vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix html filter errors, adjust 008filter.t

hinted-selects
Vitaliy Filippov 2014-10-22 14:55:59 +04:00
parent d693f13578
commit 423d30757f
23 changed files with 91 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
enter_bug.cgi
View File

@ -276,7 +276,7 @@ if ($cloned_bug_id)
# the first comment, if it has one. Either way, make a note
# that this bug was cloned from another bug.
my $cloned_comment = $ARGS->{cloned_comment} || 0;
my $cloned_comment = int($ARGS->{cloned_comment}) || 0;
my $bug_desc = $cloned_bug->comments({ order => 'oldest_to_newest' });
my ($comment_obj) = grep { $_->{count} == $cloned_comment } @$bug_desc;
$comment_obj ||= $bug_desc->[0];

95
t/008filter.t
View File

@ -25,7 +25,7 @@
# This test scans all our templates for every directive. Having eliminated
# those which cannot possibly cause XSS problems, it then checks the rest
# against the safe list stored in the filterexceptions.pl file.
# against the safe list stored in the filterexceptions.pl file.
# Sample exploit code: '>"><script>alert('Oh dear...')</script>
@ -54,12 +54,12 @@ foreach my $path (@Support::Templates::include_paths) {
chdir $topdir; # absolute path
my @testitems = Support::Templates::find_actual_files($path);
chdir $topdir; # absolute path
next unless @testitems;
# Some people require this, others don't. No-one knows why.
chdir $path; # relative path
# We load a %safe list of acceptable exceptions.
if (!-r "filterexceptions.pl") {
ok(0, "$path has templates but no filterexceptions.pl file. --ERROR");
@ -68,7 +68,7 @@ foreach my $path (@Support::Templates::include_paths) {
else {
do "filterexceptions.pl";
if (ON_WINDOWS) {
# filterexceptions.pl uses / separated paths, while
# filterexceptions.pl uses / separated paths, while
# find_actual_files returns \ separated ones on Windows.
# Here, we convert the filter exception hash to use \.
foreach my $file (keys %safe) {
@ -81,15 +81,15 @@ foreach my $path (@Support::Templates::include_paths) {
}
}
}
# We preprocess the %safe hash of lists into a hash of hashes. This allows
# us to flag which members were not found, and report that as a warning,
# us to flag which members were not found, and report that as a warning,
# thereby keeping the lists clean.
foreach my $file (keys %safe) {
my $list = $safe{$file};
$safe{$file} = {};
foreach my $directive (@$list) {
$safe{$file}{$directive} = 0;
$safe{$file}{$directive} = 0;
}
}
@ -100,9 +100,9 @@ foreach my $path (@Support::Templates::include_paths) {
ok(1, "($lang/$flavor) $file is filter-safe");
next;
}
# Read the entire file into a string
open (FILE, "<$file") || die "Can't open $file: $!\n";
open (FILE, "<$file") || die "Can't open $file: $!\n";
my $slurp = <FILE>;
close (FILE);
@ -119,29 +119,30 @@ foreach my $path (@Support::Templates::include_paths) {
if (!directive_ok($file, $directive)) {
# This intentionally makes no effort to eliminate duplicates; to do
# so would merely make it more likely that the user would not
# so would merely make it more likely that the user would not
# escape all instances when attempting to correct an error.
push(@unfiltered, "$lineno:$directive");
}
}
}
my $fullpath = File::Spec->catfile($path, $file);
if (@unfiltered) {
my $uflist = join("\n ", @unfiltered);
ok(0, "($lang/$flavor) $fullpath has unfiltered directives:\n $uflist\n--ERROR");
ok(0, "($lang/$flavor) $fullpath has unfiltered directives");
diag(" -- ERRORS: --\n $uflist\n");
}
else {
# Find any members of the exclusion list which were not found
my @notfound;
foreach my $directive (keys %{$safe{$file}}) {
push(@notfound, $directive) if ($safe{$file}{$directive} == 0);
push(@notfound, $directive) if ($safe{$file}{$directive} == 0);
}
if (@notfound) {
my $nflist = join("\n ", @notfound);
ok(0, "($lang/$flavor) $fullpath - filterexceptions.pl has extra members:\n $nflist\n" .
"--WARNING");
ok(0, "($lang/$flavor) $fullpath - filterexceptions.pl has extra members");
diag(" -- WARNING: --\n $nflist\n");
}
else {
# Don't use the full path here - it's too long and unwieldy.
@ -155,17 +156,17 @@ sub directive_ok {
my ($file, $directive) = @_;
# Comments
return 1 if $directive =~ /^[+-]?#/;
return 1 if $directive =~ /^[+-]?#/s;
# Remove any leading/trailing + or - and whitespace.
$directive =~ s/^[+-]?\s*//;
$directive =~ s/\s*[+-]?$//;
$directive =~ s/^[+-]?\s*//s;
$directive =~ s/\s*[+-]?$//s;
# Empty directives are ok; they are usually line break helpers
return 1 if $directive eq '';
# Make sure we're not looking for ./ in the $safe hash
$file =~ s#^\./##;
$file =~ s#^\./##s;
# Exclude those on the nofilter list
if (defined($safe{$file}{$directive})) {
@ -174,7 +175,7 @@ sub directive_ok {
};
# Directives
return 1 if $directive =~ /^(IF|END|UNLESS|FOREACH|PROCESS|INCLUDE|
return 1 if $directive =~ /^(IF|END|UNLESS|FOR|PROCESS|INCLUDE|
BLOCK|USE|ELSE|NEXT|LAST|DEFAULT|FLUSH|
ELSIF|SET|SWITCH|CASE|WHILE|RETURN|STOP|
TRY|CATCH|FINAL|THROW|CLEAR|MACRO|FILTER)/x;
@ -185,45 +186,47 @@ sub directive_ok {
}
# + - * /
return 1 if $directive =~ /[+\-*\/]/;
return 1 if $directive =~ /[+\-*\/]/s;
# Numbers
return 1 if $directive =~ /^[0-9]+$/;
return 1 if $directive =~ /^[0-9]+$/s;
# Simple assignments
return 1 if $directive =~ /^[\w\.\$\{\}]+\s+=\s+/;
return 1 if $directive =~ /^[\w\.\$\{\}]+\s*=/s;
# Conditional literals with either sort of quotes
# Conditional literals with either sort of quotes
# There must be no $ in the string for it to be a literal
return 1 if $directive =~ /^(["'])[^\$]*[^\\]\1/;
return 1 if $directive =~ /^(["'])\1/;
return 1 if $directive =~ /^(["'])[^\$]*[^\\]\1/s;
return 1 if $directive =~ /^(["'])\1/s;
# Special values always used for numbers
return 1 if $directive =~ /^[ijkn]$/;
return 1 if $directive =~ /^count$/;
# Params
return 1 if $directive =~ /^Param\(/;
# Hooks
return 1 if $directive =~ /^Hook.process\(/;
return 1 if $directive =~ /^[ijkn]$/s;
return 1 if $directive =~ /^count$/s;
return 1 if $directive =~ /\.id$/s;
return 1 if $directive =~ /(^|\.)bug_id$/s;
# Other functions guaranteed to return OK output
return 1 if $directive =~ /^(time2str|url)\(/;
# Params
return 1 if $directive =~ /^Param\(.*\)$/s;
# Hooks
return 1 if $directive =~ /^Hook.process\(.*\)$/s;
# Other functions guaranteed to return safe output
return 1 if $directive =~ /^(time2str|url|html_select|json|L)\(.*\)$/s;
# Safe Template Toolkit virtual methods
return 1 if $directive =~ /\.(length$|size$|push\(|unshift\(|delete\()/;
return 1 if $directive =~ /\.(length$|size$|(push|unshift|delete)\(.*\)$)/s;
# Special Template Toolkit loop variable
return 1 if $directive =~ /^loop\.(index|count)$/;
# Branding terms
return 1 if $directive =~ /^terms\./;
return 1 if $directive =~ /^loop\.(index|count)$/s;
# Branding terms, constants
return 1 if $directive =~ /^(terms|constants)\.\w+$/s;
# Things which are already filtered
# Note: If a single directive prints two things, and only one is
# Note: If a single directive prints two things, and only one is
# filtered, we may not catch that case.
return 1 if $directive =~ /FILTER\ (html|csv|js|base64|url_quote|css_class_quote|
return 1 if $directive =~ /(FILTER|[^\|]\|)\s*(html|csv|js|base64|url_quote|css_class_quote|
ics|quoteUrls|time|uri|xml|lower|html_light|
obsolete|inactive|closed|unitconvert|
txt|none)\b/x;

