Closed
Bug 117060
Opened 23 years ago
Closed 23 years ago
Templatise user_prefs.cgi
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: gerv, Assigned: gerv)
References
Details
Attachments
(1 file, 6 obsolete files)
43.82 KB,
patch
|
myk
:
review+
justdave
:
review+
|
Details | Diff | Splinter Review |
So it was raining on Boxing Day... Gerv
Assignee | ||
Comment 1•23 years ago
|
||
User facing -> 2.16 blocker. Gerv
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.16
Assignee | ||
Comment 2•23 years ago
|
||
Using the Bugzilla-as-backup principle, here's the first cut. It works, apart from the fact that the Accounts tab has some problems writing to the DB, and I can't see why. Gerv
Assignee | ||
Comment 3•23 years ago
|
||
This one's the real deal. Note the experimental "Interface" comments for the templates - comments welcome. Gerv
Assignee | ||
Updated•23 years ago
|
Attachment #62832 -
Attachment is obsolete: true
Comment 4•23 years ago
|
||
Comment on attachment 63023 [details] [diff] [review] Patch v.2 Looks great. Everything worked as expected. r=dkl
Attachment #63023 -
Flags: review+
Comment 5•23 years ago
|
||
No need to attach a new patch, and I haven't done a full review, but I was wondering if the DoFoo would be better named LoadFoo (to match with SaveFoo) or at GetFoo, maybe even {Load_or_Get}Foo{Vars_or_Data_or_Prefs_or_Options} and SaveFoo{Vars_or_Data_or_Prefs_or_Options}. If I understand it correctly, the DoFoo routines store their results in the global $vars variable, whereas the SaveFoo routines get their input from the $::FORM variable. Maybe the comment could be extended to make this explicit? What I've seen from the code looks good to me. I like the INTERFACE comments.
Assignee | ||
Comment 6•23 years ago
|
||
afranke: any chance of a full review? I think the function names are fine for now - it's pretty obvious what's going on. Gerv
Comment 7•23 years ago
|
||
No, sorry, I don't have enough time for a full review (it would cost me at least half a day to do that carefully). But I have installed it on our production install, and tested it there. It seems to work fine, and I'm keeping the patch. Thus t=afranke, if that helps. :-) Unfortunately, there is no "tested" attachment status flag yet. May I suggest to introduce this, and make the checkin precondition "either two reviews, or one review and one test" or something like this?
Comment 8•23 years ago
|
||
Comment on attachment 63023 [details] [diff] [review] Patch v.2 >Index: template/default/prefs/account.tmpl >=================================================================== >RCS file: template/default/prefs/account.tmpl >diff -N template/default/prefs/account.tmpl >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ template/default/prefs/account.tmpl 29 Dec 2001 17:52:18 -0000 >+ <td> >+ <input type=hidden name="Bugzilla_login" value="[% login %]" /> It has occured to me that very little of our code copes with " as part of the name. Sigh. Not sure if this matters here, but we may want to consider it. >+ <input type=password name="old_password" /> >+ </td> >Index: userprefs.cgi >=================================================================== >RCS file: /cvsroot/mozilla/webtools/bugzilla/userprefs.cgi,v >retrieving revision 1.24 >diff -u -r1.24 userprefs.cgi >--- userprefs.cgi 8 Nov 2001 00:54:15 -0000 1.24 >+++ userprefs.cgi 29 Dec 2001 17:52:22 -0000 >+use Template; use vars qw ($template $vars); and then use the global one instead > > > sub SaveAccount { If the password has changed, this now needs to call InvalidateLogins(). > } > This is a partial review, because the patch doesn't apply. A glance through the diff didn't show anything else, though.
Attachment #63023 -
Flags: review-
Assignee | ||
Comment 9•23 years ago
|
||
> It has occured to me that very little of our code copes with " as part of the > name. Sigh. It shouldn't have to. Sanity checking should make sure that login names never contain ". We use FILTER html for fields where this isn't the case. > If the password has changed, this now needs to call InvalidateLogins(). Er... it does. New, unrotted patch attached. Gerv
Attachment #63023 -
Attachment is obsolete: true
Comment 10•23 years ago
|
||
Comment on attachment 69127 [details] [diff] [review] Patch v.3 >Index: template/default/prefs/account.tmpl >+ # >+ # Contributor(s): Gervase Markham <gerv@gerv.net> >+ #%] [...] >+[%# INTERFACE: >+ realname: string. The user's real name, if any. >+ login: string. The user's Bugzilla login email address. >+ %] You could use the same commenting style here for consistency (e.g. # before each comment line). This is a great idea. >+ <input type=hidden name="Bugzilla_login" value="[% login %]" /> >+ <input type=password name="old_password" /> >+ <input type=password name="new_password1" /> >+ <input type=password name="new_password2" /> Please quote all attribute values (e.g. type="password") >+<table> >+ [% IF Param('supportwatchers') %] >+ <tr> >+ <td colspan="4"> >+ <hr> This should be <hr /> for consistency with the rest of the patch. I'm okay with changing the table HTML here. There are a lot of other little nits I'd make on the HTML itself, but it's out of scope and the layout will change after UI review, I hope. >+ [% ELSE %] >+ <tr> >+ <td colspan="4"> >+ <br> <br/> (perhaps do a `pmg \<br\>` :-) >+ [% FOREACH bit_description = has_bits %] >+ <li>[% bit_description %]</li> >+ [% END %] Do we need a FILTER html here? >+ [% FOREACH bit_description = set_bits %] >+ <li>[% bit_description %]</li> >+ [% END %] Same? Hmmm, since these have been added through the interface, I guess we could assume they were sanitized. In user_prefs.cgi: > - for (my $c=0 ; $c<$::FORM{'numqueries'} ; $c++) { > + for (my $c = 0; $c < $::FORM{'numqueries'}; $c++) { I think the style is "my $c=0", actually. +# No SavePermissions() because this panel has no changeable fields. >+ /^permissions$/ && do { >+ SavePermissions() if $::FORM{'dosave'}; This shouldn't call SavePermissions ever, so you should remove it. The function isn't even defined. (You could add a stub function, alternately) That's all. I've read through fairly carefully, so those nits being fixed, r=kiko. You can attach the fixed patch and mark my review.
Attachment #69127 -
Flags: review-
Updated•23 years ago
|
Assignee | ||
Comment 11•23 years ago
|
||
> (perhaps do a `pmg \<br\>` :-) Good plan :-) > Do we need a FILTER html? No - the admin might want to use HTML to describe their groups. All nits fixed; new patch attached. Gerv
Attachment #69127 -
Attachment is obsolete: true
Assignee | ||
Comment 12•23 years ago
|
||
Comment on attachment 70404 [details] [diff] [review] Patch v.4 Has r=kiko. Gerv
Attachment #70404 -
Flags: review+
Updated•23 years ago
|
Attachment #70404 -
Flags: review+ → review-
Comment 13•23 years ago
|
||
Comment on attachment 70404 [details] [diff] [review] Patch v.4 I don't have any saved queries, and so line 241 gives me a perl warning: for (my $c = 0; $c < $::FORM{'numqueries'}; $c++) { You either need to set numqueries in the template even if queries.size==0, or add an if here. The first option is probably cleaner You also changed the name of the old password field, but that will regress bug 45918. If the fields are specially named, then the login code will deal with it.
Assignee | ||
Comment 14•23 years ago
|
||
Comments addressed. Is that r=bbaetz? ;-) Gerv
Attachment #70404 -
Attachment is obsolete: true
Comment 15•23 years ago
|
||
Comment on attachment 71174 [details] [diff] [review] Patch v.5 Interdiff is doing strange things. Anyway, if you're sure that color=lightblue (for the tab background) works in ie, r=bbaetz
Attachment #71174 -
Flags: review+
Comment 16•23 years ago
|
||
Comment on attachment 71174 [details] [diff] [review] Patch v.5 Tried it in I.E., verified lightblue works. Gerv states in bug 23067 comment 89 that the restriction of having to enter a new password in order to change your name or email address is being removed by this patch, but that is not the case. If I try to change my real name it informs me that I must enter a new password. Otherwise, this looks sweet, and the other three panels work as expected. r=justdave if you can fix it so the new password is only required if you don't change anything else on the panel. Bonus points if you can implement something like http://www.justdave.net/maildemo.html for the mail preferences tab.
Attachment #71174 -
Flags: review-
Comment 17•23 years ago
|
||
Comment on attachment 71174 [details] [diff] [review] Patch v.5 ya know what, that's the same as the existing behavior. Whether you claimed you were fixing it or not, let's leave it for the purpose of this patch. We can file new bugs for that, or fix it in bug 23067 or something. Rest of this works, and duplicates the current behavior, so check it in. :-)
Attachment #71174 -
Flags: review- → review+
Comment 18•23 years ago
|
||
Comment on attachment 71174 [details] [diff] [review] Patch v.5 OK, so I'm reversing my decision again, but on less serious grounds this time... The template moves the Real Name field from the bottom to the top. This seems pretty innocuous, but Mozilla now sees a "Name:" field followed by a "password:" field, and offers to remember your password. Which would be a Bad Thing on this page. Move the Real Name field back to the bottom so Mozilla's password manager doesn't kick in and this is r= justdave.
Attachment #71174 -
Flags: review+ → review-
Assignee | ||
Comment 19•23 years ago
|
||
Try this on for size. I fixed the email layout :-) Gerv
Attachment #71174 -
Attachment is obsolete: true
Comment 20•23 years ago
|
||
Comment on attachment 71284 [details] [diff] [review] Patch v.6 >Index: template/default/prefs/account.tmpl >+ <input type="hidden" name="Bugzilla_login" value="[% login %]" /> Quotation marks can appear in email addresses according to RFC 822, and Bugzilla allows such email addresses by default and could be configured to accept them even if they weren't accepted by default (via the emailregexp parameter), so "login" needs to be HTML filtered. >Index: template/default/prefs/email.tmpl >Index: template/default/prefs/footer.tmpl >Index: template/default/prefs/permissions.tmpl >Index: template/default/prefs/userprefs.tmpl >+ [% filename = BLOCK %]prefs/[% current_tab.name %].tmpl[% END %] >+ [% INCLUDE $filename %] Nit: [% INCLUDE "prefs/${current_tab.name}.tmpl" %] >Index: userprefs.cgi >-# Shut up misguided -w warnings about "used only once". "use vars" just >+# Shut up misguided -w warnings about "used only once". "use vars" just Nit: two spaces simulates correct inter-sentence spacing in a fixed font display system like the ones that tend to be used in code editors. >+ (my $flagstring) = FetchSQLData(); Nit: my ($flagstring) >+ my %role; >+ $vars->{$1} = \%role; Nit: $vars->{$1} = {}; When I go to the "Page Footer" tab and turn off the My Bugs query and my other query, I get the following error: --- Attempted to send tainted string 'UPDATE namedqueries SET linkinfooter = 0 WHERE userid = 27300 AND name = 'blah'' to the database at globals.pl line 220. --- Other than that it looks good.
Attachment #71284 -
Flags: review-
Assignee | ||
Comment 21•23 years ago
|
||
All comments addressed apart from double-spacing periods. I believe in single-spacing, as I think it looks nicer. Ready for re-review. Gerv
Attachment #71284 -
Attachment is obsolete: true
Comment 22•23 years ago
|
||
Comment on attachment 71633 [details] [diff] [review] Patch v.7 Looks good, works. r=myk Note that putting the real name field below the password field does not necessarily prevent Mozilla from asking to save the information (try entering just your old password and your real name), but Mozilla appears to behave when filling in all the fields as is currently necessary. We should move the real name field up to the top and obscure the field names to suppress Mozilla sillyness, but that can wait for a future bug.
Attachment #71633 -
Flags: review+
Assignee | ||
Comment 23•23 years ago
|
||
Dave, bbaetz - can one of you rubber-stamp patch v.7? :-) Gerv
Comment 24•23 years ago
|
||
Comment on attachment 71633 [details] [diff] [review] Patch v.7 r= justdave
Attachment #71633 -
Flags: review+
Comment 25•23 years ago
|
||
bug 128158 has been filed to deal with the password manager issue.
Assignee | ||
Comment 26•23 years ago
|
||
Fixed. Thanks, everyone :-) Only 10 left... Gerv
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 27•23 years ago
|
||
Who here ran their test suite, hmm? - [% INCLUDE "prefs/${current_tab.name}.tmpl" %] + [% INCLUDE "prefs/${current_tab.name}.tmpl" IF current_tab.name.defined %] Checking in template/default/prefs/userprefs.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/default/prefs/userprefs.tmpl,v <-- userprefs.tmpl new revision: 1.2; previous revision: 1.1 done
Assignee | ||
Comment 28•23 years ago
|
||
Not me. <sigh>. I really need to include that in my auto-checkin script for Bugzilla, obviously... Gerv
Comment 29•22 years ago
|
||
Found a problem with the latest version of userprefs.cgi that I may just be crazy but wanted to run it by you anyway. Seems that the ExcludeSelf settings are not getting save properly on my mozilla tip installation. Looks like the following lines are responsible # Determine the value of the "excludeself" global email preference. # Note that the value of "excludeself" is assumed to be off if the # preference does not exist in the user's list, unlike other # preferences whose value is assumed to be on if they do not exist. if (exists($emailflags{'excludeself'}) && $emailflags{'excludeself'} eq 'on') { $vars->{'excludeself'} = 1; } else { $vars->{'excludeself'} = 0; } Should be (at least makes it work for me) if (exists($emailflags{'ExcludeSelf'}) && $emailflags{'ExcludeSelf'} eq 'on') Does anyone else see this or am I out of date?
Assignee | ||
Comment 30•22 years ago
|
||
There's definitely a problem here. Please file a new bug and either attach your patch or assign it to me :-) Gerv
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•