-user.html.tmpl b/template/en/default/bug/votes/list-for-user.html.tmpl
index bcb5956ea..1505713ff 100644
--- a/template/en/default/bug/votes/list-for-user.html.tmpl
+++ b/template/en/default/bug/votes/list-for-user.html.tmpl
@@ -21,9 +21,9 @@
[% PROCESS global/variables.none.tmpl %]
+[% h2 = voting_user.login FILTER html %]
[% PROCESS global/header.html.tmpl
title = "Show Votes"
- h2 = voting_user.name
%]
[% canedit = 1 IF voting_user.login == user.login %]
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index a1f0a89f2..afe3ef487 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -33,17 +33,7 @@
# Safe vmethods - [% foo.size %]
# TT loop variables - [% loop.count %]
# Already-filtered stuff - [% wibble FILTER html %]
-# where the filter is one of html|csv|js|url_quote|quoteUrls|time|uri|xml
-
-# Key:
-#
-# "#": directive should be filtered, but not doing so is not a security hole
-# The plan is to come back and add filtering for all those marked "#" after
-# the security release.
-#
-# "# Email": as above; but noting that it's an email address.
-# Other sorts of comments denote cleanups noticed while doing this work;
-# they should be fixed in the very short term.
+# where the filter is one of html|csv|js|url_quote|quoteUrls|time|uri|xml|none
%::safe = (
@@ -80,19 +70,6 @@
'field.accesskey',
'sel.name',
'sel.accesskey',
- 'button_name', #
-],
-
-'search/knob.html.tmpl' => [
- 'button_name', #
-],
-
-'search/search-report-graph.html.tmpl' => [
- 'button_name', #
-],
-
-'search/search-report-table.html.tmpl' => [
- 'button_name', #
],
'search/search-specific.html.tmpl' => [
@@ -115,19 +92,11 @@
'reports/components.html.tmpl' => [
'numcols',
'comp.description',
- 'comp.initialowner', # email address
- 'comp.initialqacontact', # email address
-],
-
-'reports/duplicates-simple.html.tmpl' => [
- 'title', #
],
'reports/duplicates-table.html.tmpl' => [
'"&maxrows=$maxrows" IF maxrows',
'"&changedsince=$changedsince" IF changedsince',
- '"&product=$product" IF product', #
- '"&format=$format" IF format', #
'"&bug_id=$bug_ids_string&sortvisible=1" IF sortvisible',
'column.name',
'column.description',
@@ -135,10 +104,6 @@
'bug.id',
'bug.count',
'bug.delta',
- 'bug.component', #
- 'bug.bug_severity', #
- 'bug.op_sys', #
- 'bug.target_milestone', #
],
'reports/duplicates.html.tmpl' => [
@@ -154,11 +119,9 @@
],
'reports/report-table.csv.tmpl' => [
- '"$tbl_field_disp: $tbl\n" IF tbl_field', #
- 'row_field_disp IF row_field', #
- 'col_field_disp', #
'num_bugs',
'data.$tbl.$col.$row',
+ 'title',
'', # This is not a bug in the filter exceptions - this template has an
# empty directive which is necessary for it to work properly.
],
@@ -168,7 +131,6 @@
'"&$tbl_vals" IF tbl_vals',
'"&$col_vals" IF col_vals',
'"&$row_vals" IF row_vals',
- 'tbl_disp', #
'classes.$row_idx.$col_idx',
'urlbase',
'data.$tbl.$col.$row',
@@ -178,16 +140,12 @@
],
'reports/report.html.tmpl' => [
- 'tbl_field_disp IF tbl_field', #
- 'row_field_disp IF row_field', #
- 'col_field_disp', #
'imagebase',
'width',
'height',
'imageurl',
'formaturl',
'other_format.name',
- 'other_format.description', #
'sizeurl',
'switchbase',
'format',
@@ -233,7 +191,6 @@
'list/change-columns.html.tmpl' => [
'column',
- 'field_descs.${column} || column', #
],
'list/edit-multiple.html.tmpl' => [
@@ -250,7 +207,6 @@
'list/list.html.tmpl' => [
'buglist',
- 'bugowners', # email address
],
'list/list.rdf.tmpl' => [
@@ -260,7 +216,6 @@
],
'list/table.html.tmpl' => [
- 'abbrev.$id.title || field_descs.$id || column.title', #
'tableheader',
'bug.bug_id',
],
@@ -287,19 +242,12 @@
'proddesc.$p',
],
+# You are not permitted to add any values here. Everything in this file should
+# be filtered unless there's an extremely good reason why not, in which case,
+# use the "none" dummy filter.
