blob: e3b9ef5f7e91dd6310798500e1775590fa136848 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
[%# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
#%]
[%# INTERFACE:
# abuser: identity of the user who created the (invalid?) token.
# token_action: the action the token was supposed to serve.
# expected_action: the action the user was going to do.
# script_name: the script generating this warning.
# alternate_script: the suggested script to redirect the user to
# if he declines submission.
#%]
[% PROCESS global/header.html.tmpl title = "Suspicious Action"
style_urls = ['skins/standard/global.css'] %]
[% IF abuser %]
<div class="throw_error">
<p>When you view an administrative form in [% terms.Bugzilla %], a token string
is randomly generated and stored both in the database and in the form you loaded,
to make sure that the requested changes are being made as a result of submitting
a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
is incorrect, meaning that it looks like you didn't come from the right page.
The following token has been used :</p>
<table border="0" cellpadding="5" cellspacing="0">
[% IF token_action != expected_action %]
<tr>
<th>Action stored:</th>
<td>[% token_action FILTER html %]</td>
</tr>
<tr>
<th> </th>
<td>
This action doesn't match the one expected ([% expected_action FILTER html %]).
</td>
</tr>
[% END %]
[% IF abuser != user.identity %]
<tr>
<th>Generated by:</th>
<td>[% abuser FILTER html %]</td>
</tr>
<tr>
<th> </th>
<td>
This token has not been generated by you. It is possible that someone
tried to trick you!
</td>
</tr>
[% END %]
</table>
<p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
</div>
[% ELSE %]
<div class="throw_error">
It looks like you didn't come from the right page (you have no valid token for
the <em>[% expected_action FILTER html %]</em> action while processing the
'[% script_name FILTER html%]' script). The reason could be one of:<br>
<ul>
<li>You clicked the "Back" button of your web browser after having successfully
submitted changes, which is generally not a good idea (but harmless).</li>
<li>You entered the URL in the address bar of your web browser directly,
which should be safe.</li>
<li>You clicked on a URL which redirected you here <b>without your consent</b>,
in which case this action is much more critical.</li>
</ul>
Are you sure you want to commit these changes anyway? This may result in
unexpected and undesired results.
</div>
<form name="check" id="check" method="post" action="[% script_name FILTER html %]">
[% PROCESS "global/hidden-fields.html.tmpl"
exclude="^(Bugzilla_login|Bugzilla_password)$" %]
<input type="submit" id="confirm" value="Confirm Changes">
</form>
<p>Or throw away these changes and go back to <a href="[% alternate_script FILTER html %]">
[%- alternate_script FILTER html %]</a>.</p>
[% END %]
[% PROCESS global/footer.html.tmpl %]
|