From 2d2fc6373bf882d5ddb16e3136567647cf2ef3ae Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Thu, 24 May 2012 14:17:50 +0800 Subject: Bug 744691: Throw an error early when calling a method from a non-existent class r=dkl, a=LpSolit --- Bugzilla/WebService/Server.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index 4e0315219..feb80e9d0 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -25,6 +25,7 @@ use Scalar::Util qw(blessed); sub handle_login { my ($self, $class, $method, $full_method) = @_; + ThrowCodeError('unknown_method', {method => $full_method}) if !$class; eval "require $class"; ThrowCodeError('unknown_method', {method => $full_method}) if $@; return if ($class->login_exempt($method) -- cgit v1.2.3-24-g4f1b From 368fa4c0afeeb58d9ef67a255ae2e7c3a2defd3c Mon Sep 17 00:00:00 2001 From: Koosha Khajeh Moogahi Date: Mon, 28 May 2012 01:36:39 +0200 Subject: Bug 754981: Add a link pointing to the bug itself in HTML bugmails when only a comment is added r/a=LpSolit --- template/en/default/email/bugmail.html.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/template/en/default/email/bugmail.html.tmpl b/template/en/default/email/bugmail.html.tmpl index e42b5564d..f8f182548 100644 --- a/template/en/default/email/bugmail.html.tmpl +++ b/template/en/default/email/bugmail.html.tmpl @@ -33,6 +33,7 @@ [% IF comment.count %] [% "Comment # ${comment.count}" FILTER bug_link( bug, {comment_num => comment.count, full_url => 1}) FILTER none %] + on [% "$terms.bug $bug.id" FILTER bug_link( bug, { full_url => 1 }) FILTER none %] from [% INCLUDE global/user.html.tmpl who = comment.author %] [% END %] 
[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment) %]
-- cgit v1.2.3-24-g4f1b From 71be6327da8fbfd2207a9e5826da98f25caca403 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Tue, 29 May 2012 00:58:23 +0800 Subject: Bug 756314: Fix dropping of unique matches when the "confirm page" page is display. r=LpSolit, a=LpSolit --- template/en/default/global/confirm-user-match.html.tmpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/template/en/default/global/confirm-user-match.html.tmpl b/template/en/default/global/confirm-user-match.html.tmpl index 5549b516d..cff20d237 100644 --- a/template/en/default/global/confirm-user-match.html.tmpl +++ b/template/en/default/global/confirm-user-match.html.tmpl @@ -150,8 +150,6 @@ [% ELSE %] matched [% query.value.users.0.identity FILTER html %] - [% END %] [% ELSE %] [% IF (query.key.length < 3) && !Param('emailsuffix') %] @@ -176,8 +174,10 @@ [% IF matchsuccess == 1 %] - [% SET exclude_these = - matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %] + [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %] + [% FOREACH key IN matches.keys %] + [% exclude_these.push(key) IF cgi.param(key) == '' %] + [% END %] [% SET exclude = '^' _ exclude_these.join('|') _ '$' %] [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %] -- cgit v1.2.3-24-g4f1b From 6bf31c24a131b4a1694ce7c9686b85cfc6195532 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Tue, 29 May 2012 07:45:06 -0700 Subject: Bug 754561 - Escape HTML in keywords in the auto-complete form [r=LpSolit a=LpSolit] --- js/field.js | 1 + 1 file changed, 1 insertion(+) diff --git a/js/field.js b/js/field.js index 744f193a3..2c3fd69b7 100644 --- a/js/field.js +++ b/js/field.js @@ -770,6 +770,7 @@ YAHOO.bugzilla.keywordAutocomplete = { } var keywordAutoComp = new YAHOO.widget.AutoComplete(field, container, this.dataSource); keywordAutoComp.maxResultsDisplayed = YAHOO.bugzilla.keyword_array.length; + keywordAutoComp.formatResult = keywordAutoComp.formatEscapedResult; keywordAutoComp.minQueryLength = 0; keywordAutoComp.useIFrame = true; keywordAutoComp.delimChar = [","," "]; -- cgit v1.2.3-24-g4f1b From 3004a5e322c3a95c7e51978b917f1547c382bac9 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Tue, 29 May 2012 07:52:31 -0700 Subject: Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default" [r=LpSolit a=LpSolit] --- query.cgi | 3 +++ template/en/default/search/knob.html.tmpl | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/query.cgi b/query.cgi index b3b9aa443..bfb79e52c 100755 --- a/query.cgi +++ b/query.cgi @@ -39,6 +39,7 @@ use Bugzilla::Product; use Bugzilla::Keyword; use Bugzilla::Field; use Bugzilla::Install::Util qw(vers_cmp); +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -51,6 +52,8 @@ my $userid = $user->id; if ($cgi->param('nukedefaultquery')) { if ($userid) { + my $token = $cgi->param('token'); + check_hash_token($token, ['nukedefaultquery']); $dbh->do("DELETE FROM namedqueries" . " WHERE userid = ? AND name = ?", undef, ($userid, DEFAULT_QUERY_NAME)); diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index 17ff63a10..a50f6bd32 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -79,7 +79,8 @@ [% IF userdefaultquery %]

- + Set my default search back to the system default.

[% END %] -- cgit v1.2.3-24-g4f1b From 6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Tue, 29 May 2012 08:23:18 -0700 Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options [r=LpSolit a=LpSolit] --- buglist.cgi | 2 ++ template/en/default/search/knob.html.tmpl | 23 ++++++++++++++--------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/buglist.cgi b/buglist.cgi index d4ddfbd63..fcd268959 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -461,6 +461,8 @@ if ($cmdtype eq "dorem") { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { $user = Bugzilla->login(LOGIN_REQUIRED); + my $token = $cgi->param('token'); + check_hash_token($token, ['searchknob']); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index a50f6bd32..e20822bf5 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -40,6 +40,9 @@ "Last Changed" => "Last Changed" } %] +[% IF user.id %] + +[% END %]

: @@ -56,7 +59,7 @@ [% IF known_name %] - [%# We store known_name in case the user add a boolean chart. %] + [%# We store known_name in case the user adds a boolean chart. %] [%# The name of the existing query will be passed to buglist.cgi. %] @@ -68,14 +71,16 @@ [% END %]

-

-     - - -

+[% IF user.id %] +

+     + + +

+[% END %] [% IF userdefaultquery %]

-- cgit v1.2.3-24-g4f1b