'global/code-error.html.tmpl' => [
- 'parameters',
- 'bug.bug_id',
- 'field',
- 'argument', #
- 'function', #
- 'bug_id', # Need to remove unused error no_bug_data
- 'variables.id',
- 'template_error_msg', # Should move filtering from CGI.pl to template
- 'error',
- 'error_message',
],
-
+
'global/header.html.tmpl' => [
'javascript',
'style',
@@ -313,49 +261,27 @@
],
'global/messages.html.tmpl' => [
- 'parameters',
- '# ---', # Work out what this is
- 'namedcmd', #
- 'old_email', # email address
- 'new_email', # email address
'message_tag',
'series.frequency * 2',
],
'global/select-menu.html.tmpl' => [
'options',
- 'onchange', # Again, need to be certain where we are filtering
'size',
],
'global/useful-links.html.tmpl' => [
'email',
- 'user.login', # Email address
],
-# Need to change this and code-error to use a no-op filter, for safety
+# You are not permitted to add any values here. Everything in this file should
+# be filtered unless there's an extremely good reason why not, in which case,
+# use the "none" dummy filter.
'global/user-error.html.tmpl' => [
- 'disabled_reason',
- 'bug_link',
- 'action', #
- 'bug_id',
- 'both',
- 'filesize',
- 'attach_id',
- 'field',
- 'field_descs.$field',
- 'today',
- 'product', #
- 'max',
- 'votes',
- 'error_message',
],
'global/confirm-user-match.html.tmpl' => [
- '# use the global field descs', # Need to fix commenting style here
'script',
- '# this is messy to allow later expansion',
- '# ELSIF for things that don\'t belong in the field_descs hash here',
'fields.${field_name}.flag_type.name',
],
@@ -381,22 +307,16 @@
],
'bug/dependency-tree.html.tmpl' => [
- 'hide_resolved ? "Open $terms.bugs" : "$terms.Bugs"',
'bugid',
'maxdepth',
'dependson_ids.join(",")',
'blocked_ids.join(",")',
'dep_id',
'hide_resolved',
- 'realdepth < 2 ? "disabled" : ""',
'maxdepth + 1',
- 'maxdepth == 0 || maxdepth == realdepth ? "disabled" : ""',
- 'realdepth < 2 || ( maxdepth && maxdepth < 2 ) ? "disabled" : ""',
'maxdepth > 0 && maxdepth <= realdepth ? maxdepth : ""',
'maxdepth == 1 ? 1
: ( maxdepth ? maxdepth - 1 : realdepth - 1 )',
- 'realdepth < 2 || ! maxdepth || maxdepth >= realdepth ?
- "disabled" : ""',
],
'bug/edit.html.tmpl' => [
@@ -425,8 +345,6 @@
'bug/show-multiple.html.tmpl' => [
'bug.bug_id',
- 'bug.component', #
- 'attr.description', #
],
'bug/show.xml.tmpl' => [
@@ -454,7 +372,6 @@
'product.total',
'product.maxvotes',
],
-# h2 = voting_user.name # Email
'bug/process/confirm-duplicate.html.tmpl' => [
'original_bug_id',
@@ -474,21 +391,11 @@
'id',
],
-'bug/process/verify-new-product.html.tmpl' => [
- 'form.product', #
-],
-
-'bug/process/bugmail.html.tmpl' => [
- 'description',
- 'name', # Email
-],
-
'bug/create/comment.txt.tmpl' => [
'form.comment',
],
'bug/create/create.html.tmpl' => [
- 'default.bug_status', #
'g.bit',
'g.description',
'sel.name',
@@ -498,7 +405,6 @@
'bug/create/create-guided.html.tmpl' => [
'matches.0',
'tablecolour',
- 'product', #
'buildid',
'sel',
],
@@ -508,7 +414,6 @@
],
'bug/activity/table.html.tmpl' => [
- 'operation.who', # Email
'change.attachid',
'change.field',
],
@@ -532,10 +437,7 @@
'attachment/list.html.tmpl' => [
'attachment.attachid',
- 'FOR flag = attachment.flags', # Bug? No FOR directive
- 'flag.type.name',
'flag.status',
- 'flag.requestee.nick', # Email
'bugid',
],
@@ -585,7 +487,6 @@
'admin/flag-type/confirm-delete.html.tmpl' => [
'flag_count',
- 'name', #
'flag_type.id',
],
@@ -593,10 +494,7 @@
'action',
'type.id',
'type.target_type',
- 'category', #
- 'item', #
'type.sortkey || 1',
- '(last_action == "enter" || last_action == "copy") ? "Create" : "Save Changes"',
'typeLabelLowerPlural',
'typeLabelLowerSingular',
],
@@ -610,12 +508,7 @@
'target',
],
-'account/prefs/account.html.tmpl' => [
- 'login_change_date', #
-],
-
'account/prefs/email.html.tmpl' => [
- 'watchedusers', # Email
'role',
'reason.name',
'reason.description',
@@ -634,5 +527,3 @@
],
);
-
-# Should filter reports/report.html.tmpl:130 $format
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 60ae95043..939c0c4dc 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -28,6 +28,9 @@
