Skip to content

bugzilla
bugzilla
Commit b8851cdd authored by gerv%gerv.net's avatar gerv%gerv.net
Browse files
Options

Bug 163114 - Templatise all calls to DisplayError. Patch D (the last one). Patch by gerv; r=burnus.

parent f50efb95
Hide whitespace changes
Inline Side-by-side
Showing with 119 additions and 109 deletions
Bugzilla/Search.pm
View file @ b8851cdd
...@@ -746,12 +746,7 @@ sub init { ...@@ -746,12 +746,7 @@ sub init {
# chart -1 is generated by other code above, not from the user- # chart -1 is generated by other code above, not from the user-
# submitted form, so we'll blindly accept any values in chart -1 # submitted form, so we'll blindly accept any values in chart -1
if ((!$chartfields{$f}) && ($chart != -1)) { if ((!$chartfields{$f}) && ($chart != -1)) {
my $errstr = "Can't use $f as a field name. " . ThrowCodeError("invalid_field_name", {field => $f});
"If you think you're getting this in error, please copy the " .
"entire URL out of the address bar at the top of your browser " .
"window and email it to <109679\@bugzilla.org>";
die "Internal error: $errstr" if $chart < 0;
return &::DisplayError($errstr);
} }
# This is either from the internal chart (in which case we # This is either from the internal chart (in which case we
......
CGI.pl
View file @ b8851cdd
...@@ -801,18 +801,6 @@ sub PutFooter { ...@@ -801,18 +801,6 @@ sub PutFooter {
# ThrowUserError("some_tag", { bug_id => $bug_id, size => 127 }); # ThrowUserError("some_tag", { bug_id => $bug_id, size => 127 });
############################################################################### ###############################################################################
# DisplayError is deprecated. Use ThrowCodeError, ThrowUserError or
# ThrowTemplateError instead.
sub DisplayError {
($vars->{'error'}, $vars->{'title'}) = (@_);
print "Content-type: text/html\n\n" if !$vars->{'header_done'};
$template->process("global/user-error.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
return 1;
}
# For "this shouldn't happen"-type places in the code. # For "this shouldn't happen"-type places in the code.
# The contents of $extra_vars get printed out in the template - useful for # The contents of $extra_vars get printed out in the template - useful for
# debugging info. # debugging info.
......
describecomponents.cgi
View file @ b8851cdd
...@@ -57,9 +57,7 @@ if (!defined $::FORM{'product'}) { ...@@ -57,9 +57,7 @@ if (!defined $::FORM{'product'}) {
my $prodsize = scalar(keys %products); my $prodsize = scalar(keys %products);
if ($prodsize == 0) { if ($prodsize == 0) {
DisplayError("Either no products have been defined ". ThrowUserError("no_products");
"or you have not been given access to any.\n");
exit;
} }
elsif ($prodsize > 1) { elsif ($prodsize > 1) {
$::vars->{'proddesc'} = \%products; $::vars->{'proddesc'} = \%products;
...@@ -93,8 +91,7 @@ if (!$product_id) { ...@@ -93,8 +91,7 @@ if (!$product_id) {
if (Param("usebuggroups") && GroupExists($product)) { if (Param("usebuggroups") && GroupExists($product)) {
confirm_login() unless $::userid; confirm_login() unless $::userid;
UserInGroup($product) UserInGroup($product)
|| DisplayError("You are not authorized to access that product.") || ThrowUserError("product_access_denied");
&& exit;
} }
###################################################################### ######################################################################
......
globals.pl
View file @ b8851cdd
...@@ -680,24 +680,18 @@ sub CanSeeBug { ...@@ -680,24 +680,18 @@ sub CanSeeBug {
sub ValidatePassword { sub ValidatePassword {
# Determines whether or not a password is valid (i.e. meets Bugzilla's # Determines whether or not a password is valid (i.e. meets Bugzilla's
# requirements for length and content). If the password is valid, the # requirements for length and content).
# function returns boolean false. Otherwise it returns an error message
# (synonymous with boolean true) that can be displayed to the user.
# If a second password is passed in, this function also verifies that # If a second password is passed in, this function also verifies that
# the two passwords match. # the two passwords match.
my ($password, $matchpassword) = @_; my ($password, $matchpassword) = @_;
if ( length($password) < 3 ) { if (length($password) < 3) {
return "The password is less than three characters long. It must be at least three characters."; ThrowUserError("password_too_short");
} elsif ( length($password) > 16 ) { } elsif (length($password) > 16) {
return "The password is more than 16 characters long. It must be no more than 16 characters."; ThrowUserError("password_too_long");
} elsif ( $matchpassword && $password ne $matchpassword ) { } elsif ($matchpassword && $password ne $matchpassword) {
return "The two passwords do not match."; ThrowUserError("passwords_dont_match");
} }
return 0;
} }
......
reports.cgi
View file @ b8851cdd
...@@ -105,23 +105,21 @@ if (! defined $FORM{'product'}) { ...@@ -105,23 +105,21 @@ if (! defined $FORM{'product'}) {
# Valid values are those products for which the user has permissions which appear # Valid values are those products for which the user has permissions which appear
# in the "product" drop-down menu on the report generation form. # in the "product" drop-down menu on the report generation form.
grep($_ eq $FORM{'product'}, @myproducts) grep($_ eq $FORM{'product'}, @myproducts)
|| DisplayError("You entered an invalid product name.") && exit; || ThrowUserError("invalid_product_name", {product => $FORM{'product'}});
# If usebuggroups is on, we don't want people to be able to view # If usebuggroups is on, we don't want people to be able to view
# reports for products they don't have permissions for... # reports for products they don't have permissions for...
Param("usebuggroups") Param("usebuggroups")
&& GroupExists($FORM{'product'}) && GroupExists($FORM{'product'})
&& !UserInGroup($FORM{'product'}) && !UserInGroup($FORM{'product'})
&& DisplayError("You do not have the permissions necessary to view reports for this product.") && ThrowUserError("report_access_denied");
&& exit;
# For security and correctness, validate the value of the "output" form variable. # For security and correctness, validate the value of the "output" form variable.
# Valid values are the keys from the %reports hash defined above which appear in # Valid values are the keys from the %reports hash defined above which appear in
# the "output" drop-down menu on the report generation form. # the "output" drop-down menu on the report generation form.
$FORM{'output'} ||= "most_doomed"; # a reasonable default $FORM{'output'} ||= "most_doomed"; # a reasonable default
grep($_ eq $FORM{'output'}, keys %reports) grep($_ eq $FORM{'output'}, keys %reports)
|| DisplayError("You entered an invalid output type.") || ThrowCodeError("invalid_output_type", {type => $FORM{'output'}});
&& exit;
# We've checked that the product exists, and that the user can see it # We've checked that the product exists, and that the user can see it
# This means that is OK to detaint # This means that is OK to detaint
......
sanitycheck.cgi
View file @ b8851cdd
...@@ -64,9 +64,7 @@ confirm_login(); ...@@ -64,9 +64,7 @@ confirm_login();
# prevents users with a legitimate interest in Bugzilla integrity # prevents users with a legitimate interest in Bugzilla integrity
# from accessing the script). # from accessing the script).
UserInGroup("editbugs") UserInGroup("editbugs")
|| DisplayError("You are not authorized to access this script, || ThrowUserError("sanity_check_access_denied");
which is reserved for users with the ability to edit bugs.")
&& exit;
print "Content-type: text/html\n"; print "Content-type: text/html\n";
print "\n"; print "\n";
......
showdependencygraph.cgi
View file @ b8851cdd
...@@ -70,8 +70,7 @@ sub AddLink { ...@@ -70,8 +70,7 @@ sub AddLink {
$::FORM{'rankdir'} = "LR" if !defined $::FORM{'rankdir'}; $::FORM{'rankdir'} = "LR" if !defined $::FORM{'rankdir'};
if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) { if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) {
DisplayError("No bug numbers given."); ThrowCodeError("missing_bug_id");
exit;
} }
my $filename = "data/webdot/$$.dot"; my $filename = "data/webdot/$$.dot";
......
sidebar.cgi
View file @ b8851cdd
...@@ -68,8 +68,7 @@ if ($useragent =~ m:Mozilla/([1-9][0-9]*):i && $1 >= 5 && $useragent !~ m/compat ...@@ -68,8 +68,7 @@ if ($useragent =~ m:Mozilla/([1-9][0-9]*):i && $1 >= 5 && $useragent !~ m/compat
$template->process("sidebar.xul.tmpl", $vars) $template->process("sidebar.xul.tmpl", $vars)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
} else { } else {
DisplayError("sidebar.cgi currently only supports Mozilla based web browsers"); ThrowUserError("sidebar_supports_mozilla_only");
exit;
} }
......
template/en/default/global/code-error.html.tmpl
View file @ b8851cdd
...@@ -125,6 +125,16 @@ ...@@ -125,6 +125,16 @@
The target type was neither <em>bug</em> nor <em>attachment</em> The target type was neither <em>bug</em> nor <em>attachment</em>
but rather <em>[% variables.target_type FILTER html %]</em>. but rather <em>[% variables.target_type FILTER html %]</em>.
[% ELSIF error == "invalid_field_name" %]
Can't use [% field FILTER html %] as a field name.
[% ELSIF error == "invalid_output_type" %]
[% title = "Invalid Output Type" %]
Invalid output type [% type FILTER html %].
[% ELSIF error == "missing_bug_id" %]
No bug ID was given.
[% ELSIF error == "no_y_axis_defined" %] [% ELSIF error == "no_y_axis_defined" %]
No Y axis was defined when creating report. The X axis is optional, No Y axis was defined when creating report. The X axis is optional,
but the Y axis is compulsory. but the Y axis is compulsory.
...@@ -138,6 +148,9 @@ ...@@ -138,6 +148,9 @@
[% ELSIF error == "template_error" %] [% ELSIF error == "template_error" %]
[% template_error_msg %] [% template_error_msg %]
[% ELSIF error == "unable_to_retrieve_password" %]
I was unable to retrieve your old password from the database.
[% ELSIF error == "undefined_field" %] [% ELSIF error == "undefined_field" %]
[% field FILTER html %] was not defined; [% Param('browserbugmessage') %] [% field FILTER html %] was not defined; [% Param('browserbugmessage') %]
......
template/en/default/global/user-error.html.tmpl
View file @ b8851cdd
...@@ -143,6 +143,10 @@ ...@@ -143,6 +143,10 @@
really make sense to mark a bug as a duplicate of itself, really make sense to mark a bug as a duplicate of itself,
does it? does it?
[% ELSIF error == "email_change_in_progress" %]
[% title = "Email Change Already In Progress" %]
Email change already in progress; please check your email.
[% ELSIF error == "email_confirmation_failed" %] [% ELSIF error == "email_confirmation_failed" %]
[% title = "Email Address Email Address Confirmation Failed" %] [% title = "Email Address Email Address Confirmation Failed" %]
Email address confirmation failed. Email address confirmation failed.
...@@ -336,6 +340,10 @@ ...@@ -336,6 +340,10 @@
[% title = "Quip Required" %] [% title = "Quip Required" %]
Please enter a quip in the text field. Please enter a quip in the text field.
[% ELSIF error == "new_password_missing" %]
[% title = "New Password Missing" %]
You must enter a new password.
[% ELSIF error == "no_bugs_chosen" %] [% ELSIF error == "no_bugs_chosen" %]
[% title = "No Bugs Chosen" %] [% title = "No Bugs Chosen" %]
You apparently didn't choose any bugs to modify. You apparently didn't choose any bugs to modify.
...@@ -392,12 +400,38 @@ ...@@ -392,12 +400,38 @@
Either no products have been defined to enter bugs against or you have not Either no products have been defined to enter bugs against or you have not
been given access to any. been given access to any.
[% ELSIF error == "old_password_incorrect" %]
[% title = "Incorrect Old Password" %]
You did not enter your old password correctly.
[% ELSIF error == "old_password_required" %]
[% title = "Old Password Required" %]
You must enter your old password to change email address.
