Token cancellation messages are overly terse and technical to be effective. From bug 23067 comment 98: >+Subject: [% tokentype %] token cancelled >+ >+A token was cancelled from [% remoteaddress %]. >+If you did not request this, it could be either an honest >+mistake or the result of a malicious hack attempt. This is both cryptic and scary; we shouldn't be talking about tokens, (I don't know if I requested a 'token cancellation' - I'm just trying to change my email address) and we shouldn't be talking about "malicious hack attempts" without qualifying it. e.g. "someone breaking into your Bugzilla account" is better.
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.18
while we're on that subject, someone on Bugscape just mailed me a token cancellation email.... Issue Date: 2003-02-10 21:39:00 Event Data: 10.169.25.69 Cancelled Because:You are using Bugzilla's cancel-token function incorrectly. You passed in the string 'user logged in'. The correct use is to pass in a tag, and define that tag in the file cancel-token.txt.tmpl. If you are a Bugzilla end-user seeing this message, please forward this email to <mailto:firstname.lastname@example.org>email@example.com. Looks like someone forgot to fix it to use the new tag-based translation system...
> Looks like someone forgot to fix it to use the new tag-based translation > system... Yep - they got all the ones in token.cgi but missed the one in CGI.pl. According to the log, burnus did this work - CCing him. Gerv
Created attachment 114543 [details] [diff] [review] Nicer message and add missing 'user_logged_in' This makes the token cancelled message more readable and addes the missing 'user_logged_in' to the tags.
Comment on attachment 114543 [details] [diff] [review] Nicer message and add missing 'user_logged_in' >Index: template/en/default/account/cancel-token.txt.tmpl >=================================================================== >-mistake or the result of a malicious hack attempt. >+mistake or someone breaking into your Bugzilla account. Surely "attempting to break"? >+[% BLOCK subject %] >+ [% IF tokentype == 'password' %] >+ Password change request cancelled >+ [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %] We tend to use OR in templates, for readability. The vague idea is that they should be modifiable by people who don't know a great deal about programming. Anyway, consistency is good. >+ >+ [% ELSIF cancelaction == 'user_logged_in' %] >+ The user has logged in. Surely "You have logged in"? Gerv
Created attachment 114581 [details] [diff] [review] v2 Nicer message and add missing 'user_logged_in' > Surely "attempting to break"? Changed it. > >+ [% ELSIF tokentype == 'emailnew' || tokentype == 'emailold' %] > We tend to use OR in templates, for readability. True, only 23 templates use || while 6 use OR ;-) > >+ The user has logged in. > Surely "You have logged in"? I changed this here and in the rest of the file, looks much better now :-)
Attachment #114543 - Attachment is obsolete: true
Comment on attachment 114581 [details] [diff] [review] v2 Nicer message and add missing 'user_logged_in' > True, only 23 templates use || while 6 use OR ;-) Grr. Obviously this was not as widely communicated as I had thought ;-) r=gerv. Gerv
Attachment #114581 - Flags: review?(gerv) → review+
-> patch author
Assignee: justdave → burnus
Checking in CGI.pl; /cvsroot/mozilla/webtools/bugzilla/CGI.pl,v <-- CGI.pl new revision: 1.200; previous revision: 1.199 done Checking in template/en/default/account/cancel-token.txt.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/account/cancel-token.txt.tmpl,v <-- cancel-token.txt.tmpl new revision: 1.3; previous revision: 1.2 done
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.