Code review comment for lp:~wallyworld/launchpad/delete-bugtask-ui-878909

Revision history for this message
Ian Booth (wallyworld) wrote :

On 26/10/11 08:36, William Grant wrote:
> 37 + @property
> 38 + def confirmation_message(self):
> 39 + return ('<p>You are about to mark bug %s<br>'
> 40 + 'as no longer affecting %s.</p>'
> 41 + '<p>This operation will be permanent and cannot be '
> 42 + 'undone.</p>'
> 43 + % (self.context.bug.title,
> 44 + self.context.target.bugtargetdisplayname))
>
> As Curtis says, this is a security hole. Why is this not done in the template? Also, the operation is not permanent -- it can be undone, by readding the task.

I'm fixing the hole.
The message is worded as per the bug report. I think the indent is that
in general, deletion is a serious decision and the user must be sure.

« Back to merge proposal