Implement the ability to restrict requests to a time range in "My Requests"

NEW
Unassigned

Status

()

Bugzilla
Attachments & Requests
--
enhancement
6 years ago
4 years ago

People

(Reporter: Frédéric Buclin, Unassigned)

Tracking

Details

Attachments

(1 attachment, 1 obsolete attachment)

4.12 KB, patch
timello
: review-
Frédéric Buclin
: review-
Details | Diff | Splinter Review
(Reporter)

Description

6 years ago
The "My Requests" page has some hidden features, such as getting flags with "+" and "-" as status, which can make the list quite large. It would be useful to be able to restrict these flags to some date range.

Comment 1

6 years ago
(In reply to Frédéric Buclin from comment #0)
> The "My Requests" page has some hidden features, such as getting flags with
> "+" and "-" as status, which can make the list quite large.

Red Hat Bugzilla has added this feature.

Comment 2

6 years ago
Created attachment 698423 [details] [diff] [review]
patch v1
Attachment #698423 - Flags: review?(LpSolit)

Updated

6 years ago
Assignee: attach-and-request → koosha.khajeh
Status: NEW → ASSIGNED

Comment 3

6 years ago
Created attachment 700029 [details] [diff] [review]
patch v1

Captured a minor defect.
Attachment #698423 - Attachment is obsolete: true
Attachment #698423 - Flags: review?(LpSolit)
Attachment #700029 - Flags: review?(LpSolit)
(Reporter)

Updated

6 years ago
Target Milestone: --- → Bugzilla 5.0
Comment on attachment 700029 [details] [diff] [review]
patch v1

The patch does not pass in the t/008filter.t test:

Failed test '(en/default) template/en/default/request/queue.html.tmpl has unfiltered directives
Attachment #700029 - Flags: review?(LpSolit) → review-
(Reporter)

Comment 5

5 years ago
Comment on attachment 700029 [details] [diff] [review]
patch v1

>=== modified file 'template/en/default/request/queue.html.tmpl'

>+               [% 'value="' _ cgi.param('date_from') _ '"' IF cgi.param('date_from')%]>

Do not call CGI params from templates. Let the CGI script pass them to the templates for you. As timello said, fields must be filtered, else you can do XSS very easily.


>+               value="[% cgi.param('date_to') || 'Now' %]">

Same here.


Also, do not put the new fields on the same rows as the existing fields. This makes the page too wide.
Attachment #700029 - Flags: review-

Comment 6

5 years ago
Is the rest of the code OK?

Updated

5 years ago
Assignee: koosha.khajeh → attach-and-request
Status: ASSIGNED → NEW

Updated

4 years ago
Target Milestone: Bugzilla 5.0 → ---
You need to log in before you can comment on or make changes to this bug.