Closed Bug 1097798 Opened 11 years ago Closed 11 years ago

Do not display the resolution in the dependency tree for open bugs, nor the target milestone if usetargetmilestone is off

Categories

(Bugzilla :: Dependency Views, defect)

Product:
Bugzilla
Component:
Dependency Views
Version:
2.23.1
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.0

People

(Reporter: christophe.jaillet, Assigned: LpSolit)

References

Details

Attachments

(1 file, 1 obsolete file)

patch, v2
988 bytes, patch
dkl
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141106120505 Steps to reproduce: Look at a dependency tree. Actual results: When the mouse is over an item in the tree, a tooltip like "ACCEPTED ---; assigned to xx@yy.fr; Target: ---" is displayed. Expected results: When "usetargetmilestone" is turned to off, the tooltip could be shortened in order to avoid displaying useless information. This would avoid the users to wonder what this "target" is about and keep the only the valuable information.
This is not the target milestone. This is the resolution.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
But what should be done is to not display the resolution for open bugs.
Severity: normal → trivial
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---
Summary: Do not display information about "target" in the dependency tree view when "target" is not used → Do not display the resolution in the dependency tree for open bugs
Attached patch patch, v1 (obsolete) — Splinter Review
Assignee: dependency.views → LpSolit
Status: REOPENED → ASSIGNED
Attachment #8521758 - Flags: review?(dkl)
Target Milestone: --- → Bugzilla 5.0
Hmm, are you sure you saw the correct "---"? There's one at the end too.. which shouldn't be there too at all, if the target milestone are indeed disabled. Is that the case?
Ah, you are right, sorry.
Summary: Do not display the resolution in the dependency tree for open bugs → Do not display the resolution in the dependency tree for open bugs, nor the target milestone if usetargetmilestone is off
Attached patch patch, v2Splinter Review
Hum, the target milestone was not HTML-escaped. Bad!
Attachment #8521758 - Attachment is obsolete: true
Attachment #8521758 - Flags: review?(dkl)
Attachment #8521800 - Flags: review?(dkl)
XSS is possible due to the unescaped target milestone, so we should fix it on all branches.
Target Milestone: Bugzilla 5.0 → Bugzilla 4.0
The XSS vulnerability was introduced by bug 251656 in Bugzilla 2.23.1.
Depends on: 251656
Version: 4.4.6 → 2.23.1
Comment on attachment 8521800 [details] [diff] [review] patch, v2 Review of attachment 8521800 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8521800 - Flags: review?(dkl) → review+
Also tested on 4.2, 4.4, and trunk with success.
Flags: approval?
Flags: approval5.0?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval4.0?
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 259615d..ca99361 master -> master To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git f43045d..33c16a8 5.0 -> 5.0 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git cbc11fd..83d0d0e 4.4 -> 4.4 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 04407b8..fa04883 4.2 -> 4.2 To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 17803aa..9f1c4fa 4.0 -> 4.0
Status: ASSIGNED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: