Closed Bug 214457 Opened 21 years ago Closed 20 years ago

Updated user page is useless

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
2.17.1
Platform:
x86
BeOS
Type:
task
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: timeless, Assigned: timeless)

References

Details

Attachments

(1 file, 1 obsolete file)

edit user again, delete user, indicate what was edited. don't double quote headers
4.10 KB, patch
justdave
: review+
Details | Diff | Splinter Review 
User-Agent: Mozilla/3.0 (BeOS R4.5;US) Opera 3.60  [en]

Steps:
Revoke privs from someone
Quit (Opera3)
Run Opera3
click 'users' near 'Edit' in the bugzilla footer
Get:
Bugzilla Version 2.17.1
Updated user
 
Dropped user from group editbugs
Dropped user from group canconfirm
Back to the index, Add a new user or edit more users.

Problems:
1. No information about what user i edited
2. For some reason Opera keeps giving me this page instead of the edit users page. which means i can't edit the user
3. I can't quickly from this page edit the user i just edited. (i'd like to restore his privs)
4. I can't easily search for another user (because of 2 and this interface)

    
  

        Attachment #131110 -
        Flags: review?(justdave)

    
    

    
  
Comment on attachment 131110 [details] [diff] [review]
edit user again, delete user, indicate what was edited

>-    PutHeader("Delete user");
>+    PutHeader("Delete user " . html_quote($user));

Doesn't this cause the <title> to be doubly html quoted? i.e. once here, and
then again in the global template?

When I did the patch for bug#206037, I found that I had to change the global
header template a bit, to correctly filter stuff coming from PutHeader(). The
patch for bug#206037 also contains much of the fix for this bug.

>     print "</FORM>";
>+    if ($candelete) {
>+        print "<FORM METHOD=POST ACTION=editusers.cgi>\n";
>+        print "<INPUT TYPE=SUBMIT VALUE=\"Delete User\">\n";
>+        print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"del\">\n";
>+        print "<INPUT TYPE=HIDDEN NAME=\"user\" VALUE=\"$user\">\n";
>+        print "</FORM>";
>+    }

Should the user be value_quoted()?

    
    

    
  
the delete user code was copied from elsewhere. i could change both if asked.
Assignee: justdave → timeless

    
    

    
  
Comment on attachment 131110 [details] [diff] [review]
edit user again, delete user, indicate what was edited

I agree with Gavin's review comments.  PutHeader gets quoted, so you don't have
to quote stuff going into it.  And yes, the failure to quote $user in that one
value is covered on a another bug, so we can skip that for now (you're just
moving existing code).

        Attachment #131110 -
        Flags: review?(justdave) → review-

    
  

        Attachment #143472 -
        Flags: review?(justdave)

        Attachment #143472 -
        Flags: review?(justdave) → review+
Flags: approval+

    
    

    
  
mozilla/webtools/bugzilla/editusers.cgi 	1.49
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 2.18

    
  
Blocks: 240439
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: