Bug 494369: Do not throw an error if the 'order' parameter contains invalid columns...

diff --git a/buglist.cgi b/buglist.cgi
index 2cf7a013661e174df68214fac9f16ab1dd477c7d..2eee0edd99057ea43f66270084b734453b321a1b 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -165,7 +165,6 @@ my $serverpush =
                 || $cgi->param('serverpush');
 
 my $order = $cgi->param('order') || "";
-my $order_from_cookie = 0;  # True if $order set using the LASTORDER cookie
 
 # The params object to use for the actual query itself
 my $params;
@@ -890,8 +889,6 @@ if (!$order || $order =~ /^reuse/i) {
         # Cookies from early versions of Specific Search included this text,
         # which is now invalid.
         $order =~ s/ LIMIT 200//;
-        
-        $order_from_cookie = 1;
     }
     else {
         $order = '';  # Remove possible "reuse" identifier as unnecessary
@@ -920,7 +917,7 @@ if ($order) {
             last ORDER;
         };
         do {
-            my @order;
+            my (@order, @invalid_fragments);
             my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
             # A custom list of columns.  Make sure each column is valid.
             foreach my $fragment (split(/,/, $order)) {
@@ -933,16 +930,14 @@ if ($order) {
                     push(@order, $fragment);
                 }
                 else {
-                    my $vars = { fragment => $fragment };
-                    if ($order_from_cookie) {
-                        $cgi->remove_cookie('LASTORDER');
-                        ThrowCodeError("invalid_column_name_cookie", $vars);
-                    }
-                    else {
-                        ThrowCodeError("invalid_column_name_form", $vars);
-                    }
+                    push(@invalid_fragments, $fragment);
                 }
             }
+            if (scalar @invalid_fragments) {
+                $vars->{'message'} = 'invalid_column_name';
+                $vars->{'invalid_fragments'} = \@invalid_fragments;
+            }
+
             $order = join(",", @order);
             # Now that we have checked that all columns in the order are valid,
             # detaint the order string.

diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index a2863336a12b61922b9118a07451e73195ea46f6..da71da30dbc41241b08518c184405653ee1738cb 100644 (file)
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -190,17 +190,6 @@
      The attachment number of one of the attachments you wanted to obsolete,
      [% attach_id FILTER html %], is invalid.
           
-  [% ELSIF error == "invalid_column_name_cookie" %]
-    [% title = "Invalid Column Name" %]
-     The custom sort order specified in your cookie contains an invalid
-     column name <em>[% fragment FILTER html %]</em>. 
-     The cookie has been cleared.
-         
-  [% ELSIF error == "invalid_column_name_form" %]
-    [% title = "Invalid Column Name" %]
-     The custom sort order specified in your form submission contains an
-     invalid column name <em>[% fragment FILTER html %]</em>.
-
   [% ELSIF error == "invalid_customfield_type" %]
     [% title = "Invalid Field Type" %]
     The type <em>[% type FILTER html %]</em> is not a valid field type.

diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index d2915780cfa3d27344121689d1aed4fe0b73cd3c..1bc10daa95ad968ebb48abbf6c766c44c3e8ce3f 100644 (file)
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -455,6 +455,11 @@
       group.
     [% END %]
 
+  [% ELSIF message_tag == "invalid_column_name" %]
+    The custom sort order specified contains one or more invalid
+    column names: <em>[% invalid_fragments.join(', ') FILTER html %]</em>.
+    They have been removed from the sort list.
+
   [% ELSIF message_tag == "job_queue_depth" %]
     [% count FILTER html %] jobs in the queue.