[% ELSIF error == "passwords_dont_match" %]
[% title = "Passwords Don't Match" %]
The two passwords you entered did not match.
[% ELSIF error == "password_too_long" %]
[% title = "Password Too Long" %]
The password is more than 16 characters long. It must be no more than
16 characters.
[% ELSIF error == "password_too_short" %]
[% title = "Password Too Short" %]
The password is less than three characters long. It must be at least
three characters.
[% ELSIF error == "patch_too_large" %] [% ELSIF error == "patch_too_large" %]
[% title = "File Too Large" %] [% title = "File Too Large" %]
The file you are trying to attach is [% filesize %] kilobytes (KB) in size. The file you are trying to attach is [% filesize %] kilobytes (KB) in size.
Patches cannot be more than [% Param('maxpatchsize') %] KB in size. Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
Try breaking your patch into several pieces. Try breaking your patch into several pieces.
[% ELSIF error == "product_access_denied" %]
[% title = "Access Denied" %]
You do not have the permissions necessary to access that product.
[% ELSIF error == "query_name_missing" %] [% ELSIF error == "query_name_missing" %]
[% title = "No Query Name Specified" %] [% title = "No Query Name Specified" %]
You must enter a name for your query. You must enter a name for your query.
...@@ -408,6 +442,10 @@ ...@@ -408,6 +442,10 @@
intentionally cleared out the "Reassign bug to" intentionally cleared out the "Reassign bug to"
field, [% Param("browserbugmessage") %] field, [% Param("browserbugmessage") %]
[% ELSIF error == "report_access_denied" %]
[% title = "Access Denied" %]
You do not have the permissions necessary to view reports for this product.
[% ELSIF error == "requestee_too_short" %] [% ELSIF error == "requestee_too_short" %]
[% title = "Requestee Name Too Short" %] [% title = "Requestee Name Too Short" %]
One or two characters match too many users, so please enter at least One or two characters match too many users, so please enter at least
...@@ -433,6 +471,26 @@ ...@@ -433,6 +471,26 @@
[% title = "Summary Needed" %] [% title = "Summary Needed" %]
You must enter a summary for this bug. You must enter a summary for this bug.
[% ELSIF error == "sanity_check_access_denied" %]
[% title = "Access Denied" %]
You do not have the permissions necessary to run a sanity check.
[% ELSIF error == "sidebar_supports_mozilla_only" %]
Sorry - sidebar.cgi currently only supports Mozilla based web browsers.
<a href="http://www.mozilla.org">Upgrade today</a>. :-)
[% ELSIF error == "too_many_votes_for_bug" %]
[% title = "Illegal Vote" %]
You may only use at most [% max %] votes for a single bug in the
<tt>[% prod FILTER html %]</tt> product, but you are trying to use
[% votes %].
[% ELSIF error == "too_many_votes_for_product" %]
[% title = "Illegal Vote" %]
You may only use at most [% max %] votes for bugs in the
<tt>[% prod FILTER html %]</tt> product, but you are trying to use
[% votes %].
[% ELSIF error == "token_inexistent" %] [% ELSIF error == "token_inexistent" %]
[% title = "Token Does Not Exist" %] [% title = "Token Does Not Exist" %]
The token you submitted does not exist, has expired, or has The token you submitted does not exist, has expired, or has
...@@ -447,6 +505,10 @@ ...@@ -447,6 +505,10 @@
[% title = "Unknown Tab" %] [% title = "Unknown Tab" %]
<code>[% current_tab_name FILTER html %]</code> is not a legal tab name. <code>[% current_tab_name FILTER html %]</code> is not a legal tab name.
[% ELSIF error == "votes_must_be_nonnegative" %]
[% title = "Votes Must Be Non-negative" %]
Only use non-negative numbers for your bug votes.
[% ELSIF error == "wrong_token_for_cancelling_email_change" %] [% ELSIF error == "wrong_token_for_cancelling_email_change" %]
[% title = "Wrong Token" %] [% title = "Wrong Token" %]
That token cannot be used to cancel an email address change. That token cannot be used to cancel an email address change.