[%# This is a list of all the possible code errors. Please keep them in
# alphabetical order by error tag, and leave a blank line between errors.
+ #
+ # Note that you must explicitly filter every single template variable
+ # in this file; if you do not wish to change it, use the "none" filter.
#%]
[% PROCESS global/variables.none.tmpl %]
@@ -35,14 +38,7 @@
[% DEFAULT title = "Internal Error" %]
[% error_message = BLOCK %]
- [% IF error == "aaa_example_error_tag" %]
- [% title = "Example Error" %]
- This is an example error. The title is set above. This text is the body
- of the error. It can contain arbitrary HTML, and also references
- to any [% parameters %] which you may have set before calling
- ThrowCodeError.
-
- [% ELSIF error == "action_unrecognized" %]
+ [% IF error == "action_unrecognized" %]
I don't recognize the value ([% variables.action FILTER html %])
of the action variable.
@@ -61,8 +57,8 @@
An authorization handler return value was not handled by the login code.
[% ELSIF error == "bug_error" %]
- Trying to retrieve [% terms.bug %] [%+ bug.bug_id %] returned the error
- [% bug.error FILTER html %]
+ Trying to retrieve [% terms.bug %] [%+ bug.bug_id FILTER html %] returned
+ the error [% bug.error FILTER html %].
[% ELSIF error == "chart_data_not_generated" %]
The tool which gathers [% terms.bug %] counts has not been run yet.
@@ -82,7 +78,7 @@
Run checksetup.pl for installation instructions.
[% ELSIF error == "field_type_mismatch" %]
- Cannot seem to handle [% field %]
+ Cannot seem to handle [% field FILTER html %]
and [% type FILTER html %] together.
[% ELSIF error == "gd_not_installed" %]
@@ -107,8 +103,8 @@
'[% bit FILTER html %]'.
[% ELSIF error == "bad_arg" %]
- Bad argument [% argument %] sent to
- [% function %] function.
+ Bad argument [% argument FILTER html %] sent to
+ [% function FILTER html %] function.
[% ELSIF error == "invalid_attach_id_to_obsolete" %]
The attachment number of one of the attachments you wanted to obsolete,
@@ -145,11 +141,8 @@
but you tried to flag it as obsolete while creating a new attachment to
[% terms.bug %] [%+ my_bug_id FILTER html %].
- [% ELSIF error == "no_bug_data" %]
- No data when fetching [% terms.bug %] [%+ bug_id %].
-
[% ELSIF error == "flag_nonexistent" %]
- There is no flag with ID #[% variables.id %].
+ There is no flag with ID #[% variables.id FILTER html %].
[% ELSIF error == "flag_status_invalid" %]
The flag status [% variables.status FILTER html %] is invalid.
@@ -166,7 +159,7 @@
a positive integer.
[% ELSIF error == "flag_type_nonexistent" %]
- There is no flag type with the ID [% variables.id %].
+ There is no flag type with the ID [% variables.id FILTER html %].
[% ELSIF error == "flag_type_product_nonexistent" %]
The product [% variables.product FILTER html %] does not exist.
@@ -212,7 +205,7 @@
Something is seriously wrong with the token generation system.
[% ELSIF error == "template_error" %]
- [% template_error_msg %]
+ [% template_error_msg FILTER html %]
[% ELSIF error == "unable_to_retrieve_password" %]
I was unable to retrieve your old password from the database.
@@ -238,9 +231,9 @@
[% ELSE %]
[%# Give sensible error if error functions are used incorrectly.
#%]
- You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly. You
- passed in the string '[% error %]'. The correct use is to pass
- in a tag, and define that tag in the file code-error.html.tmpl.
+ You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly.
+ You passed in the string '[% error FILTER html %]'. The correct use is to
+ pass in a tag, and define that tag in the file code-error.html.tmpl.
If you are a [% terms.Bugzilla %] end-user seeing this message, please save this
page and send it to [% Param('maintainer') %].
@@ -267,7 +260,7 @@
diff --git a/template/en/default/global/confirm-user-match.html.tmpl b/template/en/default/global/confirm-user-match.html.tmpl
index 037f7385c..ec4c4f150 100644
--- a/template/en/default/global/confirm-user-match.html.tmpl
+++ b/template/en/default/global/confirm-user-match.html.tmpl
@@ -38,7 +38,7 @@
# self-referential URL
#%]
-[% # use the global field descs %]
+[%# use the global field descs %]
[% PROCESS "global/field-descs.none.tmpl" %]
[% IF matchsuccess == 1 %]
@@ -74,7 +74,7 @@
- [% # this is messy to allow later expansion %]
+ [%# this is messy to allow later expansion %]
[% FOREACH field = matches %]
@@ -173,7 +173,7 @@
[% IF field_descs.${field_name} %]
[% field_descs.${field_name} FILTER html -%]
- [%- # ELSIF for things that don't belong in the field_descs hash here -%]
+ [%-# ELSIF for things that don't belong in the field_descs hash here -%]
[% ELSIF field_name.match("^requestee") %]
[% fields.${field_name}.flag_type.name %] requestee
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index e8aa8047f..e84e9747d 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -28,21 +28,15 @@
[% message_tag = message %]
[% message = BLOCK %]
- [% IF message_tag == "aaa_example_message_tag" %]
- [% title = "Example Message" %]
- This is an example message. The title is set above. This text is the body
- of the message. It can contain arbitrary HTML, and also references
- to any [% parameters %] which you may have set.
-
- [% ELSIF message_tag == "buglist_adding_field" %]
+ [% IF message_tag == "buglist_adding_field" %]
[% title = "Adding field to query page..." %]
[% link = "Click here if the page does not redisplay automatically." %]
- [% # --- %]
[% ELSIF message_tag == "buglist_load_named_query" %]
- [% title = BLOCK %]Loading your query named [% namedcmd %][% END %]
+ [% title = BLOCK %]
+ Loading your query named [% namedcmd FILTER html %]
+ [% END %]
[% link = "Click here if the page does not redisplay automatically." %]
- [% # --- %]
[% ELSIF message_tag == "buglist_updated_named_query" %]
OK, your query named [% queryname FILTER html %] is updated.
@@ -81,8 +75,9 @@
[% ELSIF message_tag == "email_change_cancelled_reinstated" %]
[% title = "Cancel Request to Change Email Address" %]
The request to change the email address for the
- [% old_email %] account to [% new_email %] has been cancelled.
- Your old account settings have been reinstated.
+ [% old_email FILTER html %] account to
+ [% new_email FILTER html %] has been cancelled.
+ Your old account settings have been reinstated.
[% ELSIF message_tag == "logged_out" %]
[% title = "Logged Out" %]
diff --git a/template/en/default/global/select-menu.html.tmpl b/template/en/default/global/select-menu.html.tmpl
index 7b7fddb29..f1768d0d5 100644
--- a/template/en/default/global/select-menu.html.tmpl
+++ b/template/en/default/global/select-menu.html.tmpl
@@ -44,7 +44,7 @@
[% options_type = BLOCK %][% options %][% END %]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index de5d60c6c..b1cf46ecb 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -27,6 +27,9 @@
[%# This is a list of all the possible user errors. Please keep them in
# alphabetical order by error tag, and leave a blank line between errors.
+ #
+ # Note that you must explicitly filter every single template variable
+ # in this file; if you do not wish to change it, use the "none" filter.
#%]
[% PROCESS global/variables.none.tmpl %]
@@ -44,7 +47,7 @@
[% ELSIF error == "account_disabled" %]
[% title = "Account Disabled" %]
- [% disabled_reason %]
+ [% disabled_reason FILTER none %]
If you believe your account should be restored, please
send email to [% Param("maintainer") %] explaining why.
