Bug 772953: Remove the token from buglist urls

r=dkl, a=LpSolit

Bug 772953: Remove the token from buglist urls
a3b0a94e · Byron Jones · ee28112b · a3b0a94e · a3b0a94e · a3b0a94e
Commit a3b0a94e authored Aug 28, 2012 by Byron Jones
5 changed files
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -171,6 +171,11 @@ sub clean_search_url {
    # Delete leftovers from the login form
    $self->delete('Bugzilla_remember', 'GoAheadAndLogIn');
+    # Delete the token if we're not updating the defaults
+    unless (defined $self->param('remtype') && $self->param('remtype') eq 'asdefault') {
+        $self->delete("token");
+    }
    foreach my $num (1,2,3) {
        # If there's no value in the email field, delete the related fields.
        if (!$self->param("email$num")) {

--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1035,7 +1035,8 @@ else {
 # Set 'urlquerypart' once the buglist ID is known.
 $vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
-                                                      'query_based_on');
+                                                      'query_based_on',
+                                                      'token');
 if ($format->{'extension'} eq "csv") {
    # We set CSV files to be downloaded, as they are designed for importing

--- a/js/custom-search.js
+++ b/js/custom-search.js
@@ -134,7 +134,15 @@ function fix_query_string(form_member) {
        return;
    var form = YAHOO.util.Dom.getAncestorByTagName(form_member, 'form');
+    // Disable the token field so setForm doesn't include it
+    var reenable_token = false;
+    if (form['token'] && !form['token'].disabled) {
+      form['token'].disabled = true;
+      reenable_token = true;
+    }
    var query = YAHOO.util.Connect.setForm(form);
+    if (reenable_token)
+      form['token'].disabled = false;
    window.History.replaceState(null, document.title, '?' + query);
 }

--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -38,6 +38,9 @@
        &list_id=[% cgi.param('list_id') FILTER uri %]
      [%~ END %]
    [% END %]
+  [% ELSIF cgi.param('token') != '' %]
+    [% new_url = 'buglist.cgi?'
+                 _ cgi.canonicalise_query('token', 'cmdtype', 'remtype') %]
  [% END %]
  if (history && history.replaceState) {

--- a/template/en/default/search/search-advanced.html.tmpl
+++ b/template/en/default/search/search-advanced.html.tmpl
@@ -15,10 +15,19 @@
 [% USE Bugzilla %]
 [% cgi = Bugzilla.cgi %]
+[% javascript = BLOCK %]
+function remove_token() {
+  if (queryform.token) {
+    var asDefault = document.getElementById('remasdefault');
+    queryform.token.disabled = !asDefault.checked;
+  }
+}
+[% END %]
 [% PROCESS global/header.html.tmpl
  title = "Search for $terms.bugs"
  yui = [ 'autocomplete', 'calendar' ]
+  javascript = javascript
  javascript_urls = [ "js/util.js", "js/TUI.js", "js/field.js"]
  style_urls = [ "skins/standard/search_form.css" ]
  doc_section = "query.html"
@@ -30,7 +39,8 @@
 <p id="search_help">Hover your mouse over each field label to get help for that field.</p>
-<form method="post" action="buglist.cgi" name="queryform" id="queryform">
+<form method="post" action="buglist.cgi" name="queryform" id="queryform"
+      onsubmit="remove_token()">
 [% PROCESS search/form.html.tmpl %]