Fix html filter errors, adjust 008filter.t
parent
d693f13578
commit
423d30757f
|
@ -276,7 +276,7 @@ if ($cloned_bug_id)
|
|||
# the first comment, if it has one. Either way, make a note
|
||||
# that this bug was cloned from another bug.
|
||||
|
||||
my $cloned_comment = $ARGS->{cloned_comment} || 0;
|
||||
my $cloned_comment = int($ARGS->{cloned_comment}) || 0;
|
||||
my $bug_desc = $cloned_bug->comments({ order => 'oldest_to_newest' });
|
||||
my ($comment_obj) = grep { $_->{count} == $cloned_comment } @$bug_desc;
|
||||
$comment_obj ||= $bug_desc->[0];
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
# This test scans all our templates for every directive. Having eliminated
|
||||
# those which cannot possibly cause XSS problems, it then checks the rest
|
||||
# against the safe list stored in the filterexceptions.pl file.
|
||||
# against the safe list stored in the filterexceptions.pl file.
|
||||
|
||||
# Sample exploit code: '>"><script>alert('Oh dear...')</script>
|
||||
|
||||
|
@ -54,12 +54,12 @@ foreach my $path (@Support::Templates::include_paths) {
|
|||
chdir $topdir; # absolute path
|
||||
my @testitems = Support::Templates::find_actual_files($path);
|
||||
chdir $topdir; # absolute path
|
||||
|
||||
|
||||
next unless @testitems;
|
||||
|
||||
|
||||
# Some people require this, others don't. No-one knows why.
|
||||
chdir $path; # relative path
|
||||
|
||||
|
||||
# We load a %safe list of acceptable exceptions.
|
||||
if (!-r "filterexceptions.pl") {
|
||||
ok(0, "$path has templates but no filterexceptions.pl file. --ERROR");
|
||||
|
@ -68,7 +68,7 @@ foreach my $path (@Support::Templates::include_paths) {
|
|||
else {
|
||||
do "filterexceptions.pl";
|
||||
if (ON_WINDOWS) {
|
||||
# filterexceptions.pl uses / separated paths, while
|
||||
# filterexceptions.pl uses / separated paths, while
|
||||
# find_actual_files returns \ separated ones on Windows.
|
||||
# Here, we convert the filter exception hash to use \.
|
||||
foreach my $file (keys %safe) {
|
||||
|
@ -81,15 +81,15 @@ foreach my $path (@Support::Templates::include_paths) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# We preprocess the %safe hash of lists into a hash of hashes. This allows
|
||||
# us to flag which members were not found, and report that as a warning,
|
||||
# us to flag which members were not found, and report that as a warning,
|
||||
# thereby keeping the lists clean.
|
||||
foreach my $file (keys %safe) {
|
||||
my $list = $safe{$file};
|
||||
$safe{$file} = {};
|
||||
foreach my $directive (@$list) {
|
||||
$safe{$file}{$directive} = 0;
|
||||
$safe{$file}{$directive} = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -100,9 +100,9 @@ foreach my $path (@Support::Templates::include_paths) {
|
|||
ok(1, "($lang/$flavor) $file is filter-safe");
|
||||
next;
|
||||
}
|
||||
|
||||
|
||||
# Read the entire file into a string
|
||||
open (FILE, "<$file") || die "Can't open $file: $!\n";
|
||||
open (FILE, "<$file") || die "Can't open $file: $!\n";
|
||||
my $slurp = <FILE>;
|
||||
close (FILE);
|
||||
|
||||
|
@ -119,29 +119,30 @@ foreach my $path (@Support::Templates::include_paths) {
|
|||
if (!directive_ok($file, $directive)) {
|
||||
|
||||
# This intentionally makes no effort to eliminate duplicates; to do
|
||||
# so would merely make it more likely that the user would not
|
||||
# so would merely make it more likely that the user would not
|
||||
# escape all instances when attempting to correct an error.
|
||||
push(@unfiltered, "$lineno:$directive");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
my $fullpath = File::Spec->catfile($path, $file);
|
||||
|
||||
|
||||
if (@unfiltered) {
|
||||
my $uflist = join("\n ", @unfiltered);
|
||||
ok(0, "($lang/$flavor) $fullpath has unfiltered directives:\n $uflist\n--ERROR");
|
||||
ok(0, "($lang/$flavor) $fullpath has unfiltered directives");
|
||||
diag(" -- ERRORS: --\n $uflist\n");
|
||||
}
|
||||
else {
|
||||
# Find any members of the exclusion list which were not found
|
||||
my @notfound;
|
||||
foreach my $directive (keys %{$safe{$file}}) {
|
||||
push(@notfound, $directive) if ($safe{$file}{$directive} == 0);
|
||||
push(@notfound, $directive) if ($safe{$file}{$directive} == 0);
|
||||
}
|
||||
|
||||
if (@notfound) {
|
||||
my $nflist = join("\n ", @notfound);
|
||||
ok(0, "($lang/$flavor) $fullpath - filterexceptions.pl has extra members:\n $nflist\n" .
|
||||
"--WARNING");
|
||||
ok(0, "($lang/$flavor) $fullpath - filterexceptions.pl has extra members");
|
||||
diag(" -- WARNING: --\n $nflist\n");
|
||||
}
|
||||
else {
|
||||
# Don't use the full path here - it's too long and unwieldy.
|
||||
|
@ -155,17 +156,17 @@ sub directive_ok {
|
|||
my ($file, $directive) = @_;
|
||||
|
||||
# Comments
|
||||
return 1 if $directive =~ /^[+-]?#/;
|
||||
return 1 if $directive =~ /^[+-]?#/s;
|
||||
|
||||
# Remove any leading/trailing + or - and whitespace.
|
||||
$directive =~ s/^[+-]?\s*//;
|
||||
$directive =~ s/\s*[+-]?$//;
|
||||
$directive =~ s/^[+-]?\s*//s;
|
||||
$directive =~ s/\s*[+-]?$//s;
|
||||
|
||||
# Empty directives are ok; they are usually line break helpers
|
||||
return 1 if $directive eq '';
|
||||
|
||||
# Make sure we're not looking for ./ in the $safe hash
|
||||
$file =~ s#^\./##;
|
||||
$file =~ s#^\./##s;
|
||||
|
||||
# Exclude those on the nofilter list
|
||||
if (defined($safe{$file}{$directive})) {
|
||||
|
@ -174,7 +175,7 @@ sub directive_ok {
|
|||
};
|
||||
|
||||
# Directives
|
||||
return 1 if $directive =~ /^(IF|END|UNLESS|FOREACH|PROCESS|INCLUDE|
|
||||
return 1 if $directive =~ /^(IF|END|UNLESS|FOR|PROCESS|INCLUDE|
|
||||
BLOCK|USE|ELSE|NEXT|LAST|DEFAULT|FLUSH|
|
||||
ELSIF|SET|SWITCH|CASE|WHILE|RETURN|STOP|
|
||||
TRY|CATCH|FINAL|THROW|CLEAR|MACRO|FILTER)/x;
|
||||
|
@ -185,45 +186,47 @@ sub directive_ok {
|
|||
}
|
||||
|
||||
# + - * /
|
||||
return 1 if $directive =~ /[+\-*\/]/;
|
||||
return 1 if $directive =~ /[+\-*\/]/s;
|
||||
|
||||
# Numbers
|
||||
return 1 if $directive =~ /^[0-9]+$/;
|
||||
return 1 if $directive =~ /^[0-9]+$/s;
|
||||
|
||||
# Simple assignments
|
||||
return 1 if $directive =~ /^[\w\.\$\{\}]+\s+=\s+/;
|
||||
return 1 if $directive =~ /^[\w\.\$\{\}]+\s*=/s;
|
||||
|
||||
# Conditional literals with either sort of quotes
|
||||
# Conditional literals with either sort of quotes
|
||||
# There must be no $ in the string for it to be a literal
|
||||
return 1 if $directive =~ /^(["'])[^\$]*[^\\]\1/;
|
||||
return 1 if $directive =~ /^(["'])\1/;
|
||||
return 1 if $directive =~ /^(["'])[^\$]*[^\\]\1/s;
|
||||
return 1 if $directive =~ /^(["'])\1/s;
|
||||
|
||||
# Special values always used for numbers
|
||||
return 1 if $directive =~ /^[ijkn]$/;
|
||||
return 1 if $directive =~ /^count$/;
|
||||
|
||||
# Params
|
||||
return 1 if $directive =~ /^Param\(/;
|
||||
|
||||
# Hooks
|
||||
return 1 if $directive =~ /^Hook.process\(/;
|
||||
return 1 if $directive =~ /^[ijkn]$/s;
|
||||
return 1 if $directive =~ /^count$/s;
|
||||
return 1 if $directive =~ /\.id$/s;
|
||||
return 1 if $directive =~ /(^|\.)bug_id$/s;
|
||||
|
||||
# Other functions guaranteed to return OK output
|
||||
return 1 if $directive =~ /^(time2str|url)\(/;
|
||||
# Params
|
||||
return 1 if $directive =~ /^Param\(.*\)$/s;
|
||||
|
||||
# Hooks
|
||||
return 1 if $directive =~ /^Hook.process\(.*\)$/s;
|
||||
|
||||
# Other functions guaranteed to return safe output
|
||||
return 1 if $directive =~ /^(time2str|url|html_select|json|L)\(.*\)$/s;
|
||||
|
||||
# Safe Template Toolkit virtual methods
|
||||
return 1 if $directive =~ /\.(length$|size$|push\(|unshift\(|delete\()/;
|
||||
return 1 if $directive =~ /\.(length$|size$|(push|unshift|delete)\(.*\)$)/s;
