From ef3afee2a3471eff6c5285a258caba54c9b74ef3 Mon Sep 17 00:00:00 2001
From: Marc Schumann <wurblzap@gmail.com>
Date: Wed, 11 Apr 2012 21:50:54 +0200
Subject: If you're not allowed to change status or resolution, their values
 are being displayed unlocalized. r/a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=740879
---
 template/en/default/bug/field.html.tmpl | 39 ++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 15 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/bug/field.html.tmpl b/template/en/default/bug/field.html.tmpl
index 681ea716d..58f1b0ccc 100644
--- a/template/en/default/bug/field.html.tmpl
+++ b/template/en/default/bug/field.html.tmpl
@@ -202,22 +202,31 @@
                                                  'keyword_autocomplete');
        </script>
   [% END %]
-[% ELSIF field.type == constants.FIELD_TYPE_TEXTAREA %]
-  <div class="uneditable_textarea">[% value FILTER html %]</div>
-[% ELSIF field.type == constants.FIELD_TYPE_BUG_ID %]
-    [% IF value %]  
-        [% value FILTER bug_link(value, use_alias => 1) FILTER none %]
-    [% END %]
-[% ELSIF field.type == constants.FIELD_TYPE_BUG_URLS %]
-  [% '<ul class="bug_urls">' IF value.size %]
-    [% FOREACH bug_url = value %]
-      <li>
-        [% PROCESS bug_url_link bug_url = bug_url %]
-      </li>
-    [% END %]
-  [% '</ul>' IF value.size %]
 [% ELSE %]
-  [% value.join(', ') FILTER html %]
+  [% SWITCH field.type %]
+    [% CASE constants.FIELD_TYPE_TEXTAREA %]
+      <div class="uneditable_textarea">[% value FILTER html %]</div>
+    [% CASE constants.FIELD_TYPE_BUG_ID %]
+      [% IF value %]  
+          [% value FILTER bug_link(value, use_alias => 1) FILTER none %]
+      [% END %]
+    [% CASE [ constants.FIELD_TYPE_SINGLE_SELECT 
+              constants.FIELD_TYPE_MULTI_SELECT ] %]
+      [% FOREACH val = value %]
+        [% display_value(field.name, val) FILTER html %]
+        [% ', ' UNLESS loop.last() %]
+      [% END %]
+    [% CASE constants.FIELD_TYPE_BUG_URLS %]
+      [% '<ul class="bug_urls">' IF value.size %]
+        [% FOREACH bug_url = value %]
+          <li>
+            [% PROCESS bug_url_link bug_url = bug_url %]
+          </li>
+        [% END %]
+      [% '</ul>' IF value.size %]
+    [% CASE %]
+      [% value.join(', ') FILTER html %]
+  [% END %]
 [% END %]
 [% Hook.process('end_field_column') %]
 [% '</td>' IF NOT no_tds %]
-- 
cgit v1.2.3-24-g4f1b


From 84d097fb4c017e71714aad75e90da8154c087e85 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 12 Apr 2012 20:58:30 +0200
Subject: Bug 741078: Release notes for Bugzilla 4.2.1 r=dkl

---
 template/en/default/pages/release-notes.html.tmpl | 49 ++++++++++++++++++++++-
 1 file changed, 47 insertions(+), 2 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 6402814e1..51e698d93 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -29,7 +29,7 @@
 
 <ul class="bz_toc">
   <li><a href="#v42_introduction">Introduction</a></li>
-  <!-- li><a href="#v42_point">Updates in this 4.2.x Release</a></li -->
+  <li><a href="#v42_point">Updates in this 4.2.x Release</a></li>
   <li><a href="#v42_req">Minimum Requirements</a></li>
   <li><a href="#v42_feat">New Features and Improvements</a></li>
   <li><a href="#v42_issues">Outstanding Issues</a></li>
@@ -51,8 +51,53 @@
   in between your version and this one, <strong>particularly the Upgrading
   section of each version's release notes</strong>.</p>
 
-<!-- h2 id="v42_point">Updates in this 4.2.x Release</h2 -->
+<h2 id="v42_point">Updates in this 4.2.x Release</h2>
 
