| [%# The contents of this file are subject to the Mozilla Public |
| # License Version 1.1 (the "License"); you may not use this file |
| # except in compliance with the License. You may obtain a copy of |
| # the License at http://www.mozilla.org/MPL/ |
| # |
| # Software distributed under the License is distributed on an "AS |
| # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or |
| # implied. See the License for the specific language governing |
| # rights and limitations under the License. |
| # |
| # The Original Code is the Bugzilla Bug Tracking System. |
| # |
| # The Initial Developer of the Original Code is Frédéric Buclin. |
| # |
| # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> |
| #%] |
| |
| [%# INTERFACE: |
| # abuser: identity of the user who created the (invalid?) token. |
| # token_action: the action the token was supposed to serve. |
| # expected_action: the action the user was going to do. |
| # script_name: the script generating this warning. |
| # alternate_script: the suggested script to redirect the user to |
| # if he declines submission. |
| #%] |
| |
| [% PROCESS "global/field-descs.none.tmpl" %] |
| |
| [% PROCESS global/header.html.tmpl title = "Suspicious Action" |
| style_urls = ['skins/standard/global.css'] %] |
| |
| [% IF abuser %] |
| <div class="throw_error"> |
| <p>When you view an administrative form in [% terms.Bugzilla %], a token string |
| is randomly generated and stored both in the database and in the form you loaded, |
| to make sure that the requested changes are being made as a result of submitting |
| a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now |
| is incorrect, meaning that it looks like you didn't come from the right page. |
| The following token has been used :</p> |
| |
| <table border="0" cellpadding="5" cellspacing="0"> |
| [% IF token_action != expected_action %] |
| <tr> |
| <th>Action stored:</th> |
| <td>[% token_action FILTER html %]</td> |
| </tr> |
| <tr> |
| <th> </th> |
| <td> |
| This action doesn't match the one expected ([% expected_action FILTER html %]). |
| </td> |
| </tr> |
| [% END %] |
| |
| [% IF abuser != user.identity %] |
| <tr> |
| <th>Generated by:</th> |
| <td>[% abuser FILTER html %]</td> |
| </tr> |
| <tr> |
| <th> </th> |
| <td> |
| This token has not been generated by you. It is possible that someone |
| tried to trick you! |
| </td> |
| </tr> |
| [% END %] |
| </table> |
| |
| <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p> |
| </div> |
| [% ELSE %] |
| <div class="throw_error"> |
| It looks like you didn't come from the right page (you have no valid token for |
| the <em>[% expected_action FILTER html %]</em> action while processing the |
| '[% script_name FILTER html%]' script). The reason could be one of:<br> |
| <ul> |
| <li>You clicked the "Back" button of your web browser after having successfully |
| submitted changes, which is generally not a good idea (but harmless).</li> |
| <li>You entered the URL in the address bar of your web browser directly, |
| which should be safe.</li> |
| <li>You clicked on a URL which redirected you here <b>without your consent</b>, |
| in which case this action is much more critical.</li> |
| </ul> |
| Are you sure you want to commit these changes anyway? This may result in |
| unexpected and undesired results. |
| </div> |
| |
| <form name="check" id="check" method="post" action="[% script_name FILTER html %]"> |
| [% PROCESS "global/hidden-fields.html.tmpl" |
| exclude="^(Bugzilla_login|Bugzilla_password)$" %] |
| <input type="submit" id="confirm" value="Confirm Changes"> |
| </form> |
| <p>Or throw away these changes and go back to <a href="[% alternate_script FILTER html %]"> |
| [%- alternate_script FILTER html %]</a>.</p> |
| [% END %] |
| |
| [% PROCESS global/footer.html.tmpl %] |