From 4bbb07e8048ef859cfc29c6b9d221840f2c6aed1 Mon Sep 17 00:00:00 2001 From: "gerv%gerv.net" <> Date: Fri, 16 Jan 2004 06:34:12 +0000 Subject: Phase 1 of a big documentation update before 2.17.6. --- docs/html/cust-templates.html | 182 +++++++++++++++++++----------------------- 1 file changed, 80 insertions(+), 102 deletions(-) (limited to 'docs/html/cust-templates.html') diff --git a/docs/html/cust-templates.html b/docs/html/cust-templates.html index a981513c8..c905e3031 100644 --- a/docs/html/cust-templates.html +++ b/docs/html/cust-templates.html @@ -4,18 +4,20 @@ >Template CustomizationThe Bugzilla Guide - 2.17.5 Development ReleaseThe Bugzilla Guide - 2.17.5 + Development ReleasePrevChapter 5. Administering BugzillaChapter 6. Customising Bugzilla5.7. Template Customization6.1. Template Customization

One of the large changes for 2.16 was the templatization of the - entire user-facing UI, using the - Template Toolkit. - Administrators can now configure the look and feel of Bugzilla without +> Administrators can configure the look and feel of Bugzilla without having to edit Perl files or face the nightmare of massive merge conflicts when they upgrade to a newer version in the future.

Templatization also makes localized versions of Bugzilla possible, - for the first time. As of version 2.17.4 which will soon - become 2.18, it's possible to have Bugzilla's language determined by - the user's browser. More information is available in + for the first time. It's possible to have Bugzilla's UI language + determined by the user's browser. More information is available in Section 5.7.5Section 6.1.5.

5.7.1. What to Edit

6.1.1. What to Edit

There are two different ways of editing of Bugzilla's templates, - and which you use depends mainly on how you upgrade Bugzilla. The - template directory structure is that there's a top level directory, +> The template directory structure is that there's a top level directory, template

The first method of making customizations is to directly edit the +> There are two different ways of editing Bugzilla's templates, + and which you use depends mainly on the method you plan to use to + upgrade Bugzilla. + The first method of making customizations is to directly edit the templates in template/en/default

The other method is to copy the templates into a mirrored directory +> The other method is to copy the templates to be modified into a + mirrored directory structure under template/en/custom

5.7.2. How To Edit Templates

The syntax of the Template Toolkit language is beyond the scope of - this guide. It's reasonably easy to pick up by looking at the current - templates; or, you can read the manual, available on the - Template Toolkit home - page. However, you should particularly remember (for security - reasons) to always HTML filter things which come from the database or - user input, to prevent cross-site scripting attacks. -

However, one thing you should take particular care about is the need - to properly HTML filter data that has been passed into the template. - This means that if the data can possibly contain special HTML characters - such as <, and the data was not intended to be HTML, they need to be - converted to entity form, ie &lt;. You use the 'html' filter in the - Template Toolkit to do this. If you fail to do this, you may open up - your installation to cross-site scripting attacks. -

Also note that Bugzilla adds a few filters of its own, that are not - in standard Template Toolkit. In particular, the 'url_quote' filter - can convert characters that are illegal or have special meaning in URLs, - such as &, to the encoded form, ie %26. This actually encodes most - characters (but not the common ones such as letters and numbers and so - on), including the HTML-special characters, so there's never a need to - HTML filter afterwards. -

Editing templates is a good way of doing a "poor man's custom fields". - For example, if you don't use the Status Whiteboard, but want to have - a free-form text entry box for "Build Identifier", then you can just - edit the templates to change the field labels. It's still be called - status_whiteboard internally, but your users don't need to know that. -

6.1.2. How To Edit Templates

The syntax of the Template Toolkit language is beyond the scope of + this guide. It's reasonably easy to pick up by looking at the current + templates; or, you can read the manual, available on the + Template Toolkit home + page. +

One thing you should take particular care about is the need + to properly HTML filter data that has been passed into the template. + This means that if the data can possibly contain special HTML characters + such as <, and the data was not intended to be HTML, they need to be + converted to entity form, ie &lt;. You use the 'html' filter in the + Template Toolkit to do this. If you forget, you may open up + your installation to cross-site scripting attacks. +

Also note that Bugzilla adds a few filters of its own, that are not + in standard Template Toolkit. In particular, the 'url_quote' filter + can convert characters that are illegal or have special meaning in URLs, + such as &, to the encoded form, ie %26. This actually encodes most + characters (but not the common ones such as letters and numbers and so + on), including the HTML-special characters, so there's never a need to + HTML filter afterwards. +

Editing templates is a good way of doing a "poor man's custom fields". + For example, if you don't use the Status Whiteboard, but want to have + a free-form text entry box for "Build Identifier", then you can just + edit the templates to change the field labels. It's still be called + status_whiteboard internally, but your users don't need to know that. +

5.7.3. Template Formats

6.1.3. Template Formats

Some CGIs have the ability to use more than one template. For example, buglist.cgi can output bug lists as RDF or two @@ -350,9 +345,9 @@ CLASS="filename"

To see if a CGI supports multiple output formats, grep the - CGI for "ValidateOutputFormat". If it's not present, adding + CGI for "GetFormat". If it's not present, adding multiple format support isn't too hard - see how it's done in - other CGIs. + other CGIs, e.g. config.cgi.

To make a new format template for a CGI which supports this, @@ -396,9 +391,9 @@ CLASS="section" >

5.7.4. Particular Templates

6.1.4. Particular Templates

There are a few templates you may be particularly interested in customizing for your installation. @@ -454,21 +449,6 @@ CLASS="command" >

bug/process/midair.html.tmpl: - This is the page used if two people submit simultaneous changes to the - same bug. The second person to submit their changes will get this page - to tell them what the first person did, and ask if they wish to - overwrite those changes or go back and revisit the bug. The default - title and header on this page read "Mid-air collision detected!" If - you work in the aviation industry, or other environment where this - might be found offensive (yes, we have true stories of this happening) - you'll want to change this to something more appropriate for your - environment. -

bug/create/create.html.tmpl and 5.7.5. Configuring Bugzilla to Detect the User's Language6.1.5. Configuring Bugzilla to Detect the User's Language

Begining in version 2.18 (first introduced in version - 2.17.4), it's now possible to have the users web browser tell Bugzilla - which language templates to use for each visitor (using the HTTP_ACCEPT - header). For this to work, Bugzilla needs to have the correct language - templates installed for the version of Bugzilla you are using. Many +>Bugzilla honours the user's Accept: HTTP header. You can install + templates in other languages, and Bugzilla will pick the most appropriate + according to a priority order defined by you. Many language templates can be obtained from After untarring the localizations (or creating your own) in the [Bugzilla_Root]/template$BUGZILLA_HOME/template directory, you must update the PrevBugzilla SecurityCustomising BugzillaUpChange Permission CustomizationCustomizing Who Can Change What