4
template/en/default/admin/custom_fields/list.html.tmpl
View File

@ -175,7 +175,7 @@
[% BLOCK is_tweakable_values %]
[% IF row.can_tweak('value_field_id') || row.value_field_id %]
[% IF row.can_tweak('value_field_id') %]<abbr title="[% tweaks.value_field_id %]" style="color: blue">[% END %]
per-[% row.value_field && row.value_field.description || 'any' %]
per-[% row.value_field && row.value_field.description || 'any' | html %]
[% IF row.can_tweak('value_field_id') %]</abbr>[% END %]
[% END %]
[% END %]
@ -183,7 +183,7 @@
[% BLOCK is_tweakable_visible %]
[% IF row.can_tweak('visibility_field_id') || row.visibility_field_id %]
[% IF row.can_tweak('visibility_field_id') %]<abbr title="[% tweaks.visibility_field_id %]" style="color: blue">[% END %]
per-[% row.visibility_field && row.visibility_field.description || 'any' %]
per-[% row.visibility_field && row.visibility_field.description || 'any' | html %]
[% IF row.can_tweak('visibility_field_id') %]</abbr>[% END %]
[% END %]
[% END %]

6
template/en/default/admin/editemailin.html.tmpl
View File

@ -14,13 +14,13 @@
[% IF !mode_add %]
<table class="editemin">
<tr><th>Field</th><th>Value</th><th></th></tr>
[% FOR f IN fields %]
[% FOR f = fields %]
[% IF la != f.address %]
<tr><th colspan="3"><b>[% f.address %]</b> (<a href="?add=1&email=[% f.address FILTER html %]">add a field value for this address</a>)</th></tr>
<tr><th colspan="3"><b>[% f.address | html %]</b> (<a href="?add=1&email=[% f.address FILTER html %]">add a field value for this address</a>)</th></tr>
[% SET la = f.address %]
[% END %]
<tr>
<td>[% field_descs.${f.field} %]: &nbsp;</td>
<td>[% field_descs.${f.field} | html %]: &nbsp;</td>
<td><input style="width: 250px" type="text" name="f_[% f.address FILTER html %]_[% f.field FILTER html %]" value="[% f.value FILTER html %]" /></td>
<td><input type="checkbox" name="del_[% f.address FILTER html %]_[% f.field FILTER html %]" value="1" id="del_[% f.address FILTER html %]_[% f.field FILTER html %]" /> <label for="del_[% f.address FILTER html %]_[% f.field FILTER html %]">delete</label></td>
</tr>

2
template/en/default/admin/fieldvalues/control-list.html.tmpl
View File

@ -7,7 +7,7 @@
[% PROCESS global/header.html.tmpl %]
<h3>[% title %]</h3>
<h3>[% title | none %]</h3>
<form action="editvisibility.cgi?field=[% field.name | html %]&visibility_value_id=[% visibility_value.id %]" method="POST">
<input type="hidden" name="token" value="[% token | html %]" />

2
template/en/default/admin/fieldvalues/list.html.tmpl
View File

@ -77,7 +77,7 @@ Select value for the '[% field.description | html %]' ([% field.name | html %])
<h3>Values for the '[% field.description | html %]' ([% field.name | html %]) field</h3>
[% IF field.name == "component" || field.name == "version" || field.name == "target_milestone" || field.name == "product" %]
<p>[% field.description %]s must be edited from a product page. <a href="editproducts.cgi">Select a product</a> first.</p>
<p>[% field.description | html %]s must be edited from a product page. <a href="editproducts.cgi">Select a product</a> first.</p>
[% ELSE %]
[% PROCESS admin/table.html.tmpl
columns = columns

2
template/en/default/admin/params/editparams.html.tmpl
View File

@ -97,7 +97,7 @@
at least by testing it and <a href="http://github.com/vitalif/bugzilla-4intranet/issues">filing bugs</a>!
</div>
<h3>[% current_panel.desc %]</h3>
<h3>[% current_panel.desc | none %]</h3>
<p>
This lets you edit the basic operating parameters of [% terms.Bugzilla %].