@@ -72,7 +75,7 @@
[% ELSIF error == "alias_in_use" %]
[% title = "Alias In Use" %]
- [% bug_link %] has already taken the alias
+ [% bug_link FILTER none %] has already taken the alias
[% alias FILTER html %]. Please choose another one.
[% ELSIF error == "alias_is_numeric" %]
@@ -95,7 +98,7 @@
[% ELSIF error == "authorization_failure" %]
[% title = "Authorization Failed" %]
- You are not allowed to [% action %].
+ You are not allowed to [% action FILTER html %].
[% ELSIF error == "attachment_access_denied" %]
[% title = "Access Denied" %]
@@ -103,13 +106,14 @@
[% ELSIF error == "bug_access_denied" %]
[% title = "Access Denied" %]
- You are not authorized to access [% terms.bug %] #[% bug_id %].
+ You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %].
[% ELSIF error == "bug_access_query" %]
[% title = "Access Denied" %]
- You are not authorized to access [% terms.bug %] #[% bug_id %]. To see
- this [% terms.bug %], you must
- first log
+ You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %].
+ To see this [% terms.bug %], you must
+ first log
in to an account with the appropriate permissions.
[% ELSIF error == "buglist_parameters_required" %]
@@ -139,7 +143,7 @@
[% title = "Dependency Loop Detected" %]
The following [% terms.bug %](s) would appear on both the "depends on"
and "blocks" parts of the dependency tree if these changes
- are committed: [% both %]. This would create a circular
+ are committed: [% both FILTER none %]. This would create a circular
dependency, which is not allowed.
[% ELSIF error == "dependency_loop_single" %]
@@ -176,7 +180,8 @@
[% ELSIF error == "file_too_large" %]
[% title = "File Too Large" %]
- The file you are trying to attach is [% filesize %] kilobytes (KB) in size.
+ The file you are trying to attach is [% filesize FILTER html %]
+ kilobytes (KB) in size.
Non-patch attachments cannot be more than [% Param('maxattachmentsize') %]
KB.
If your attachment is an image, try converting it to a compressable
@@ -187,8 +192,10 @@
[% title = "Flag Requestee Not Authorized" %]
You asked [% requestee.identity FILTER html %]
- for [% flag_type.name FILTER html %] on [% terms.bug %] [% bug_id -%]
- [% IF attach_id %], attachment [% attach_id %][% END %], but that [% terms.bug %]&bnsp;
+ for [% flag_type.name FILTER html %] on [% terms.bug %]
+ [% bug_id FILTER html -%]
+ [% IF attach_id %], attachment [% attach_id FILTER html %][% END %],
+ but that [% terms.bug %]&bnsp;
has been restricted to users in certain groups, and the user you asked
isn't in all the groups to which the [% terms.bug %] has been restricted.
Please choose someone else to ask, or make the [% terms.bug %] accessible to users
@@ -198,8 +205,10 @@
[% title = "Flag Requestee Not Authorized" %]
You asked [% requestee.identity FILTER html %]
- for [% flag_type.name FILTER html %] on [% terms.bug %] [% bug_id %],
- attachment [% attach_id %], but that attachment is restricted to users
+ for [% flag_type.name FILTER html %] on
+ [% terms.bug %] [% bug_id FILTER html %],
+ attachment [% attach_id FILTER html %], but that attachment is restricted
+ to users
in the [% Param("insidergroup") FILTER html %] group, and the user
you asked isn't in that group. Please choose someone else to ask,
or ask an administrator to add the user to the group.
@@ -233,11 +242,12 @@
[% ELSIF error == "illegal_attachment_edit" %]
[% title = "Unauthorised Action" %]
- You are not authorised to edit attachment [% attach_id %].
+ You are not authorised to edit attachment [% attach_id FILTER html %].
[% ELSIF error == "illegal_attachment_edit_bug" %]
[% title = "Unauthorised Action" %]
- You are not authorised to edit attachments on [% terms.bug %] [%+ bug_id %].
+ You are not authorised to edit attachments on [% terms.bug %]
+ [%+ bug_id FILTER html %].
