=item C<logout_user($user)>
-Logs out the specified user (invalidating all his sessions), taking a
+Logs out the specified user (invalidating all their sessions), taking a
Bugzilla::User instance.
=item C<logout_by_id($id)>
Description: validates if attachments the user wants to mark as obsolete
really belong to the given bug and are not already obsolete.
Moreover, a user cannot mark an attachment as obsolete if
- he cannot view it (due to restrictions on it).
+ they cannot view it (due to restrictions on it).
Params: $bug - The bug object obsolete attachments should belong to.
$attach_ids - The list of attachments to mark as obsolete.
return $self->_handle_login_result($login_info, $type);
}
- # Now verify his username and password against the DB, LDAP, etc.
+ # Now verify their username and password against the DB, LDAP, etc.
if ($self->{_info_getter}->{successful}->requires_verification) {
$login_info = $self->{_verifier}->check_credentials($login_info);
if ($login_info->{failure}) {
The hashref may also contain a C<failure_count> element, which specifies
how many times the account has failed to log in within the lockout
period (see L</AUTH_LOCKOUT>). This is used to warn the user when
-he is getting close to being locked out.
+they are getting close to being locked out.
=head2 C<AUTH_NO_SUCH_USER>
# We can't just do this in new(), because we're not allowed to throw any
# error from anywhere under Bugzilla::Auth::new -- otherwise we
# could create a situation where the admin couldn't get to editparams
-# to fix his mistake. (Because Bugzilla->login always calls
+# to fix their mistake. (Because Bugzilla->login always calls
# Bugzilla::Auth->new, and almost every page calls Bugzilla->login.)
sub ldap {
my ($self) = @_;
}
# Should we add the reporter to the CC list of the new bug?
- # If he can see the bug...
+ # If they can see the bug...
if ($self->reporter->can_see_bug($dupe_of)) {
- # We only add him if he's not the reporter of the other bug.
+ # We only add them if they're not the reporter of the other bug.
$self->{_add_dup_cc} = 1
if $dupe_of_bug->reporter->id != $self->reporter->id;
}
$self->{_add_dup_cc} = $add_confirmed;
}
else {
- # Note that here we don't check if he user is already the reporter
- # of the dupe_of bug, since we already checked if he can *see*
+ # Note that here we don't check if the user is already the reporter
+ # of the dupe_of bug, since we already checked if they can *see*
# the bug, above. People might have reporter_accessible turned
# off, but cclist_accessible turned on, so they might want to
- # add the reporter even though he's already the reporter of the
+ # add the reporter even though they're already the reporter of the
# dup_of bug.
my $vars = {};
my $template = Bugzilla->template;
}
else {
# On bug creation, the reporter is the logged in user
- # (meaning that he must be logged in first!).
+ # (meaning that they must be logged in first!).
Bugzilla->login(LOGIN_REQUIRED);
$reporter = Bugzilla->user->id;
}
# If $dupes{$this_dup} is already set to 1, then a loop
# already exists which does not involve this bug.
# As the user is not responsible for this loop, do not
- # prevent him from marking this bug as a duplicate.
+ # prevent them from marking this bug as a duplicate.
return $last_dup if exists $dupes{$this_dup};
$dupes{$this_dup} = 1;
$last_dup = $this_dup;
return 1;
}
- # If the user isn't allowed to change a field, we must tell him who can.
+ # If the user isn't allowed to change a field, we must tell them who can.
# We store the required permission set into the $PrivilegesRequired
# variable which gets passed to the error template.
#
# is not allowed to change.
# The reporter may not:
- # - reassign bugs, unless the bugs are assigned to him;
+ # - reassign bugs, unless the bugs are assigned to them;
# in that case we will have already returned 1 above
# when checking for the assignee of the bug.
if ($field eq 'assigned_to') {
$$PrivilegesRequired = PRIVILEGES_REQUIRED_ASSIGNEE;
return 0;
}
- # - change the priority (unless he could have set it originally)
+ # - change the priority (unless they could have set it originally)
if ($field eq 'priority'
&& !Bugzilla->params->{'letsubmitterchoosepriority'})
{
# account is locked.
use constant LOGIN_LOCKOUT_INTERVAL => 30;
-# The time in minutes a user must wait before he can request another email to
-# create a new account or change his password.
+# The time in minutes a user must wait before they can request another email to
+# create a new account or change their password.
use constant ACCOUNT_CHANGE_INTERVAL => 10;
# The maximum number of seconds the Strict-Transport-Security header
# This is the name of the algorithm used to hash passwords before storing
# them in the database. This can be any string that is valid to pass to
# Perl's "Digest" module. Note that if you change this, it won't take
-# effect until a user logs in or changes his password.
+# effect until a user logs in or changes their password.
use constant PASSWORD_DIGEST_ALGORITHM => 'SHA-256';
# How long of a salt should we use? Note that if you change this, it
-# won't take effect until a user logs in or changes his password.
+# won't take effect until a user logs in or changes their password.
use constant PASSWORD_SALT_LENGTH => 8;
# Certain scripts redirect to GET even if the form was submitted originally
# See http://support.microsoft.com/kb/208427 for why MSIE is different
use constant CGI_URI_LIMIT => ($ENV{'HTTP_USER_AGENT'} || '') =~ /MSIE/ ? 2083 : 8000;
-# If the user isn't allowed to change a field, we must tell him who can.
+# If the user isn't allowed to change a field, we must tell them who can.
# We store the required permission set into the $PrivilegesRequired
# variable which gets passed to the error template.
# Make sure the user didn't specify a requestee unless the flag
# is specifically requestable. For existing flags, if the requestee
# was set before the flag became specifically unrequestable, the
- # user can either remove him or leave him alone.
+ # user can either remove them or leave them alone.
ThrowUserError('flag_type_requestee_disabled', { type => $self->type })
if !$self->type->is_requesteeble;
are described by the various C<REL_> constants in L<Bugzilla::Constants>.
Here's an example of adding userid C<123> to the recipient list
-as though he were on the CC list:
+as though they were on the CC list:
$recipients->{123}->{+REL_CC} = 1
if (!$who) {
# This username doesn't exist. Maybe someone
- # renamed him or something. Invent a new profile
- # entry disabled, just to represent him.
+ # renamed them or something. Invent a new profile
+ # entry disabled, just to represent them.
$dbh->do("INSERT INTO profiles (login_name,
cryptpassword, disabledtext)
VALUES (?,?,?)", undef, $name, '*',
# File the bug as the reporter.
my $super_user = Bugzilla->user;
my $reporter = Bugzilla::User->check($bug->{reporter});
- # Allow the user to file a bug in any product, no matter his current
+ # Allow the user to file a bug in any product, no matter their current
# permissions.
$reporter->{groups} = $super_user->groups;
Bugzilla->set_user($reporter);
if (Bugzilla->params->{'allowbugdeletion'}) {
require Bugzilla::Bug;
foreach my $bug_id (@{$self->bug_ids}) {
- # Note that we allow the user to delete bugs he can't see,
- # which is okay, because he's deleting the whole Product.
+ # Note that we allow the user to delete bugs they can't see,
+ # which is okay, because they're deleting the whole Product.
my $bug = new Bugzilla::Bug($bug_id);
$bug->remove_from_db();
}
Params: C<$user> - A Bugzilla::User object.
- Returns C<1> If this user's groups allow him C<entry> access to
+ Returns C<1> If this user's groups allow them C<entry> access to
this Product, C<0> otherwise.
=item C<flag_types()>
=item C<sharer>
-When a saved search is shared by a user, this is his user ID.
+When a saved search is shared by a user, this is their user ID.
=item C<user>
# are unable to run queries of the form (a AND b) OR c. In our case:
# (flag name is foo AND requestee is bar) OR (any other criteria).
# But this has never been possible, so this is not a regression. If one
- # needs to run such queries, he must use the Custom Search section of
+ # needs to run such queries, they must use the Custom Search section of
# the Advanced Search page.
$chart++;
$and = $or = 0;
my $vars = {};
# Is there already a pending request for this login name? If yes, do not throw
- # an error because the user may have lost his email with the token inside.
+ # an error because the user may have lost their email with the token inside.
# But to prevent using this way to mailbomb an email address, make sure
# the last request is old enough before sending a new email (default: 10 minutes).
# In 99% of cases, the user getting the confirmation email is the same one
# who made the request, and so it is reasonable to send the email in the same
- # language used to view the "Create a New Account" page (we cannot use his
+ # language used to view the "Create a New Account" page (we cannot use their
# user prefs as the user has no account yet!).
MessageToMTA($message);
}
$vars->{'ip_addr'} = $ip_addr;
$vars->{'emailaddress'} = $user->email;
$vars->{'expiration_ts'} = ctime($token_ts + MAX_TOKEN_AGE * 86400);
- # The user is not logged in (else he wouldn't request a new password).
