aboutsummaryrefslogtreecommitdiffstats
path: root/template/en/default/admin/confirm-action.html.tmpl
blob: 6e8caa6acafeafc188db364f59e5d517ac7309ff (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
[%# 1.0@bugzilla.org %]
[%# The contents of this file are subject to the Mozilla Public
  # License Version 1.1 (the "License"); you may not use this file
  # except in compliance with the License. You may obtain a copy of
  # the License at http://www.mozilla.org/MPL/
  #
  # Software distributed under the License is distributed on an "AS
  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
  # implied. See the License for the specific language governing
  # rights and limitations under the License.
  #
  # The Original Code is the Bugzilla Bug Tracking System.
  #
  # The Initial Developer of the Original Code is Frédéric Buclin.
  #
  # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
  #%]

[%# INTERFACE:
  # abuser: identity of the user who created the (invalid?) token.
  # token_action: the action the token was supposed to serve.
  # expected_action: the action the user was going to do.
  # script_name: the script generating this warning.
  #%]

[% PROCESS "global/field-descs.none.tmpl" %]

[% PROCESS global/header.html.tmpl title = "Suspicious Action"
                                   style_urls = ['skins/standard/global.css'] %]

[% IF abuser %]
  <div class="throw_error">
    <p>When you view an administrative form in [% terms.Bugzilla %], a token string
    is randomly generated and stored both in the database and in the form you loaded,
    to make sure that the requested changes are being made as a result of submitting
    a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
    is incorrect, meaning that it looks like you didn't come from the right page.
    The following token has been used :</p>

    <table border="0" cellpadding="5" cellspacing="0">
      [% IF token_action != expected_action %]
        <tr>
          <th>Action&nbsp;stored:</th>
          <td>[% token_action FILTER html %]</td>
        </tr>
        <tr>
          <th>&nbsp;</th>
          <td>
            This action doesn't match the one expected ([% expected_action FILTER html %]).
          </td>
        </tr>
      [% END %]

      [% IF abuser != user.identity %]
        <tr>
          <th>Generated&nbsp;by:</th>
          <td>[% abuser FILTER html %]</td>
        </tr>
        <tr>
          <th>&nbsp;</th>
          <td>
            This token has not been generated by you. It is possible that someone
            tried to trick you!
          </td>
        </tr>
      [% END %]
    </table>

    <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
  </div>
[% ELSE %]
  <div class="throw_error">
    It looks like you didn't come from the right page (you have no valid token for
    the <em>[% expected_action FILTER html %]</em> action while processing the
    '[% script_name FILTER html%]' script). The reason could be one of:<br>
    <ul>
      <li>You clicked the "Back" button of your web browser after having successfully
      submitted changes, which is generally not a good idea (but harmless).</li>
      <li>You entered the URL in the address bar of your web browser directly,
      which should be safe.</li>
      <li>You clicked on a URL which redirected you here <b>without your consent</b>,
      in which case this action is much more critical.</li>
    </ul>
    Are you sure you want to commit these changes anyway? This may result in
    unexpected and undesired results.
  </div>

  <form name="check" id="check" method="post" action="[% script_name FILTER html %]">
    [% PROCESS "global/hidden-fields.html.tmpl"
               exclude="^(Bugzilla_login|Bugzilla_password)$" %]
    <input type="submit" id="confirm" value="Confirm Changes">
  </form>
  <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]">
    [%- script_name FILTER html %]</a>.</p>
[% END %]

[% PROCESS global/footer.html.tmpl %]