|
||||
|
||||
# Special Template Toolkit loop variable
|
||||
return 1 if $directive =~ /^loop\.(index|count)$/;
|
||||
|
||||
# Branding terms
|
||||
return 1 if $directive =~ /^terms\./;
|
||||
|
||||
return 1 if $directive =~ /^loop\.(index|count)$/s;
|
||||
|
||||
# Branding terms, constants
|
||||
return 1 if $directive =~ /^(terms|constants)\.\w+$/s;
|
||||
|
||||
# Things which are already filtered
|
||||
# Note: If a single directive prints two things, and only one is
|
||||
# Note: If a single directive prints two things, and only one is
|
||||
# filtered, we may not catch that case.
|
||||
return 1 if $directive =~ /FILTER\ (html|csv|js|base64|url_quote|css_class_quote|
|
||||
return 1 if $directive =~ /(FILTER|[^\|]\|)\s*(html|csv|js|base64|url_quote|css_class_quote|
|
||||
ics|quoteUrls|time|uri|xml|lower|html_light|
|
||||
obsolete|inactive|closed|unitconvert|
|
||||
txt|none)\b/x;
|
||||
|
|
|
@ -175,7 +175,7 @@
|
|||
[% BLOCK is_tweakable_values %]
|
||||
[% IF row.can_tweak('value_field_id') || row.value_field_id %]
|
||||
[% IF row.can_tweak('value_field_id') %]<abbr title="[% tweaks.value_field_id %]" style="color: blue">[% END %]
|
||||
per-[% row.value_field && row.value_field.description || 'any' %]
|
||||
per-[% row.value_field && row.value_field.description || 'any' | html %]
|
||||
[% IF row.can_tweak('value_field_id') %]</abbr>[% END %]
|
||||
[% END %]
|
||||
[% END %]
|
||||
|
@ -183,7 +183,7 @@
|
|||
[% BLOCK is_tweakable_visible %]
|
||||
[% IF row.can_tweak('visibility_field_id') || row.visibility_field_id %]
|
||||
[% IF row.can_tweak('visibility_field_id') %]<abbr title="[% tweaks.visibility_field_id %]" style="color: blue">[% END %]
|
||||
per-[% row.visibility_field && row.visibility_field.description || 'any' %]
|
||||
per-[% row.visibility_field && row.visibility_field.description || 'any' | html %]
|
||||
[% IF row.can_tweak('visibility_field_id') %]</abbr>[% END %]
|
||||
[% END %]
|
||||
[% END %]
|
||||
|
|
|
@ -14,13 +14,13 @@
|
|||
[% IF !mode_add %]
|
||||
<table class="editemin">
|
||||
<tr><th>Field</th><th>Value</th><th></th></tr>
|
||||
[% FOR f IN fields %]
|
||||
[% FOR f = fields %]
|
||||
[% IF la != f.address %]
|
||||
<tr><th colspan="3"><b>[% f.address %]</b> (<a href="?add=1&email=[% f.address FILTER html %]">add a field value for this address</a>)</th></tr>
|
||||
<tr><th colspan="3"><b>[% f.address | html %]</b> (<a href="?add=1&email=[% f.address FILTER html %]">add a field value for this address</a>)</th></tr>
|
||||
[% SET la = f.address %]
|
||||
[% END %]
|
||||
<tr>
|
||||
<td>[% field_descs.${f.field} %]: </td>
|
||||
<td>[% field_descs.${f.field} | html %]: </td>
|
||||
<td><input style="width: 250px" type="text" name="f_[% f.address FILTER html %]_[% f.field FILTER html %]" value="[% f.value FILTER html %]" /></td>
|
||||
<td><input type="checkbox" name="del_[% f.address FILTER html %]_[% f.field FILTER html %]" value="1" id="del_[% f.address FILTER html %]_[% f.field FILTER html %]" /> <label for="del_[% f.address FILTER html %]_[% f.field FILTER html %]">delete</label></td>
|
||||
</tr>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
[% PROCESS global/header.html.tmpl %]
|
||||
|
||||
<h3>[% title %]</h3>
|
||||
<h3>[% title | none %]</h3>
|
||||
|
||||
<form action="editvisibility.cgi?field=[% field.name | html %]&visibility_value_id=[% visibility_value.id %]" method="POST">
|
||||
<input type="hidden" name="token" value="[% token | html %]" />
|
||||
|
|
|
@ -77,7 +77,7 @@ Select value for the '[% field.description | html %]' ([% field.name | html %])
|
|||
<h3>Values for the '[% field.description | html %]' ([% field.name | html %]) field</h3>
|
||||
|
||||
[% IF field.name == "component" || field.name == "version" || field.name == "target_milestone" || field.name == "product" %]
|
||||
<p>[% field.description %]s must be edited from a product page. <a href="editproducts.cgi">Select a product</a> first.</p>
|
||||
<p>[% field.description | html %]s must be edited from a product page. <a href="editproducts.cgi">Select a product</a> first.</p>
|
||||
[% ELSE %]
|
||||
[% PROCESS admin/table.html.tmpl
|
||||
columns = columns
|
||||
|
|
|
@ -97,7 +97,7 @@
|
|||
at least by testing it and <a href="http://github.com/vitalif/bugzilla-4intranet/issues">filing bugs</a>!
|
||||
</div>
|
||||
|
||||
<h3>[% current_panel.desc %]</h3>
|
||||
<h3>[% current_panel.desc | none %]</h3>
|
||||
|
||||
<p>
|
||||
This lets you edit the basic operating parameters of [% terms.Bugzilla %].
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<tbody>
|
||||
[% FOREACH user = user_list %]
|
||||
<tr>
|
||||
<td>[% user.1 %]</td><td>[% user.2 %]</td>
|
||||
<td>[% user.1 | html %]</td><td>[% user.2 | html %]</td>
|
||||
</tr>
|
||||
[% END %]
|
||||
</tbody>
|
||||
|
|
|
@ -119,7 +119,7 @@ var close_status_array = [
|
|||
<td style="padding-bottom: 0">
|
||||
[% defaultcontent = BLOCK %]
|
||||
[% IF cloned_bug_id %]
|
||||
+++ This [% terms.bug %] was initially created as a clone of [% terms.Bug %] #[% cloned_bug_id %][% IF cloned_comment %] comment [% cloned_comment %][% END %] +++
|
||||
+++ This [% terms.bug %] was initially created as a clone of [% terms.Bug %] #[% cloned_bug_id %][% IF cloned_comment %] comment [% cloned_comment | html %][% END %] +++
|
||||
|
||||
|
||||
[% END %]
|
||||
|
|
|
@ -408,7 +408,7 @@ document.changeform = document.[% cfname %];
|
|||
%]
|
||||
<br>
|
||||
<input type="checkbox" id="set_default_qa_contact" name="set_default_qa_contact" value="1">
|
||||
<label for="set_default_qa_contact" id="set_default_qa_contact_label">Reset QA Contact to default ([% bug.component_obj.default_qa_contact.login %])</label>
|
||||
<label for="set_default_qa_contact" id="set_default_qa_contact_label">Reset QA Contact to default ([% bug.component_obj.default_qa_contact.login | html %])</label>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
[% IF bug.qa_contact != "" %]
|
||||
|
|
|
@ -91,14 +91,14 @@ function onchange_bug_status()
|
|||
showHideStatusItems('[% "is_duplicate" IF bug.dup_id %]', '[% bug.bug_status_obj.name | js %]');
|
||||
var s = document.getElementById('bug_status');
|
||||
[%# FIXME Remove hardcode bug_status==ASSIGNED => assign to self, bug_status==VERIFIED => qa to self %]
|
||||
if (s.value == "ASSIGNED" && document.changeform.assigned_to.value != "[% user.login %]")
|
||||
if (s.value == "ASSIGNED" && document.changeform.assigned_to.value != "[% user.login | js %]")
|
||||
{
|
||||
document.changeform.assigned_to.value = "[% user.login %]";
|
||||
document.changeform.assigned_to.value = "[% user.login | js %]";
|
||||
showEditableField("bz_assignee_edit_action", [ 'bz_assignee_edit_container', 'bz_assignee_input' ]);
|
||||
}
|
||||
else if (s.value == "VERIFIED" && document.changeform.qa_contact.value != "[% user.login %]")
|
||||
else if (s.value == "VERIFIED" && document.changeform.qa_contact.value != "[% user.login | js %]")
|
||||
{
|
||||
document.changeform.qa_contact.value = "[% user.login %]";
|
||||
document.changeform.qa_contact.value = "[% user.login | js %]";
|
||||
showEditableField("bz_qa_contact_edit_action", [ 'bz_qa_contact_edit_container', 'bz_qa_contact_input' ]);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,10 +23,10 @@
|
|||
[% FOREACH flag = verify_flags %]
|
||||
<tr>
|
||||
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
|
||||
[% flag.setter.login %] ( [% flag.setter.name %] )
|
||||
[% flag.setter.login | html %] ( [% flag.setter.name | html %] )
|
||||
</td>
|
||||
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
|
||||
"[% flag.type.description %]"
|
||||
"[% flag.type.description | html %]"
|
||||
</td>
|
||||
<td style="border-width: 0 0 1px 0; border-style: solid; border-color: gray">
|
||||
[% ARGS.${"requestee-$flag.id"}.join(', ') %]
|
||||
|
|
|
@ -40,31 +40,19 @@
|
|||
|
||||
'whine/schedule.html.tmpl' => [
|
||||
'event.key',
|
||||
'query.id',
|
||||
'query.sort',
|
||||
'schedule.id',
|
||||
'option.0',
|
||||
'option.1',
|
||||
],
|
||||
|
||||
'whine/mail.html.tmpl' => [
|
||||
'bug.bug_id',
|
||||
],
|
||||
|
||||
'flag/list.html.tmpl' => [
|
||||
'flag.id',
|
||||
'flag.status',
|
||||
'type.id',
|
||||
],
|
||||
|
||||
'search/boolean-charts.html.tmpl' => [
|
||||
'"field${chartnum}-${rownum}-${colnum}"',
|
||||
'"value${chartnum}-${rownum}-${colnum}"',
|
||||
'field.name',
|
||||
'"${chartnum}-${rownum}-${newor}"',
|
||||
'"${chartnum}-${newand}-0"',
|
||||
'newchart',
|
||||
'jsmagic',
|
||||
'C',
|
||||
'I',
|
||||
'J',
|
||||
],
|
||||
|
||||
'search/form.html.tmpl' => [
|
||||
|
@ -88,7 +76,6 @@
|
|||
'column_headers.$group_field',
|
||||
'column_headers.$column',
|
||||
'request.status',
|
||||
'request.bug_id',
|
||||
'request.attach_id',
|
||||
],
|
||||
|
||||
|
@ -155,32 +142,20 @@
|
|||
'default.series_id',
|
||||
],
|
||||
|
||||
'list/edit-multiple.html.tmpl' => [
|
||||
'group.id',
|
||||
'menuname',
|
||||
],
|
||||
|
||||
'list/list.rdf.tmpl' => [
|
||||
'template_version',
|
||||
'bug.bug_id',
|
||||
'column',
|
||||
],
|
||||
|
||||
'list/table.html.tmpl' => [
|
||||
'tableheader',
|
||||
'bug.bug_id',
|
||||
'abbrev.$id.title || field_descs.$id || column.title',
|
||||
],
|
||||
|
||||
'list/list.csv.tmpl' => [
|
||||
'bug.bug_id',
|
||||
'colsepchar',
|
||||
],
|
||||
|
||||
'list/list.js.tmpl' => [
|
||||
'bug.bug_id',
|
||||
],
|
||||
|
||||
'global/choose-product.html.tmpl' => [
|
||||
'target',
|
||||
],
|
||||
|
@ -223,15 +198,9 @@
|
|||
],
|
||||
|
||||
'global/site-navigation.html.tmpl' => [
|
||||
'bug.bug_id',
|
||||
'bug.votes',
|
||||
],
|
||||
|
||||
'bug/comments.html.tmpl' => [
|
||||
'comment.id',
|
||||
'bug.bug_id',
|
||||
],
|
||||
|
||||
'bug/dependency-graph.html.tmpl' => [
|
||||
'image_map', # We need to continue to make sure this is safe in the CGI
|
||||
'image_url',
|
||||
|
@ -254,7 +223,6 @@
|
|||
'bug.deadline',
|
||||
'bug.remaining_time',
|
||||
'bug.delta_ts',
|
||||
'bug.bug_id',
|
||||
'bug.votes',
|
||||
'group.bit',
|
||||
'dep.title',
|
||||
|
@ -270,17 +238,10 @@
|
|||
],
|
||||
|
||||
'bug/show-multiple.html.tmpl' => [
|
||||
'attachment.id',
|
||||
'flag.status',
|
||||
],
|
||||
|
||||
'bug/show.html.tmpl' => [
|
||||
'bug.bug_id',
|
||||
],
|
||||
|
||||
'bug/show.xml.tmpl' => [
|
||||
'constants.BUGZILLA_VERSION',
|
||||
'a.id',
|
||||
'field',
|
||||
],
|
||||
|
||||
|
@ -299,8 +260,6 @@
|
|||
'bug/time.html.tmpl' => [
|
||||
'time_unit FILTER format(\'%.1f\')',
|
||||
'time_unit FILTER format(\'%.2f\')',
|
||||
'(act / (act + rem)) * 100
|
||||
FILTER format("%d")',
|
||||
],
|
||||
|
||||
'bug/votes/list-for-bug.html.tmpl' => [
|
||||
|
@ -310,7 +269,6 @@
|
|||
|
||||
'bug/votes/list-for-user.html.tmpl' => [
|
||||
'product.maxperbug',
|
||||
'bug.id',
|
||||
'bug.count',
|
||||
'product.total',
|
||||
'product.maxvotes',
|
||||
|
@ -339,31 +297,18 @@
|
|||
'change.attachid',
|
||||
],
|
||||
|
||||
'attachment/create.html.tmpl' => [
|
||||
'bug.bug_id',
|
||||
'attachment.id',
|
||||
],
|
||||
|
||||
'attachment/edit.html.tmpl' => [
|
||||
'attachment.id',
|
||||
'attachment.bug_id',
|
||||
'a',
|
||||
'editable_or_hide',
|
||||
],
|
||||
|
||||
'attachment/list.html.tmpl' => [
|
||||
'attachment.id',
|
||||
'flag.status',
|
||||
'bugid',
|
||||
'obsolete_attachments',
|
||||
],
|
||||
|
||||
'attachment/midair.html.tmpl' => [
|
||||
'attachment.id',
|
||||
],
|
||||
|
||||
'attachment/show-multiple.html.tmpl' => [
|
||||
'a.id',
|
||||
'flag.status'
|
||||
],
|
||||
|
||||
|
@ -373,7 +318,6 @@
|
|||
'bugid',
|
||||
'oldid',
|
||||
'newid',
|
||||
'patch.id',
|
||||
],
|
||||
|
||||
'attachment/diff-file.html.tmpl' => [
|
||||
|
@ -395,11 +339,6 @@
|
|||
'link_uri'
|
||||
],
|
||||
|
||||
'admin/custom_fields/cf-js.js.tmpl' => [
|
||||
'constants.FIELD_TYPE_SINGLE_SELECT',
|
||||
'constants.FIELD_TYPE_MULTI_SELECT',
|
||||
],
|
||||
|
||||
'admin/params/common.html.tmpl' => [
|
||||
'sortlist_separator',
|
||||
],
|
||||
|
@ -408,14 +347,6 @@
|
|||
'group.count',
|
||||
],
|
||||
|
||||
'admin/products/groupcontrol/edit.html.tmpl' => [
|
||||
'group.id',
|
||||
'constants.CONTROLMAPNA',
|
||||
'constants.CONTROLMAPSHOWN',
|
||||
'constants.CONTROLMAPDEFAULT',
|
||||
'constants.CONTROLMAPMANDATORY',
|
||||
],
|
||||
|
||||
'admin/products/list.html.tmpl' => [
|
||||
'classification_url_part',
|
||||
],
|
||||
|
@ -427,12 +358,10 @@
|
|||
|
||||
'admin/flag-type/confirm-delete.html.tmpl' => [
|
||||
'flag_type.flag_count',
|
||||
'flag_type.id',
|
||||
],
|
||||
|
||||
'admin/flag-type/edit.html.tmpl' => [
|
||||
'action',
|
||||
'type.id',
|
||||
'type.target_type',
|
||||
'type.sortkey || 1',
|
||||
'typeLabelLowerPlural',
|
||||
|
@ -440,10 +369,6 @@
|
|||
'selname',
|
||||
],
|
||||
|
||||
'admin/flag-type/list.html.tmpl' => [
|
||||
'type.id',
|
||||
],
|
||||
|
||||
'admin/components/confirm-delete.html.tmpl' => [
|
||||
'comp.bug_count'
|
||||
],
|
||||
|
@ -468,35 +393,17 @@
|
|||
'watch.watcher',
|
||||
'whine_events',
|
||||
'whine_schedules',
|
||||
'otheruser.id'
|
||||
],
|
||||
|
||||
'admin/users/edit.html.tmpl' => [
|
||||
'otheruser.id',
|
||||
'group.id',
|
||||
],
|
||||
|
||||
'admin/components/edit.html.tmpl' => [
|
||||
'comp.bug_count'
|
||||
],
|
||||
|
||||
'admin/workflow/edit.html.tmpl' => [
|
||||
'status.id',
|
||||
'new_status.id',
|
||||
],
|
||||
|
||||
'admin/workflow/comment.html.tmpl' => [
|
||||
'status.id',
|
||||
'new_status.id',
|
||||
],
|
||||
|
||||
'account/auth/login-small.html.tmpl' => [
|
||||
'qs_suffix',
|
||||
],
|
||||
|
||||
'account/prefs/email.html.tmpl' => [
|
||||
'relationship.id',
|
||||
'event.id',
|
||||
'prefname',
|
||||
],
|
||||
|
||||
|
@ -505,10 +412,6 @@
|
|||
'current_tab.name',
|
||||
],
|
||||
|
||||
'account/prefs/saved-searches.html.tmpl' => [
|
||||
'group.id',
|
||||
],
|
||||
|
||||
'config.rdf.tmpl' => [
|
||||
'escaped_urlbase',
|
||||
],
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
<table class="choose_product">
|
||||
|
||||
<tr class="all">
|
||||
<th><a href="[% target %]?[% query_params | html %]classification=__all">All</a></th>
|
||||
<th><a href="[% target | html %]?[% query_params | html %]classification=__all">All</a></th>
|
||||
<td valign="top">Show all products</td>
|
||||
</tr>
|
||||
<tr class="all"><td colspan="2"><hr /></td></tr>
|
||||
|
@ -46,7 +46,7 @@
|
|||
<tbody>
|
||||
[% FOREACH class = classifications %]
|
||||
<tr>
|
||||
<th><a href="[% target %]?[% query_params | html %]classification=[% class.name | url_quote -%]">[% class.name | html %]</a></th>
|
||||
<th><a href="[% target | html %]?[% query_params | html %]classification=[% class.name | url_quote -%]">[% class.name | html %]</a></th>
|
||||
<td>[% class.description | html_light %]</td>
|
||||
</tr>
|
||||
[% END %]
|
||||
|
|
|
@ -1071,7 +1071,7 @@
|
|||
ELSE;
|
||||
message = Hook.process('messages');
|
||||
END %]
|
||||
[% message %]
|
||||
[% message | none %]
|
||||
[%# Give sensible error if a message is unknown. %]
|
||||
[% IF !message %]
|
||||
Message '[% message_tag | html %]' is unknown.<br />
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
[% IF error_message.match('^\s*<[a-z]') %]
|
||||
<div class="user-error-div-first" id="error_msg">
|
||||
[% error_message %]
|
||||
[% error_message | none %]
|
||||
[% ELSE %]
|
||||
<div class="user-error-div-first">
|
||||
<p style="margin-top: 0; margin-bottom: 0" id="error_msg">[% error_message.replace("\n\n", "</p><p style='margin-bottom: 0'>") FILTER none %]</p>
|
||||
|
|
|
@ -248,7 +248,7 @@
|
|||
[% title = "Access Denied" %]
|
||||
[% admindocslinks = {'groups.html' => 'Group Security'} %]
|
||||
You are not authorized to access [% terms.bug %] #[% bug_id FILTER html %]
|
||||
[%- IF product AND Param('unauth_bug_details') %] in the [% product %] product[% END %].
|
||||
[%- IF product AND Param('unauth_bug_details') %] in the [% product | html %] product[% END %].
|
||||
[% END %]
|
||||
|
||||
[% BLOCK error_bug_access_query %]
|
||||
|
@ -303,7 +303,7 @@
|
|||
|
||||
[% BLOCK error_cc_group_restriction %]
|
||||
[% title = "CC Group Restriction" %]
|
||||
User [% user %] is restricted to watch this bug.
|
||||
User [% user | html %] is restricted to watch this bug.
|
||||
[% END %]
|
||||
|
||||
[% BLOCK error_chart_too_large %]
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
[%# 1.0@bugzilla.org %]
|
||||
[%# Activity & comments RSS feed
|
||||
# License: Dual-license MPL 1.1+ or GPL 3.0+
|
||||
# Author(s): Vitaliy Filippov <vitalif@mail.ru> %]
|
||||
[% USE date %]
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<?xml-stylesheet type="text/xsl" href="[% Param('urlbase') %]skins/standard/feed.xsl"?>
|
||||
|
@ -19,10 +21,10 @@
|
|||
<description><![CDATA[
|
||||
[% IF buginfo > 0 %]
|
||||
<table class="bug-info"><tr>
|
||||
<td>[% evt.bug_id %]</td><td>[% evt.product %]/[% evt.component %]</td><td>[% evt.bug_severity %]</td><td>[% evt.bug_status %]</td>
|
||||
<td>[% evt.bug_id %]</td><td>[% evt.product | html %]/[% evt.component | html %]</td><td>[% evt.bug_severity | html %]</td><td>[% evt.bug_status | html %]</td>
|
||||
</tr></table>
|
||||
[% END %]
|
||||
<div class="item-signature"><a href="[% Param("user_mailto") %][% evt.login_name %]">[% evt.realname FILTER html %]</a></div>
|
||||
<div class="item-signature"><a href="[% Param("user_mailto") %][% evt.login_name | html %]">[% evt.realname FILTER html %]</a></div>
|
||||
[% IF evt.thetext %]
|
||||
<pre>
|
||||
[% evt.thetext FILTER quoteUrls FILTER wrap_comment FILTER absolute_uris %]
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
</h2>
|
||||
[% END %]
|
||||
|
||||
[% search_description %]
|
||||
[% search_description | none %]
|
||||
|
||||
<hr />
|
||||
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
[%# Author: Vitaliy Filippov <vitalif@mail.ru>
|
||||
# License: MPL 1.1 %]
|
||||
[%# Attach multiple files to a bug
|
||||
# License: Dual-license GPL 3.0+ or MPL 1.1+
|
||||
# Author: Vitaliy Filippov <vitalif@mail.ru>
|
||||
%]
|
||||
|
||||
<html><body>
|
||||
|
||||
|
@ -16,8 +18,8 @@
|
|||
<td style="width: 1px; display: none" id="del_XXX"><input class="button" type="button" onclick="att_file_clear('data_XXX')" value="clear" /></td>
|
||||
[% END %]
|
||||
|
||||
[% IF Bugzilla.cgi.param('bug_id') %]
|
||||
<h3>Create Multiple Attachments to [% terms.Bug %] [%+ 0+Bugzilla.cgi.param('bug_id') %]</h3>
|
||||
[% IF Bugzilla.input_params.bug_id %]
|
||||
<h3>Create Multiple Attachments to [% terms.Bug %] [%+ 0+Bugzilla.input_params.bug_id %]</h3>
|
||||
[% SET s = "Save Changes" %]
|
||||
[% ELSE %]
|
||||
[% SET s = "Submit Bug" %]
|
||||
|
|
|
@ -135,7 +135,7 @@
|
|||
<tr id="[% field.name %]_cont">
|
||||
<th align="right">
|
||||
<label for="[% field.name %]"
|
||||
accesskey="[% tf_accesskey.${field.name} %]">[% tf_desc.${field.name} || field.description %]</label>:
|
||||
accesskey="[% tf_accesskey.${field.name} %]">[% tf_desc.${field.name} || field.description | html %]</label>:
|
||||
</th>
|
||||
<td>
|
||||
[% t = field.name _ '_type' %]
|
||||
|
|
|
@ -106,7 +106,7 @@
|
|||
На дату: <input type="text" name="worktime_date" value="[% worktime_date | html %]" /> <span style="color: #aaa">(YYYY-MM-DD HH:MM:SS)</span>
|
||||
За пользователя:
|
||||
<input type="hidden" name="worktime_user" id="worktime_user_real" value="" />
|
||||
<input type="text" id="worktime_user" value="[% worktime_user || html %]"
|
||||
<input type="text" id="worktime_user" value="[% worktime_user | html %]"
|
||||
onfocus="wt_user_focus()" onblur="wt_user_blur()" />
|
||||
[% ELSE %]
|
||||
На дату: <b>[% worktime_date | html %]</b>
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
|
||||
[% FOREACH bug = bugs %]
|
||||
[% parity = (parity+1) % 3 %]
|
||||
<tr class="row[% bug.priority_obj.name %]">
|
||||
<tr class="row[% bug.priority_obj.name | html %]">
|
||||
<td class="first-child" align="right">
|
||||
[% bug.bug_id FILTER bug_link(bug.bug_id) %]
|
||||
</td>
|
||||
|
|
Loading…
Reference in New Issue