......
token.cgi
View file @ b8851cdd
...@@ -113,11 +113,7 @@ if ( $::action eq 'chgpw' ) { ...@@ -113,11 +113,7 @@ if ( $::action eq 'chgpw' ) {
&& defined $::FORM{'matchpassword'} && defined $::FORM{'matchpassword'}
|| ThrowUserError("require_new_password"); || ThrowUserError("require_new_password");
my $passworderror = ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'}); ValidatePassword($::FORM{'password'}, $::FORM{'matchpassword'});
if ( $passworderror ) {
DisplayError($passworderror);
exit;
}
} }
################################################################################ ################################################################################
......
userprefs.cgi
View file @ b8851cdd
...@@ -92,29 +92,19 @@ sub SaveAccount { ...@@ -92,29 +92,19 @@ sub SaveAccount {
my $old = SqlQuote($::FORM{'Bugzilla_password'}); my $old = SqlQuote($::FORM{'Bugzilla_password'});
SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid"); SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
my $oldcryptedpwd = FetchOneColumn(); my $oldcryptedpwd = FetchOneColumn();
if (!$oldcryptedpwd) { $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
DisplayError("I was unable to retrieve your old password from the database.");
exit;
}
if (crypt($::FORM{'Bugzilla_password'}, $oldcryptedpwd) ne if (crypt($::FORM{'Bugzilla_password'}, $oldcryptedpwd) ne
$oldcryptedpwd) $oldcryptedpwd)
{ {
DisplayError("You did not enter your old password correctly."); ThrowUserError("old_password_incorrect");
exit;
} }
if ($pwd1 ne "" || $pwd2 ne "") if ($pwd1 ne "" || $pwd2 ne "")
{ {
if ($pwd1 ne $pwd2) { ($pwd1 eq $pwd2) || ThrowUserError("passwords_dont_match");
DisplayError("The two passwords you entered did not match."); $::FORM{'new_password1'} || ThrowUserError("new_password_missing");
exit; ValidatePassword($pwd1);
}
if ($::FORM{'new_password1'} eq '') {
DisplayError("You must enter a new password.");
exit;
}
my $passworderror = ValidatePassword($pwd1);
(DisplayError($passworderror) && exit) if $passworderror;
my $cryptedpassword = SqlQuote(Crypt($pwd1)); my $cryptedpassword = SqlQuote(Crypt($pwd1));
SendSQL("UPDATE profiles SendSQL("UPDATE profiles
...@@ -130,27 +120,20 @@ sub SaveAccount { ...@@ -130,27 +120,20 @@ sub SaveAccount {
my $new_login_name = trim($::FORM{'new_login_name'}); my $new_login_name = trim($::FORM{'new_login_name'});
if($old_login_name ne $new_login_name) { if($old_login_name ne $new_login_name) {
if( $::FORM{'Bugzilla_password'} eq "") { $::FORM{'Bugzilla_password'}
DisplayError("You must enter your old password to || ThrowCodeError("old_password_required");
change email address.");
exit;
}
use Token; use Token;
# Block multiple email changes for the same user. # Block multiple email changes for the same user.
if (Token::HasEmailChangeToken($userid)) { if (Token::HasEmailChangeToken($userid)) {
DisplayError("Email change already in progress; ThrowUserError("email_change_in_progress");
please check your email.");
exit;
} }
# Before changing an email address, confirm one does not exist. # Before changing an email address, confirm one does not exist.
CheckEmailSyntax($new_login_name); CheckEmailSyntax($new_login_name);
trick_taint($new_login_name); trick_taint($new_login_name);
if (!ValidateNewUser($new_login_name)) { ValidateNewUser($new_login_name)
DisplayError("Account $new_login_name already exists"); || ThrowUserError("account_exists", {email => $new_login_name});
exit;
}
Token::IssueEmailChangeToken($userid,$old_login_name, Token::IssueEmailChangeToken($userid,$old_login_name,
$new_login_name); $new_login_name);
...@@ -325,7 +308,7 @@ sub SaveFooter { ...@@ -325,7 +308,7 @@ sub SaveFooter {
"AND name = " . SqlQuote($name)); "AND name = " . SqlQuote($name));
} }
} else { } else {
DisplayError("Hmm, the $name query seems to have gone away."); ThrowUserError("missing_query", {queryname => $name});
} }
} }
SendSQL("UPDATE profiles SET mybugslink = " . SendSQL("UPDATE profiles SET mybugslink = " .
