[%# add tracking flags json if available %]
[% IF tracking_flags %]
[% javascript_urls.push("extensions/TrackingFlags/web/js/tracking_flags.js") %]
- TrackingFlags = [% tracking_flags_json FILTER none %];
+ var tracking_flags_str = "[% tracking_flags_json FILTER js %]";
+ var TrackingFlags = $.parseJSON(tracking_flags_str);
[% END %]
[%# update last-visited %]
-# This Source Code Form is subject to the terms of the Mozilla Public
+#d This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
use Bugzilla::Error;
use Bugzilla::Group;
use Bugzilla::Product;
+use Bugzilla::Token qw(check_hash_token delete_token);
use Bugzilla::Util qw(trim detaint_natural);
use Bugzilla::Extension::TrackingFlags::Constants;
$vars->{tracking_flag_types} = FLAG_TYPES;
if ($input->{delete}) {
+ my $token = $input->{token};
+ check_hash_token($token, ['tracking_flags_edit']);
+ delete_token($token);
+
my $flag = Bugzilla::Extension::TrackingFlags::Flag->new($vars->{flag_id})
|| ThrowCodeError('tracking_flags_invalid_item_id', { item => 'flag', id => $vars->{flag_id} });
$flag->remove_from_db();
exit;
} elsif ($input->{save}) {
- # save
+ my $token = $input->{token};
+ check_hash_token($token, ['tracking_flags_edit']);
+ delete_token($token);
my ($flag, $values, $visibilities) = _load_from_input($input, $vars);
_validate($flag, $values, $visibilities);
[% END %]
<script type="text/javascript">
- TrackingFlags = [% tracking_flags_json FILTER none %];
+ var tracking_flags_str = "[% tracking_flags_json FILTER js %]";
+ TrackingFlags = $.parseJSON(tracking_flags_str);
</script>
<script type="text/javascript">
$(function() {
- var tracking_flag_components = [% tracking_flag_components FILTER none %];
+ var tracking_flag_components_str = "[% tracking_flag_components FILTER js %]";
+ var tracking_flag_components = $.parseJSON(tracking_flag_components_str);
var highest_status_firefox = '[% highest_status_firefox FILTER js %]';
$('#component')
[% END %]
<script type="text/javascript">
- TrackingFlags = [% tracking_flags_json FILTER none %];
+ var tracking_flags_str = "[% tracking_flags_json FILTER js %]";
+ var TrackingFlags = $.parseJSON(tracking_flags_str);
hide_tracking_flags();
</script>
%]
<script>
- var groups = [% groups || '[]' FILTER none %];
- var flag_values = [% values || '[]' FILTER none %];
- var flag_visibility = [% visibility || '[]' FILTER none %];
+ var groups_str = "[% groups || '[]' FILTER js %]";
+ var groups = $.parseJSON(groups_str);
+ var flag_values_str = "[% values || '[]' FILTER js %]";
+ var flag_values = $.parseJSON(flag_values_str);
+ var flag_visibility_str = "[% visibility || '[]' FILTER js %]";
+ var flag_visibility = $.parseJSON(flag_visibility_str);
</script>
<div id="edit_mode">
<input type="hidden" name="values" id="values" value="">
<input type="hidden" name="visibility" id="visibility" value="">
<input type="hidden" name="save" value="1">
+<input type="hidden" name="token" value="[% issue_hash_token(['tracking_flags_edit']) FILTER html %]">
[%# name/desc/etc %]
projects / thirdparty / bugzilla.git / commitdiff
