Bug 772953: Remove the token from buglist urls

r=dkl, a=LpSolit

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index ed8540b2aa8a72f9faf13305912e619bf5264773..0385af2cb04d23484841ba399de5bd9bbf70bcba 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -171,6 +171,11 @@ sub clean_search_url {
     # Delete leftovers from the login form
     $self->delete('Bugzilla_remember', 'GoAheadAndLogIn');
 
+    # Delete the token if we're not updating the defaults
+    unless (defined $self->param('remtype') && $self->param('remtype') eq 'asdefault') {
+        $self->delete("token");
+    }
+
     foreach my $num (1,2,3) {
         # If there's no value in the email field, delete the related fields.
         if (!$self->param("email$num")) {

diff --git a/buglist.cgi b/buglist.cgi
index 3466b46817b650eccf1499ec613f05b8cda044f0..d8da0a6bb2d872e3325d6fd1b0678df63dc79819 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1035,7 +1035,8 @@ else {
 
 # Set 'urlquerypart' once the buglist ID is known.
 $vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
-                                                      'query_based_on');
+                                                      'query_based_on',
+                                                      'token');
 
 if ($format->{'extension'} eq "csv") {
     # We set CSV files to be downloaded, as they are designed for importing

diff --git a/js/custom-search.js b/js/custom-search.js
index f8332a0bf3b7712f77262b63481809dfc611e1cc..89a788073670971c294628927ce2c90a360b2377 100644 (file)
--- a/js/custom-search.js
+++ b/js/custom-search.js
@@ -134,7 +134,15 @@ function fix_query_string(form_member) {
         return;
 
     var form = YAHOO.util.Dom.getAncestorByTagName(form_member, 'form');
+    // Disable the token field so setForm doesn't include it
+    var reenable_token = false;
+    if (form['token'] && !form['token'].disabled) {
+      form['token'].disabled = true;
+      reenable_token = true;
+    }
     var query = YAHOO.util.Connect.setForm(form);
+    if (reenable_token)
+      form['token'].disabled = false;
     window.History.replaceState(null, document.title, '?' + query);
 }
 

diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index 1dfdf51c2824f42177537e4dfdc10a2cecc91f27..1c5c228105eb8b42ba95be2cbb92edc56835e493 100644 (file)
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -38,6 +38,9 @@
         &list_id=[% cgi.param('list_id') FILTER uri %]
       [%~ END %]
     [% END %]
+  [% ELSIF cgi.param('token') != '' %]
+    [% new_url = 'buglist.cgi?'
+                 _ cgi.canonicalise_query('token', 'cmdtype', 'remtype') %]
   [% END %]
 
   if (history && history.replaceState) {

diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl
index 7b2a347b9427eac6d66c583872e9140913ba10b5..2bff834bc37efb3a8716b0b6d87be9c2cb046388 100644 (file)
--- a/template/en/default/search/search-advanced.html.tmpl
+++ b/template/en/default/search/search-advanced.html.tmpl
@@ -15,10 +15,19 @@
 [% USE Bugzilla %]
 [% cgi = Bugzilla.cgi %]
 
+[% javascript = BLOCK %]
+function remove_token() {
+  if (queryform.token) {
+    var asDefault = document.getElementById('remasdefault');
+    queryform.token.disabled = !asDefault.checked;
+  }
+}
+[% END %]
 
 [% PROCESS global/header.html.tmpl
   title = "Search for $terms.bugs"
   yui = [ 'autocomplete', 'calendar' ]
+  javascript = javascript
   javascript_urls = [ "js/util.js", "js/TUI.js", "js/field.js"]
   style_urls = [ "skins/standard/search_form.css" ]
   doc_section = "query.html"
@@ -30,7 +39,8 @@
 
 <p id="search_help">Hover your mouse over each field label to get help for that field.</p>
 
-<form method="post" action="buglist.cgi" name="queryform" id="queryform">
+<form method="post" action="buglist.cgi" name="queryform" id="queryform"
+      onsubmit="remove_token()">
 
 [% PROCESS search/form.html.tmpl %]