2
template/en/default/bug/checkaccess.html.tmpl
View File

@ -19,7 +19,7 @@
<tbody>
[% FOREACH user = user_list %]
<tr>
<td>[% user.1 %]</td><td>[% user.2 %]</td>
<td>[% user.1 | html %]</td><td>[% user.2 | html %]</td>
</tr>
[% END %]
</tbody>

2
template/en/default/bug/create/create.html.tmpl
View File

@ -119,7 +119,7 @@ var close_status_array = [
<td style="padding-bottom: 0">
[% defaultcontent = BLOCK %]
[% IF cloned_bug_id %]
+++ This [% terms.bug %] was initially created as a clone of [% terms.Bug %] #[% cloned_bug_id %][% IF cloned_comment %] comment [% cloned_comment %][% END %] +++
+++ This [% terms.bug %] was initially created as a clone of [% terms.Bug %] #[% cloned_bug_id %][% IF cloned_comment %] comment [% cloned_comment | html %][% END %] +++
[% END %]

2
template/en/default/bug/edit.html.tmpl
View File

@ -408,7 +408,7 @@ document.changeform = document.[% cfname %];
%]
<br>
<input type="checkbox" id="set_default_qa_contact" name="set_default_qa_contact" value="1">
<label for="set_default_qa_contact" id="set_default_qa_contact_label">Reset QA Contact to default ([% bug.component_obj.default_qa_contact.login %])</label>
<label for="set_default_qa_contact" id="set_default_qa_contact_label">Reset QA Contact to default ([% bug.component_obj.default_qa_contact.login | html %])</label>
</div>
<script type="text/javascript">
[% IF bug.qa_contact != "" %]

8
template/en/default/bug/knob.html.tmpl
View File

@ -91,14 +91,14 @@ function onchange_bug_status()
showHideStatusItems('[% "is_duplicate" IF bug.dup_id %]', '[% bug.bug_status_obj.name | js %]');
var s = document.getElementById('bug_status');
[%# FIXME Remove hardcode bug_status==ASSIGNED => assign to self, bug_status==VERIFIED => qa to self %]
if (s.value == "ASSIGNED" && document.changeform.assigned_to.value != "[% user.login %]")
if (s.value == "ASSIGNED" && document.changeform.assigned_to.value != "[% user.login | js %]")
{
document.changeform.assigned_to.value = "[% user.login %]";
document.changeform.assigned_to.value = "[% user.login | js %]";
showEditableField("bz_assignee_edit_action", [ 'bz_assignee_edit_container', 'bz_assignee_input' ]);
}
else if (s.value == "VERIFIED" && document.changeform.qa_contact.value != "[% user.login %]")
else if (s.value == "VERIFIED" && document.changeform.qa_contact.value != "[% user.login | js %]")
{
document.changeform.qa_contact.value = "[% user.login %]";
document.changeform.qa_contact.value = "[% user.login | js %]";
showEditableField("bz_qa_contact_edit_action", [ 'bz_qa_contact_edit_container', 'bz_qa_contact_input' ]);
}
}

4
template/en/default/bug/process/verify-flags.html.tmpl
View File

@ -23,10 +23,10 @@
[% FOREACH flag = verify_flags %]
<tr>
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
[% flag.setter.login %] ( [% flag.setter.name %] )
[% flag.setter.login | html %] ( [% flag.setter.name | html %] )
</td>
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
"[% flag.type.description %]"
"[% flag.type.description | html %]"
</td>
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
[% ARGS.${"requestee-$flag.id"}.join(', ') %]

