Bug 476678 - Rich clients unable to update bugs need security token included in bug xml

importxml.pl

@@ -470,6 +470,11 @@ sub process_bug {
    # append it to the log, which will go into the comments when we are done.
     foreach my $bugchild ( $bug->children() ) {
         Debug( "Parsing field: " . $bugchild->name, DEBUG_LEVEL );
+
+        # Skip the token if one is included. We don't want it included in
+        # the comments, and it is not used by the importer.
+        next if $bugchild->name eq 'token';
+
         if ( defined $all_fields{ $bugchild->name } ) {
             my @values = $bug->children_text($bugchild->name);
             if (scalar @values > 1) {

show_bug.cgi

@@ -117,7 +117,7 @@ $vars->{'bug_list'} = \@bug_list;
 # on the exclusion list. This is so you can say e.g. "Everything except 
 # attachments" without listing almost all the fields.
 my @fieldlist = (Bugzilla::Bug->fields, 'group', 'long_desc', 
-                 'attachment', 'attachmentdata');
+                 'attachment', 'attachmentdata', 'token');
 my %displayfields;
 
 if ($cgi->param("field")) {

template/en/default/bug/show.xml.tmpl

@@ -48,6 +48,11 @@
         [% END %]
       [% END %]
 
+      [%# This is here so automated clients can still use process_bug.cgi %]
+      [% IF displayfields.token && user.id %]
+          <token>[% issue_hash_token([bug.id, bug.delta_ts]) FILTER xml %]</token>
+      [% END %]
+
       [%# Now handle 'special' fields #%]
       [% IF displayfields.group %]
         [% FOREACH g = bug.groups %]