......
votes.cgi
View file @ b8851cdd
...@@ -79,7 +79,7 @@ elsif ($action eq "vote") { ...@@ -79,7 +79,7 @@ elsif ($action eq "vote") {
show_user(); show_user();
} }
else { else {
DisplayError("Unknown action: " . html_quote($action)); ThrowCodeError("unknown_action", {action => $action});
} }
exit; exit;
...@@ -87,8 +87,8 @@ exit; ...@@ -87,8 +87,8 @@ exit;
# Display the names of all the people voting for this one bug. # Display the names of all the people voting for this one bug.
sub show_bug { sub show_bug {
my $bug_id = $::FORM{'bug_id'} my $bug_id = $::FORM{'bug_id'}
|| DisplayError("Please give a bug ID to show the votes for.") || ThrowCodeError("missing_bug_id");
&& exit;
my $total = 0; my $total = 0;
my @users; my @users;
...@@ -126,10 +126,7 @@ sub show_user { ...@@ -126,10 +126,7 @@ sub show_user {
# After DBNameToIdAndCheck is templatised and prints a Content-Type, # After DBNameToIdAndCheck is templatised and prints a Content-Type,
# the above should revert to a call to that function, and this # the above should revert to a call to that function, and this
# special error handling should go away. # special error handling should go away.
if (!$who) { $who || ThrowUserError("invalid_username", {name => $name});
DisplayError(html_quote($name) . " is not a valid username.\n");
exit;
}
my $canedit = 1 if ($name eq $::COOKIE{'Bugzilla_login'}); my $canedit = 1 if ($name eq $::COOKIE{'Bugzilla_login'});
...@@ -255,8 +252,7 @@ sub record_votes { ...@@ -255,8 +252,7 @@ sub record_votes {
foreach my $id (@buglist) { foreach my $id (@buglist) {
ValidateBugID($id); ValidateBugID($id);
detaint_natural($::FORM{$id}) detaint_natural($::FORM{$id})
|| DisplayError("Only use non-negative numbers for your bug votes.") || ThrowUserError("votes_must_be_nonnegative");
&& exit;
} }
############################################################################ ############################################################################
...@@ -283,28 +279,20 @@ sub record_votes { ...@@ -283,28 +279,20 @@ sub record_votes {
$prodcount{$prod} += $::FORM{$id}; $prodcount{$prod} += $::FORM{$id};
# Make sure we haven't broken the votes-per-bug limit # Make sure we haven't broken the votes-per-bug limit
if ($::FORM{$id} > $max) { ($::FORM{$id} <= $max)
$prod = html_quote($prod); || ThrowUserError("too_many_votes_for_bug",
my $votes = html_quote($::FORM{$id}); {max => $max,
product => $prod,
DisplayError("You may only use at most $max votes for a single votes => $::FORM{$id}});
bug in the <tt>$prod</tt> product, but you are
trying to use $votes.", "Illegal vote");
exit();
}
} }
# Make sure we haven't broken the votes-per-product limit # Make sure we haven't broken the votes-per-product limit
foreach my $prod (keys(%prodcount)) { foreach my $prod (keys(%prodcount)) {
if ($prodcount{$prod} > $::prodmaxvotes{$prod}) { ($prodcount{$prod} <= $::prodmaxvotes{$prod})
$prod = html_quote($prod); || ThrowUserError("too_many_votes_for_product",
{max => $::prodmaxvotes{$prod},
DisplayError("You may only use at most $::prodmaxvotes{$prod} product => $prod,
votes for bugs in the <tt>$prod</tt> product, votes => $prodcount{$prod}});
but you are trying to use $prodcount{$prod}.",
"Illegal vote");
exit();
}
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment