From: Simon Green <sgreen@redhat.com>
Date: Wed, 4 Sep 2013 00:41:38 +0000 (+1000)
Subject: Bug 875217 - SecurityError in Javascript on buglist.cgi
X-Git-Tag: bugzilla-4.4.1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac24af74a99fbe18361d5802444123586eb89774;p=thirdparty%2Fbugzilla.git

Bug 875217 - SecurityError in Javascript on buglist.cgi
r=glob, a=glob
---

diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index dcc140cf27..4e6bdfd902 100644
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -30,22 +30,22 @@
 [% qorder = order FILTER uri IF order %]
 
 [% javascript =  BLOCK %]
-  [% new_url = cgi.self_url %]
   [% IF quicksearch %]
-    [% new_url = BLOCK ~%]
-      buglist.cgi?quicksearch=[% quicksearch FILTER uri %]
+    [% new_param = BLOCK ~%]
+      quicksearch=[% quicksearch FILTER uri %]
       [%~ IF cgi.param('list_id') ~%]
         &list_id=[% cgi.param('list_id') FILTER uri %]
       [%~ END %]
     [% END %]
   [% ELSIF cgi.param('token') != '' %]
-    [% new_url = 'buglist.cgi?'
-                 _ cgi.canonicalise_query('token', 'cmdtype', 'remtype') %]
+    [% new_param = cgi.canonicalise_query('token', 'cmdtype', 'remtype') %]
+  [% ELSE %]
+    [% new_param = cgi.canonicalise_query %]
   [% END %]
 
   if (history && history.replaceState) {
     history.replaceState(null, "[% unfiltered_title FILTER js %]",
-                         "[% new_url FILTER js %]");
+                         "buglist.cgi?[% new_param FILTER js %]");
     document.title = "[% unfiltered_title FILTER js %]";
   }
   [% javascript FILTER none %]