103
template/en/default/filterexceptions.pl
View File

@ -40,31 +40,19 @@
'whine/schedule.html.tmpl' => [
'event.key',
'query.id',
'query.sort',
'schedule.id',
'option.0',
'option.1',
],
'whine/mail.html.tmpl' => [
'bug.bug_id',
],
'flag/list.html.tmpl' => [
'flag.id',
'flag.status',
'type.id',
],
'search/boolean-charts.html.tmpl' => [
'"field${chartnum}-${rownum}-${colnum}"',
'"value${chartnum}-${rownum}-${colnum}"',
'field.name',
'"${chartnum}-${rownum}-${newor}"',
'"${chartnum}-${newand}-0"',
'newchart',
'jsmagic',
'C',
'I',
'J',
],
'search/form.html.tmpl' => [
@ -88,7 +76,6 @@
'column_headers.$group_field',
'column_headers.$column',
'request.status',
'request.bug_id',
'request.attach_id',
],
@ -155,32 +142,20 @@
'default.series_id',
],
'list/edit-multiple.html.tmpl' => [
'group.id',
'menuname',
],
'list/list.rdf.tmpl' => [
'template_version',
'bug.bug_id',
'column',
],
'list/table.html.tmpl' => [
'tableheader',
'bug.bug_id',
'abbrev.$id.title || field_descs.$id || column.title',
],
'list/list.csv.tmpl' => [
'bug.bug_id',
'colsepchar',
],
'list/list.js.tmpl' => [
'bug.bug_id',
],
'global/choose-product.html.tmpl' => [
'target',
],
@ -223,15 +198,9 @@
],
'global/site-navigation.html.tmpl' => [
'bug.bug_id',
'bug.votes',
],
'bug/comments.html.tmpl' => [
'comment.id',
'bug.bug_id',
],
'bug/dependency-graph.html.tmpl' => [
'image_map', # We need to continue to make sure this is safe in the CGI
'image_url',
@ -254,7 +223,6 @@
'bug.deadline',
'bug.remaining_time',
'bug.delta_ts',
'bug.bug_id',
'bug.votes',
'group.bit',
'dep.title',
@ -270,17 +238,10 @@
],
'bug/show-multiple.html.tmpl' => [
'attachment.id',
'flag.status',
],
'bug/show.html.tmpl' => [
'bug.bug_id',
],
'bug/show.xml.tmpl' => [
'constants.BUGZILLA_VERSION',
'a.id',
'field',
],
@ -299,8 +260,6 @@
'bug/time.html.tmpl' => [
'time_unit FILTER format(\'%.1f\')',
'time_unit FILTER format(\'%.2f\')',
'(act / (act + rem)) * 100
FILTER format("%d")',
],
'bug/votes/list-for-bug.html.tmpl' => [
@ -310,7 +269,6 @@
'bug/votes/list-for-user.html.tmpl' => [
'product.maxperbug',
'bug.id',
'bug.count',
'product.total',
'product.maxvotes',
@ -339,31 +297,18 @@
'change.attachid',
],
'attachment/create.html.tmpl' => [
'bug.bug_id',
'attachment.id',
],
'attachment/edit.html.tmpl' => [
'attachment.id',
'attachment.bug_id',
'a',
'editable_or_hide',
],
'attachment/list.html.tmpl' => [
'attachment.id',
'flag.status',
'bugid',
'obsolete_attachments',
],
'attachment/midair.html.tmpl' => [
'attachment.id',
],
'attachment/show-multiple.html.tmpl' => [
'a.id',
'flag.status'
],
@ -373,7 +318,6 @@
'bugid',
'oldid',
'newid',
'patch.id',
],
'attachment/diff-file.html.tmpl' => [
@ -395,11 +339,6 @@
'link_uri'
],
'admin/custom_fields/cf-js.js.tmpl' => [
'constants.FIELD_TYPE_SINGLE_SELECT',
'constants.FIELD_TYPE_MULTI_SELECT',
],
'admin/params/common.html.tmpl' => [
'sortlist_separator',
],
@ -408,14 +347,6 @@
'group.count',
],
'admin/products/groupcontrol/edit.html.tmpl' => [
'group.id',
'constants.CONTROLMAPNA',
'constants.CONTROLMAPSHOWN',
'constants.CONTROLMAPDEFAULT',
'constants.CONTROLMAPMANDATORY',
],
'admin/products/list.html.tmpl' => [
'classification_url_part',
],
@ -427,12 +358,10 @@
'admin/flag-type/confirm-delete.html.tmpl' => [
'flag_type.flag_count',
'flag_type.id',
],
'admin/flag-type/edit.html.tmpl' => [
'action',
'type.id',
'type.target_type',
'type.sortkey || 1',
'typeLabelLowerPlural',
@ -440,10 +369,6 @@
'selname',
],
'admin/flag-type/list.html.tmpl' => [
'type.id',
],
'admin/components/confirm-delete.html.tmpl' => [
'comp.bug_count'
],
@ -468,35 +393,17 @@
'watch.watcher',
'whine_events',
'whine_schedules',
'otheruser.id'
],
'admin/users/edit.html.tmpl' => [
'otheruser.id',
'group.id',
],
'admin/components/edit.html.tmpl' => [
'comp.bug_count'
],
'admin/workflow/edit.html.tmpl' => [
'status.id',
'new_status.id',
],
'admin/workflow/comment.html.tmpl' => [
'status.id',
'new_status.id',
],
'account/auth/login-small.html.tmpl' => [
'qs_suffix',
],
'account/prefs/email.html.tmpl' => [
'relationship.id',
'event.id',
'prefname',
],
@ -505,10 +412,6 @@
'current_tab.name',
],
'account/prefs/saved-searches.html.tmpl' => [
'group.id',
],
'config.rdf.tmpl' => [
'escaped_urlbase',
],

