diff options
Diffstat (limited to 'template/en/default/admin/confirm-action.html.tmpl')
| -rw-r--r-- | template/en/default/admin/confirm-action.html.tmpl | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl new file mode 100644 index 000000000..6e8caa6ac --- /dev/null +++ b/template/en/default/admin/confirm-action.html.tmpl @@ -0,0 +1,97 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Frédéric Buclin. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # abuser: identity of the user who created the (invalid?) token. + # token_action: the action the token was supposed to serve. + # expected_action: the action the user was going to do. + # script_name: the script generating this warning. + #%] + +[% PROCESS "global/field-descs.none.tmpl" %] + +[% PROCESS global/header.html.tmpl title = "Suspicious Action" + style_urls = ['skins/standard/global.css'] %] + +[% IF abuser %] + <div class="throw_error"> + <p>When you view an administrative form in [% terms.Bugzilla %], a token string + is randomly generated and stored both in the database and in the form you loaded, + to make sure that the requested changes are being made as a result of submitting + a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now + is incorrect, meaning that it looks like you didn't come from the right page. + The following token has been used :</p> + + <table border="0" cellpadding="5" cellspacing="0"> + [% IF token_action != expected_action %] + <tr> + <th>Action stored:</th> + <td>[% token_action FILTER html %]</td> + </tr> + <tr> + <th> </th> + <td> + This action doesn't match the one expected ([% expected_action FILTER html %]). + </td> + </tr> + [% END %] + + [% IF abuser != user.identity %] + <tr> + <th>Generated by:</th> + <td>[% abuser FILTER html %]</td> + </tr> + <tr> + <th> </th> + <td> + This token has not been generated by you. It is possible that someone + tried to trick you! + </td> + </tr> + [% END %] + </table> + + <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p> + </div> +[% ELSE %] + <div class="throw_error"> + It looks like you didn't come from the right page (you have no valid token for + the <em>[% expected_action FILTER html %]</em> action while processing the + '[% script_name FILTER html%]' script). The reason could be one of:<br> + <ul> + <li>You clicked the "Back" button of your web browser after having successfully + submitted changes, which is generally not a good idea (but harmless).</li> + <li>You entered the URL in the address bar of your web browser directly, + which should be safe.</li> + <li>You clicked on a URL which redirected you here <b>without your consent</b>, + in which case this action is much more critical.</li> + </ul> + Are you sure you want to commit these changes anyway? This may result in + unexpected and undesired results. + </div> + + <form name="check" id="check" method="post" action="[% script_name FILTER html %]"> + [% PROCESS "global/hidden-fields.html.tmpl" + exclude="^(Bugzilla_login|Bugzilla_password)$" %] + <input type="submit" id="confirm" value="Confirm Changes"> + </form> + <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]"> + [%- script_name FILTER html %]</a>.</p> +[% END %] + +[% PROCESS global/footer.html.tmpl %] |