+<h3>4.2.1</h3>
+
+<p>This release fixes one security issue. See the
+  <a href="http://www.bugzilla.org/security/3.6.8/">Security Advisory</a>
+  for details.</p>
+
+<p>In addition, the following important fixes/changes have been made in this
+  release:</p>
+
+<ul>
+  <li>Due to a regression introduced when fixing CVE-2012-0453, if an XML-RPC
+    client sets the charset as part of its Content-Type header, we were
+    incorrectly rejecting the request. The header is now correctly parsed.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=731219">[% terms.Bug %] 731219</a>)</li>
+  <li>Email notifications about status changes in blockers were incorrectly
+    formatted. Several pieces of text were missing in the emails.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=731586">[% terms.Bug %] 731586</a>)</li>
+  <li>Many [% terms.bugs %] related to the searching system have been fixed.
+    (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=58179,715270,730984,731163,737436">
+    [% terms.Bugs %] 58179, 715270, 730984, 731163 and 737436</a>)</li>
+  <li>When using the QuickSearch box, complex queries are now parsed correctly.
+    It also behaves correctly with non-ASCII characters (such as é, ä, ü, etc.).
+    (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=554819,663377,730207">
+    [% terms.Bugs %] 554819, 663377 and 730207</a>)</li>
+  <li>The 'take' link besides the assignee field now works correctly when
+    the <kbd>usemenuforusers</kbd> parameter is turned on.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=734997">[% terms.Bug %] 734997</a>)</li>
+  <li>URLs in the 'Total' row at the bottom of tabular reports were broken
+    when JavaScript was enabled and a user field was used for the vertical
+    axis.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=731323">[% terms.Bug %] 731323</a>)</li>
+  <li>Some performance problems have been fixed for installations with many
+    products, components or versions.
+    (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=695514,731055">
+    [% terms.Bugs %] 695514 and 731055</a>)</li>
+  <li>A new hook named <kbd>buglist_column_joins</kbd> has been added to let
+    extensions alter the <kbd>Bugzilla::Search::COLUMN_JOINS</kbd> hash.
+    Now more fields can be displayed as columns in buglists, in combination
+    with the already existing <kbd>buglist_columns</kbd> hook.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=743991">[% terms.Bug %] 743991</a>)</li>
+  <li>A new hook named <kbd>admin_editusers_action</kbd> has been added to let
+    extensions alter the behavior of <kbd>editusers.cgi</kbd>. This lets you add
+    new features to this script very easily.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=730794">[% terms.Bug %] 730794</a>)</li>
+</ul>
 
 <h2 id="v42_req">Minimum Requirements</h2>
 
-- 
cgit v1.2.3-24-g4f1b


From dd288903e2a64d3f012987fcb676a1bce45ab41f Mon Sep 17 00:00:00 2001
From: Marc Schumann <wurblzap@gmail.com>
Date: Sat, 14 Apr 2012 18:05:39 +0200
Subject: Change columns: empty buttons when images turned off. r/a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=474747
---
 template/en/default/list/change-columns.html.tmpl | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/list/change-columns.html.tmpl b/template/en/default/list/change-columns.html.tmpl
index b13055c38..ff7e5d371 100644
--- a/template/en/default/list/change-columns.html.tmpl
+++ b/template/en/default/list/change-columns.html.tmpl
@@ -57,8 +57,7 @@
       <tr>
         <th><div id="avail_header" class="bz_default_hidden">Available Columns</div></th>
         <th></th>
-        <th>Selected Columns</th>
-        <th></th>
+        <th colspan="2">Selected Columns</th>
       </tr>
       <tr>
         <td>
@@ -68,11 +67,13 @@
           </select>
         </td>
         <td>
-          <input class="image_button bz_default_hidden" type="button" 
-                 id="select_button" name="select" onclick="move_select()">
+          <button type="button" id="select_button" name="select"
+                  class="bz_default_hidden arrow_button"
+                  onclick="move_select()">&rarr;</button>
           <br><br>
-          <input class="image_button bz_default_hidden" type="button" 
-                 id="deselect_button" name="deselect" onclick="move_deselect()">
+          <button type="button" id="deselect_button" name="deselect"
+                  class="bz_default_hidden arrow_button"
+                  onclick="move_deselect()">&larr;</button>
         </td>
         <td>
           <select name="selected_columns" id="selected_columns" 
@@ -93,11 +94,13 @@
           </select>
         </td>
         <td>
-          <input class="image_button bz_default_hidden" type="button" 
-                 id="up_button" name="up" onclick="move_up()">
+          <button type="button" id="up_button" name="up"
+                  class="bz_default_hidden arrow_button"
+                  onclick="move_up()">&uarr;</button>
           <br><br>
-          <input class="image_button bz_default_hidden" type="button"
-                 id="down_button" name="down" onclick="move_down()">
+          <button type="button" id="down_button" name="down"
+                  class="bz_default_hidden arrow_button"
+                  onclick="move_down()">&darr;</button>
         </td>
       </tr>
     </table>
-- 
cgit v1.2.3-24-g4f1b


From 90225246accea4319d6a1a2ce7b28af5c8e30184 Mon Sep 17 00:00:00 2001
From: Marc Schumann <wurblzap@gmail.com>
Date: Sun, 15 Apr 2012 00:02:17 +0200
Subject: Comment toggling text is not localizable because it's in a .js file.
 r/a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=745460
---
 template/en/default/bug/comments.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'template/en')

diff --git a/template/en/default/bug/comments.html.tmpl b/template/en/default/bug/comments.html.tmpl
index 208ea092a..170c69349 100644
--- a/template/en/default/bug/comments.html.tmpl
+++ b/template/en/default/bug/comments.html.tmpl
@@ -122,7 +122,7 @@
           <span class="bz_comment_actions">
             <script type="text/javascript"><!--
               addReplyLink([% count %], [% comment.id %]);
-              addCollapseLink([% count %]); // -->
+              addCollapseLink([% count %], 'Toggle comment display'); // -->
             </script>
           </span>
         [% END %]
-- 
cgit v1.2.3-24-g4f1b


From 6b716a04b187775e545e0d835d1f18fe3e7905e1 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 17 Apr 2012 21:11:20 +0200
Subject: Bug 745197: Add a hook in Bugzilla::Error::_throw_error() so that
 extensions can control the way to throw errors r=dkl a=LpSolit

---
 template/en/default/global/code-error.html.tmpl | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index f100df994..f09415cc2 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -520,10 +520,8 @@
 
 <table cellpadding="20">
   <tr>
-    <td bgcolor="#ff0000">
-      <font size="+2">
-        [% error_message FILTER none %]
-      </font>
+    <td id="error_msg" class="throw_error">
+      [% error_message FILTER none %]
     </td>
   </tr>
 </table>
-- 
cgit v1.2.3-24-g4f1b


From a76f0247dd5f3734ba73ff59fba43d29c44df89a Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 17 Apr 2012 21:24:18 +0200
Subject: Bug 741078: Update relnotes for 4.2.1

---
 template/en/default/pages/release-notes.html.tmpl | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 51e698d93..3cba64406 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -55,7 +55,7 @@
 
 <h3>4.2.1</h3>
 
-<p>This release fixes one security issue. See the
+<p>This release fixes two security issues. See the
   <a href="http://www.bugzilla.org/security/3.6.8/">Security Advisory</a>
   for details.</p>
 
@@ -71,8 +71,8 @@
     formatted. Several pieces of text were missing in the emails.
     (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=731586">[% terms.Bug %] 731586</a>)</li>
   <li>Many [% terms.bugs %] related to the searching system have been fixed.
-    (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=58179,715270,730984,731163,737436">
-    [% terms.Bugs %] 58179, 715270, 730984, 731163 and 737436</a>)</li>
+    (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=58179,715270,730984,731163,737436,745320">
+    [% terms.Bugs %] 58179, 715270, 730984, 731163, 737436 and 745320</a>)</li>
   <li>When using the QuickSearch box, complex queries are now parsed correctly.
     It also behaves correctly with non-ASCII characters (such as é, ä, ü, etc.).
     (<a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=554819,663377,730207">
@@ -93,6 +93,9 @@
     Now more fields can be displayed as columns in buglists, in combination
     with the already existing <kbd>buglist_columns</kbd> hook.
     (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=743991">[% terms.Bug %] 743991</a>)</li>
+  <li>A new hook named <kbd>error_catch</kbd> has been added to let extensions
+    alter the way errors are thrown.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=745197">[% terms.Bug %] 745197</a>)</li>
   <li>A new hook named <kbd>admin_editusers_action</kbd> has been added to let
     extensions alter the behavior of <kbd>editusers.cgi</kbd>. This lets you add
     new features to this script very easily.
-- 
cgit v1.2.3-24-g4f1b


From af3e4c43b0ad6267669d2e987d6ae3acdde70253 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 18 Apr 2012 19:00:42 +0200
Subject: Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists
 permits attackers to access all bugs that the victim can see r=glob a=LpSolit

---
 template/en/default/list/list.js.tmpl | 37 -----------------------------------
 1 file changed, 37 deletions(-)
 delete mode 100644 template/en/default/list/list.js.tmpl

(limited to 'template/en')

diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl
deleted file mode 100644
index 7e9664c43..000000000
--- a/template/en/default/list/list.js.tmpl
+++ /dev/null
@@ -1,37 +0,0 @@
-[%# The contents of this file are subject to the Mozilla Public
-  # License Version 1.1 (the "License"); you may not use this file
-  # except in compliance with the License. You may obtain a copy of
-  # the License at http://www.mozilla.org/MPL/
-  #
-  # Software distributed under the License is distributed on an "AS
-  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-  # implied. See the License for the specific language governing
-  # rights and limitations under the License.
-  #
-  # The Original Code is the Bugzilla Bug Tracking System.
-  #
-  # The Initial Developer of the Original Code is Netscape Communications
-  # Corporation. Portions created by Netscape are
-  # Copyright (C) 1998 Netscape Communications Corporation. All
-  # Rights Reserved.
-  #
-  # Contributor(s): Gervase Markham <gerv@gerv.net>
-  #%]
-
-// Note: only publicly-accessible bugs (those not in any group) will be
-// listed when using this JavaScript format. This is to prevent malicious
-// sites stealing information about secure bugs.
-  
-bugs = new Array; 
-
-[% FOREACH bug = bugs %]
-  bugs[[% bug.bug_id %]] = [ 
-    [% FOREACH column = displaycolumns %]
-      "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
-    [% END %]
-  ];
-[% END %]
-
-if (window.buglistCallback) {
-  buglistCallback(bugs);
-}
-- 
cgit v1.2.3-24-g4f1b