+ # The user is not logged in (else they wouldn't request a new password).
# So we have to pass this information to the template.
$vars->{'timezone'} = $user->timezone;
{
# Something is going wrong. Ask confirmation before processing.
# It is possible that someone tried to trick an administrator.
- # In this case, we want to know his name!
+ # In this case, we want to know their name!
require Bugzilla::User;
my $vars = {};
Description: Creates and sends a token per email to the email address
requesting a new user account. It doesn't check whether
the user account already exists. The user will have to
- use this token to confirm the creation of his user account.
+ use this token to confirm the creation of their user account.
Params: $login_name - The new login name requested by the user.
Description: Sends a token per email to the given user. This token
can be used to change the password (e.g. in case the user
- cannot remember his password and wishes to enter a new one).
+ cannot remember their password and wishes to enter a new one).
Params: $user - User object of the user requesting a new password.
Description: Invalidates an existing token, generally when the token is used
for an action which is not the one expected. An email is sent
- to the user who originally requested this token to inform him
+ to the user who originally requested this token to inform them
that this token has been invalidated (e.g. because an hacker
tried to use this token for some malicious action).
=item C<DeletePasswordTokens($user_id, $reason)>
Description: Cancels all password tokens for the given user. Emails are sent
- to the user to inform him about this action.
+ to the user to inform them about this action.
Params: $user_id: The user ID of the user account whose password tokens
are canceled.
}
# Generate a string to identify the user by name + login if the user
-# has a name or by login only if she doesn't.
+# has a name or by login only if they don't.
sub identity {
my $self = shift;
my $e = $flagtype->exclusions_as_hash;
# If there is at least one product for which the user doesn't have
- # editcomponents privs, then don't allow him to do everything with
+ # editcomponents privs, then don't allow them to do everything with
# this flagtype, independently of whether this product is in the
# exclusion list or not.
my %product_ids;
=item C<showmybugslink>
-Returns C<1> if the user has set his preference to show the 'My Bugs' link in
+Returns C<1> if the user has set their preference to show the 'My Bugs' link in
the page footer, and C<0> otherwise.
=item C<identity>
=item C<get_products_by_permission($group)>
Returns a list of product objects for which the user has $group privileges
-and which he can access.
+and which they can access.
$group must be one of the groups defined in PER_PRODUCT_PRIVILEGES.
=item C<can_see_user(user)>
Description: Checks whether the user is allowed to edit properties of the flag type.
If the flag type is also used by some products for which the user
hasn't editcomponents privs, then the user is only allowed to edit
- the inclusion and exclusion lists for products he can administrate.
+ the inclusion and exclusion lists for products they can administrate.
Params: $flagtype_id - a flag type ID.
a plain-text password. If you specify '*', the user will not
be able to log in using DB authentication.
disabledtext - The disable-text for the new user. If given, the user
- will be disabled, meaning he cannot log in. Defaults to an
+ will be disabled, meaning they cannot log in. Defaults to an
empty string.
disable_mail - If 1, bug-related mail will not be sent to this user;
if 0, mail will be sent depending on the user's email preferences.
that you are checking.
$old_username (scalar, string) - If you are checking an email-change
token, insert the "old" username that the user is changing from,
- here. Then, as long as it's the right user for that token, he
- can change his username to $username. (That is, this function
+ here. Then, as long as it's the right user for that token, they
+ can change their username to $username. (That is, this function
will return a boolean true value).
=item C<login_to_id($login, $throw_error)>
Takes a time and converts it to the desired format and timezone.
If no format is given, the routine guesses the correct one and returns
an empty array if it cannot. If no timezone is given, the user's timezone
-is used, as defined in his preferences.
+is used, as defined in their preferences.
This routine is mainly called from templates to filter dates, see
"FILTER time" in L<Bugzilla::Template>.
=item C<is_creator_accessible>
C<boolean> If true, this bug can be accessed by the creator (reporter)
-of the bug, even if he or she is not a member of the groups the bug
+of the bug, even if they are not a member of the groups the bug
is restricted to.
=item C<keywords>
=item C<is_creator_accessible>
C<boolean> Whether or not the bug's reporter is allowed to access
-the bug, even if he or she isn't in a group that can normally access
+the bug, even if they aren't in a group that can normally access
the bug.
=item C<remaining_time>
my $obj_by_ids;
$obj_by_ids = Bugzilla::User->new_from_list($params->{ids}) if $params->{ids};
- # obj_by_ids are only visible to the user if he can see
+ # obj_by_ids are only visible to the user if they can see
# the otheruser, for non visible otheruser throw an error
foreach my $obj (@$obj_by_ids) {
if (Bugzilla->user->can_see_user($obj)){
=item 305 (New Password Required)
The current password is correct, but the user is asked to change
-his password.
+their password.
=item 50 (Param Required)
=item groups
C<array> An array of group hashes the user is a member of. If the currently
-logged in user is querying his own account or is a member of the 'editusers'
+logged in user is querying their own account or is a member of the 'editusers'
group, the array will contain all the groups that the user is a
member of. Otherwise, the array will only contain groups that the logged in
user can bless. Each hash describes the group and contains the following items:
my $product = new Bugzilla::Product({name => $product_name});
foreach my $gid (keys %{$product->group_controls}) {
- # The user can only edit groups he belongs to.
+ # The user can only edit groups they belong to.
next unless $user->in_group_id($gid);
# The user has no control on groups marked as NA or MANDATORY.
($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"),
$user->id);
if ($query_id) {
- # Make sure the user really wants to delete his saved search.
+ # Make sure the user really wants to delete their saved search.
my $token = $cgi->param('token');
check_hash_token($token, [$query_id, $qname]);
# If there is only one product available but the user entered
# another product name, we display a list with this single
# product only, to not confuse the user with components of a
- # product he didn't request.
+ # product they didn't request.
elsif (scalar(@products) > 1 || $product_name) {
$vars->{'classifications'} = sort_products_by_classification(\@products);
$vars->{'target'} = "describecomponents.cgi";
my @categories;
if ($category_action =~ /^(in|ex)clude$/) {
if (!$user->in_group('editcomponents') && !$product) {
- # The user can only add the flag type to products he can administrate.
+ # The user can only add the flag type to products they can administrate.
foreach my $prod (@products) {
push(@categories, $prod->id . ':0')
}
# were on the CC list.
#$recipients->{$user->id}->{+REL_CC} = 1;
- # And this line adds the maintainer as though he had the "REL_EXAMPLE"
- # relationship from the bugmail_relationships hook below.
+ # And this line adds the maintainer as though they had the
+ # "REL_EXAMPLE" relationship from the bugmail_relationships hook below.
#$recipients->{$user->id}->{+REL_EXAMPLE} = 1;
}
}
# No other check needed if this is a valid regular user.
return if login_to_id($reporter);
- # The reporter is not a regular user. We create an account for him,
- # but he can only comment on existing bugs.
+ # The reporter is not a regular user. We create an account for them,
+ # but they can only comment on existing bugs.
# This is useful for people who reply by email to bugmails received
# in mailing-lists.
if ($args->{fields}->{bug_id}) {
if (!$attacher) {
if ($att->{'attacher'}) {
$err .= "The original submitter of attachment $att_id was\n ";
- $err .= $att->{'attacher'} . ", but he doesn't have an account here.\n";
+ $err .= $att->{'attacher'} . ", but they don't have an account here.\n";
}
else {
$err .= "The original submitter of attachment $att_id is unknown.\n";
my $fields;
$fields->{'requester'}->{'type'} = 'single';
-# If the user doesn't restrict his search to requests from the wind
+# If the user doesn't restrict their search to requests from the wind
# (requestee ne '-'), include the requestee for completion.
unless (defined $cgi->param('requestee')
&& $cgi->param('requestee') eq '-')
my (@bugs, @illegal_bugs);
my %marks;
-# If the user isn't logged in, we use data from the shadow DB. If he plans
-# to edit the bug(s), he will have to log in first, meaning that the data
+# If the user isn't logged in, we use data from the shadow DB. If they plan
+# to edit the bug(s), they will have to log in first, meaning that the data
# will be reloaded anyway, from the main DB.
Bugzilla->switch_to_shadow_db unless $user->id;
# expected_action: the action the user was going to do.
# script_name: the script generating this warning.
# alternate_script: the suggested script to redirect the user to
- # if he declines submission.