[% ELSIF error == "illegal_attachment_is_patch" %]
[% title = "Your Query Makes No Sense" %]
@@ -246,7 +256,8 @@
[% ELSIF error == "illegal_change" %]
[% title = "Not allowed" %]
- You tried to change the [% field %] field
+ You tried to change the
+ [% field_descs.$field FILTER html %] field
from [% oldvalue FILTER html %] to
[% newvalue FILTER html %],
but only the owner or submitter of the [% terms.bug %], or a
@@ -320,7 +331,7 @@
[% ELSIF error == "invalid_bug_id_non_existent" %]
[% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
- [% terms.Bug %] #[% bug_id %] does not exist.
+ [% terms.Bug %] #[% bug_id FILTER html %] does not exist.
[% ELSIF error == "invalid_bug_id_or_alias" %]
[% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
@@ -383,7 +394,8 @@
[% ELSIF error == "milestone_required" %]
[% title = "Milestone Required" %]
- You must determine a target milestone for [% terms.bug %] [%+ bug_id %]
+ You must determine a target milestone for [% terms.bug %]
+ [%+ bug_id FILTER html %]
if you are going to accept it. Part of accepting
[% terms.abug %] is giving an estimate of when it will be fixed.
@@ -459,7 +471,8 @@
[% ELSIF error == "need_positive_number" %]
[% title = "Positive Number Required" %]
- The [% field_descs.$field %] field requires a positive number.
+ The [% field_descs.$field FILTER html %] field requires a positive
+ number.
[% ELSIF error == "need_product" %]
[% title = "Product Required" %]
@@ -499,7 +512,8 @@
[% ELSIF error == "no_dupe_stats" %]
[% title = "Cannot Find Duplicate Statistics" %]
- There are no duplicate statistics for today ([% today %]) or yesterday.
+ There are no duplicate statistics for today ([% today FILTER html %])
+ or yesterday.
[% ELSIF error == "no_dupe_stats_error_today" %]
[% title = "Error Reading Today's Dupes File" %]
@@ -513,7 +527,8 @@
[% ELSIF error == "no_dupe_stats_error_yesterday" %]
[% title = "Error Reading Yesterday's Dupes File" %]
- There are no duplicate statistics for today ([% today %]), and an error
+ There are no duplicate statistics for today ([% today FILTER html %]),
+ and an error
occurred opening yesterday's dupes file: [% error_msg FILTER html %].
[% ELSIF error == "no_html_in_quips" %]
@@ -558,7 +573,8 @@
[% ELSIF error == "patch_too_large" %]
[% title = "File Too Large" %]
- The file you are trying to attach is [% filesize %] kilobytes (KB) in size.
+ The file you are trying to attach is [% filesize FILTER html %]
+ kilobytes (KB) in size.
Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
Try breaking your patch into several pieces.
@@ -568,7 +584,8 @@
[% ELSIF error == "product_edit_denied" %]
[% title = "Product Edit Access Denied" %]
- You are not permitted to edit [% terms.bugs %] in product [% product %].
+ You are not permitted to edit [% terms.bugs %] in product
+ [% product FILTER html %].
[% ELSIF error == "query_name_missing" %]
[% title = "No Query Name Specified" %]
@@ -620,15 +637,17 @@
[% ELSIF error == "too_many_votes_for_bug" %]
[% title = "Illegal Vote" %]
- You may only use at most [% max %] votes for a single [% terms.bug %] in the
+ You may only use at most [% max FILTER html %] votes for a single
+ [%+ terms.bug %] in the
[% prod FILTER html %] product, but you are trying to use
- [% votes %].
+ [% votes FILTER html %].
[% ELSIF error == "too_many_votes_for_product" %]
[% title = "Illegal Vote" %]
- You may only use at most [% max %] votes for [% terms.bugs %] in the
+ You may only use at most [% max FILTER html %] votes for [% terms.bugs %]
+ in the
[% prod FILTER html %] product, but you are trying to use
- [% votes %].
+ [% votes FILTER html %].
[% ELSIF error == "token_inexistent" %]
[% title = "Token Does Not Exist" %]
@@ -662,7 +681,8 @@
[% ELSIF error == "value_out_of_range" %]
[% title = "Value Out Of Range" %]
- Value is out of range for field [% field_descs.$field %].
+ Value is out of range for field
+ [% field_descs.$field FILTER html %].
[% ELSIF error == "zero_length_file" %]
[% title = "File Is Empty" %]
@@ -684,7 +704,7 @@