4
template/en/default/global/choose-classification.html.tmpl
View File

@ -38,7 +38,7 @@
<table class="choose_product">
<tr class="all">
<th><a href="[% target %]?[% query_params | html %]classification=__all">All</a></th>
<th><a href="[% target | html %]?[% query_params | html %]classification=__all">All</a></th>
<td valign="top">Show all products</td>
</tr>
<tr class="all"><td colspan="2"><hr /></td></tr>
@ -46,7 +46,7 @@
<tbody>
[% FOREACH class = classifications %]
<tr>
<th><a href="[% target %]?[% query_params | html %]classification=[% class.name | url_quote -%]">[% class.name | html %]</a></th>
<th><a href="[% target | html %]?[% query_params | html %]classification=[% class.name | url_quote -%]">[% class.name | html %]</a></th>
<td>[% class.description | html_light %]</td>
</tr>
[% END %]

2
template/en/default/global/messages.html.tmpl
View File

@ -1071,7 +1071,7 @@
ELSE;
message = Hook.process('messages');
END %]
[% message %]
[% message | none %]
[%# Give sensible error if a message is unknown. %]
[% IF !message %]
Message '[% message_tag | html %]' is unknown.<br />

2
template/en/default/global/user-error-page.html.tmpl
View File

@ -26,7 +26,7 @@
[% IF error_message.match('^\s*<[a-z]') %]
<div class="user-error-div-first" id="error_msg">
[% error_message %]
[% error_message | none %]
[% ELSE %]
<div class="user-error-div-first">
<p style="margin-top: 0; margin-bottom: 0" id="error_msg">[% error_message.replace("\n\n", "</p><p style='margin-bottom: 0'>") FILTER none %]</p>

4
template/en/default/global/user-error.html.tmpl
View File

@ -248,7 +248,7 @@
[% title = "Access Denied" %]
[% admindocslinks = {'groups.html' => 'Group Security'} %]
You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %]
[%- IF product AND Param('unauth_bug_details') %] in the [% product %] product[% END %].
[%- IF product AND Param('unauth_bug_details') %] in the [% product | html %] product[% END %].
[% END %]
[% BLOCK error_bug_access_query %]
@ -303,7 +303,7 @@
[% BLOCK error_cc_group_restriction %]
[% title = "CC Group Restriction" %]
User [% user %] is restricted to watch this bug.
User [% user | html %] is restricted to watch this bug.
[% END %]
[% BLOCK error_chart_too_large %]

8
template/en/default/list/comments.rss.tmpl
View File

@ -1,4 +1,6 @@
[%# 1.0@bugzilla.org %]
[%# Activity & comments RSS feed
# License: Dual-license MPL 1.1+ or GPL 3.0+
# Author(s): Vitaliy Filippov <vitalif@mail.ru> %]
[% USE date %]
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="[% Param('urlbase') %]skins/standard/feed.xsl"?>
@ -19,10 +21,10 @@
<description><![CDATA[
[% IF buginfo > 0 %]
<table class="bug-info"><tr>
<td>[% evt.bug_id %]</td><td>[% evt.product %]/[% evt.component %]</td><td>[% evt.bug_severity %]</td><td>[% evt.bug_status %]</td>
<td>[% evt.bug_id %]</td><td>[% evt.product | html %]/[% evt.component | html %]</td><td>[% evt.bug_severity | html %]</td><td>[% evt.bug_status | html %]</td>
</tr></table>
[% END %]
<div class="item-signature"><a href="[% Param("user_mailto") %][% evt.login_name %]">[% evt.realname FILTER html %]</a></div>
<div class="item-signature"><a href="[% Param("user_mailto") %][% evt.login_name | html %]">[% evt.realname FILTER html %]</a></div>
[% IF evt.thetext %]
<pre>
[% evt.thetext FILTER quoteUrls FILTER wrap_comment FILTER absolute_uris %]

2
template/en/default/list/list.html.tmpl
View File

@ -75,7 +75,7 @@
</h2>
[% END %]
[% search_description %]
[% search_description | none %]
<hr />

10
template/en/default/pages/attach-multiple.html.tmpl
View File

@ -1,5 +1,7 @@
[%# Author: Vitaliy Filippov <vitalif@mail.ru>
# License: MPL 1.1 %]
[%# Attach multiple files to a bug
# License: Dual-license GPL 3.0+ or MPL 1.1+
# Author: Vitaliy Filippov <vitalif@mail.ru>
%]
<html><body>
@ -16,8 +18,8 @@
<td style="width: 1px; display: none" id="del_XXX"><input class="button" type="button" onclick="att_file_clear('data_XXX')" value="clear" /></td>
[% END %]
[% IF Bugzilla.cgi.param('bug_id') %]
<h3>Create Multiple Attachments to [% terms.Bug %] [%+ 0+Bugzilla.cgi.param('bug_id') %]</h3>
[% IF Bugzilla.input_params.bug_id %]
<h3>Create Multiple Attachments to [% terms.Bug %] [%+ 0+Bugzilla.input_params.bug_id %]</h3>
[% SET s = "Save Changes" %]
[% ELSE %]
[% SET s = "Submit Bug" %]

2
template/en/default/search/form.html.tmpl
View File

@ -135,7 +135,7 @@
<tr id="[% field.name %]_cont">
<th align="right">
<label for="[% field.name %]"
accesskey="[% tf_accesskey.${field.name} %]">[% tf_desc.${field.name} || field.description %]</label>:
accesskey="[% tf_accesskey.${field.name} %]">[% tf_desc.${field.name} || field.description | html %]</label>:
</th>
<td>
[% t = field.name _ '_type' %]

2
template/en/default/worktime/supertime.html.tmpl
View File

@ -106,7 +106,7 @@
На дату: <input type="text" name="worktime_date" value="[% worktime_date | html %]" /> <span style="color: #aaa">(YYYY-MM-DD HH:MM:SS)</span> &nbsp;
За пользователя:
<input type="hidden" name="worktime_user" id="worktime_user_real" value="" />
<input type="text" id="worktime_user" value="[% worktime_user || html %]"
<input type="text" id="worktime_user" value="[% worktime_user | html %]"
onfocus="wt_user_focus()" onblur="wt_user_blur()" /> &nbsp;
[% ELSE %]
На дату: <b>[% worktime_date | html %]</b> &nbsp;

2
template/en/default/worktime/todaybugs.html.tmpl
View File

@ -61,7 +61,7 @@
[% FOREACH bug = bugs %]
[% parity = (parity+1) % 3 %]
<tr class="row[% bug.priority_obj.name %]">
<tr class="row[% bug.priority_obj.name | html %]">
<td class="first-child" align="right">
[% bug.bug_id FILTER bug_link(bug.bug_id) %]
</td>