+ # if they decline submission.
#%]
[% PROCESS global/header.html.tmpl
</li>
<li>
defaulton/defaultoff - Default behavior as described
- above, but user can choose whether Bugzilla will remember his
- login or not.
+ above, but user can choose whether Bugzilla will
+ remember their login or not.
</li>
</ul>",
"parameter permits to block the execution of queries with no criteria. " _
"When turned off, a query must have some criteria specified to limit " _
"the number of $terms.bugs returned to the user. When turned on, a user " _
- "is allowed to run a query with no criteria and get all $terms.bugs he can " _
- "see in his list. Turning this parameter on is not recommended on large " _
+ "is allowed to run a query with no criteria and get all $terms.bugs they can " _
+ "see in their list. Turning this parameter on is not recommended on large " _
"installations.",
default_search_limit =>
[% ELSE %]
might, in the future,
[% END %]
- allow him/her access to view this [% terms.bug %].</b>
+ allow them access to view this [% terms.bug %].</b>
Do you wish to do this?
</p>
<a href="query.cgi?format=advanced">Advanced Search</a> form.</p>
<ul class="qs_help">
- <li>All [% terms.bugs %] reported by userA@company.com or assigned to him
+ <li>All [% terms.bugs %] reported by userA@company.com or assigned to them
(the initial @ is a shortcut for the assignee, see the
<a href="#shortcuts">Advanced Shortcuts</a> section above):<br>
<kbd>ALL @userA@company.com OR reporter:userA@company.com</kbd></li>
<p>
When a user uploads a new attachment and lets the "Content Type" field set to
"auto-detect", Bugzilla now does its own MIME type detection
- if the web browser tells him that the attachment is of type
+ if the web browser tells them that the attachment is of type
"application/octet-stream", in an attempt to make a better guess than the web
browser. In all other cases, Bugzilla still trusts what the browser
- tells him.
+ tells them.
</p>
<p>
Check the <a href="#v44_req_optional_mod">list of optional Perl modules</a> to
set in the email itself.</li>
<li><strong>Skins:</strong> Bugzilla no longer fetches all skins
available when viewing a page. It only loads the skin selected by the user
- in his preferences, which results in less requests to the server.</li>
+ in their preferences, which results in less requests to the server.</li>
</ul>
<h4>Enhancements for Administrators and Developers</h4>
"subscribe" to those searches, and have them appear
in their footer.</p>
-<p>If the sharer can "bless" the group he's sharing to,
- (that is, if he can add users to that group), it's considered
- that he's a manager of that group, and his queries show up
+<p>If the sharer can "bless" the group they're sharing to,
+ (that is, if they can add users to that group), it's considered
+ that they're a manager of that group, and their queries show up
automatically in that group's footer (although they can
unsubscribe from any particular search, if they want.)</p>
<li><a href="editparams.cgi?section=auth#createemailregexp_desc">createemailregexp</a>
defines which users are allowed to create an account on this installation. If set
- to ".*" (the default), everybody is free to create his own account. If set to
+ to ".*" (the default), everybody is free to create their own account. If set to
"@mycompany.com$", only users having an account @mycompany.com will be allowed to
create an account. If left blank, users will not be able to create accounts themselves;
only an administrator will be able to create one for them. If you want a private
# Now delete this token.
delete_token($token);
- # Let the user know that his user account has been successfully created.
+ # Let the user know that their user account has been successfully created.
$vars->{'message'} = 'account_created';
$vars->{'otheruser'} = $otheruser;
- # Log in the new user using credentials he just gave.
+ # Log in the new user using credentials they just gave.
$cgi->param('Bugzilla_login', $otheruser->login);
$cgi->param('Bugzilla_password', $password);
Bugzilla->login(LOGIN_OPTIONAL);
}
}
- # If the user has product specific privileges, inform him about that.
+ # If the user has product specific privileges, inform them about that.
foreach my $privs (PER_PRODUCT_PRIVILEGES) {
next if $user->in_group($privs);
$vars->{"local_$privs"} = $user->get_products_by_permission($privs);
}
if ($group_id) {
- # Don't allow the user to share queries with groups he's not
+ # Don't allow the user to share queries with groups they're not
# allowed to.
next unless grep($_ eq $group_id, @{$user->queryshare_groups});
projects / thirdparty / bugzilla.git / commitdiff
