97 lines
3.8 KiB
Cheetah
97 lines
3.8 KiB
Cheetah
[%# The contents of this file are subject to the Mozilla Public
|
|
# License Version 1.1 (the "License"); you may not use this file
|
|
# except in compliance with the License. You may obtain a copy of
|
|
# the License at http://www.mozilla.org/MPL/
|
|
#
|
|
# Software distributed under the License is distributed on an "AS
|
|
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
# implied. See the License for the specific language governing
|
|
# rights and limitations under the License.
|
|
#
|
|
# The Original Code is the Bugzilla Bug Tracking System.
|
|
#
|
|
# The Initial Developer of the Original Code is Frédéric Buclin.
|
|
#
|
|
# Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
|
|
#%]
|
|
|
|
[%# INTERFACE:
|
|
# abuser: identity of the user who created the (invalid?) token.
|
|
# token_action: the action the token was supposed to serve.
|
|
# expected_action: the action the user was going to do.
|
|
# script_name: the script generating this warning.
|
|
# alternate_script: the suggested script to redirect the user to
|
|
# if he declines submission.
|
|
#%]
|
|
|
|
[% PROCESS global/header.html.tmpl title = "Suspicious Action"
|
|
style_urls = ['skins/standard/global.css'] %]
|
|
|
|
[% IF abuser %]
|
|
<div class="throw_error">
|
|
<p>When you view an administrative form in [% terms.Bugzilla %], a token string
|
|
is randomly generated and stored both in the database and in the form you loaded,
|
|
to make sure that the requested changes are being made as a result of submitting
|
|
a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
|
|
is incorrect, meaning that it looks like you didn't come from the right page.
|
|
The following token has been used :</p>
|
|
|
|
<table border="0" cellpadding="5" cellspacing="0">
|
|
[% IF token_action != expected_action %]
|
|
<tr>
|
|
<th>Action stored:</th>
|
|
<td>[% token_action FILTER html %]</td>
|
|
</tr>
|
|
<tr>
|
|
<th> </th>
|
|
<td>
|
|
This action doesn't match the one expected ([% expected_action FILTER html %]).
|
|
</td>
|
|
</tr>
|
|
[% END %]
|
|
|
|
[% IF abuser != user.identity %]
|
|
<tr>
|
|
<th>Generated by:</th>
|
|
<td>[% abuser FILTER html %]</td>
|
|
</tr>
|
|
<tr>
|
|
<th> </th>
|
|
<td>
|
|
This token has not been generated by you. It is possible that someone
|
|
tried to trick you!
|
|
</td>
|
|
</tr>
|
|
[% END %]
|
|
</table>
|
|
|
|
<p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
|
|
</div>
|
|
[% ELSE %]
|
|
<div class="throw_error">
|
|
It looks like you didn't come from the right page (you have no valid token for
|
|
the <em>[% expected_action FILTER html %]</em> action while processing the
|
|
'[% script_name FILTER html%]' script). The reason could be one of:<br>
|
|
<ul>
|
|
<li>You clicked the "Back" button of your web browser after having successfully
|
|
submitted changes, which is generally not a good idea (but harmless).</li>
|
|
<li>You entered the URL in the address bar of your web browser directly,
|
|
which should be safe.</li>
|
|
<li>You clicked on a URL which redirected you here <b>without your consent</b>,
|
|
in which case this action is much more critical.</li>
|
|
</ul>
|
|
Are you sure you want to commit these changes anyway? This may result in
|
|
unexpected and undesired results.
|
|
</div>
|
|
|
|
<form name="check" id="check" method="post" action="[% script_name FILTER html %]">
|
|
[% PROCESS "global/hidden-fields.html.tmpl"
|
|
exclude="^(Bugzilla_login|Bugzilla_password)$" %]
|
|
<input type="submit" id="confirm" value="Confirm Changes">
|
|
</form>
|
|
<p>Or throw away these changes and go back to <a href="[% alternate_script FILTER html %]">
|
|
[%- alternate_script FILTER html %]</a>.</p>
|
|
[% END %]
|
|
|
|
[% PROCESS global/footer.html.tmpl %]
|