diff options
| author | bugreport%peshkin.net <> | 2002-08-27 07:24:58 +0200 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2002-08-27 07:24:58 +0200 |
| commit | bb13cb5428c530a888f1081aaa5ab1810fc70a99 (patch) | |
| tree | 6925f27e6c45f7d8252aafc30c910e28afcb43fc | |
| parent | 64a4f61fff093c1b597218f8a058ff21b6818221 (diff) | |
| download | bugzilla-bb13cb5428c530a888f1081aaa5ab1810fc70a99.tar.gz bugzilla-bb13cb5428c530a888f1081aaa5ab1810fc70a99.tar.xz | |
Bug 164623 - xml.cgi - attachments is broken and insiders not enforced
2xr=bbaetz
| -rwxr-xr-x | Bug.pm | 113 | ||||
| -rwxr-xr-x | Bugzilla/Bug.pm | 113 |
2 files changed, 118 insertions, 108 deletions
@@ -187,40 +187,39 @@ sub initBug { } } - &::SendSQL("select attach_id, creation_ts, description - from attachments - where bug_id = $bug_id"); - my @attachments; - while (&::MoreSQLData()) { - my ($attachid, $date, $desc) = (&::FetchSQLData()); - if ($date =~ /^(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/) { - $date = "$3/$4/$2 $5:$6"; - my %attach; - $attach{'attachid'} = $attachid; - $attach{'date'} = $date; - $attach{'desc'} = $desc; - push @attachments, \%attach; + &::SendSQL("select attach_id, creation_ts, isprivate, description + from attachments + where bug_id = $bug_id"); + my @attachments; + while (&::MoreSQLData()) { + my ($attachid, $date, $isprivate, $desc) = (&::FetchSQLData()); + my %attach; + $attach{'attachid'} = $attachid; + $attach{'isprivate'} = $isprivate; + $attach{'date'} = $date; + $attach{'desc'} = $desc; + push @attachments, \%attach; + } + if (@attachments) { + $self->{'attachments'} = \@attachments; } - } - if (@attachments) { - $self->{'attachments'} = \@attachments; - } - &::SendSQL("select bug_id, who, bug_when, thetext + &::SendSQL("select bug_id, who, bug_when, isprivate, thetext from longdescs where bug_id = $bug_id"); - my @longdescs; - while (&::MoreSQLData()) { - my ($bug_id, $who, $bug_when, $thetext) = (&::FetchSQLData()); - my %longdesc; - $longdesc{'who'} = $who; - $longdesc{'bug_when'} = $bug_when; - $longdesc{'thetext'} = $thetext; - push @longdescs, \%longdesc; - } - if (@longdescs) { - $self->{'longdescs'} = \@longdescs; - } + my @longdescs; + while (&::MoreSQLData()) { + my ($bug_id, $who, $bug_when, $isprivate, $thetext) = (&::FetchSQLData()); + my %longdesc; + $longdesc{'who'} = $who; + $longdesc{'bug_when'} = $bug_when; + $longdesc{'isprivate'} = $isprivate; + $longdesc{'thetext'} = $thetext; + push @longdescs, \%longdesc; + } + if (@longdescs) { + $self->{'longdescs'} = \@longdescs; + } my @depends = EmitDependList("blocked", "dependson", $bug_id); if (@depends) { @@ -271,34 +270,40 @@ sub emitXML { } } - if (defined $self->{'longdescs'}) { - for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { - $xml .= " <long_desc>\n"; - $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) - . "</who>\n"; - $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} - . "</bug_when>\n"; - $xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) - . "</thetext>\n"; - $xml .= " </long_desc>\n"; + if (defined $self->{'longdescs'}) { + for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { + next if ($self->{'longdescs'}[$i]->{'isprivate'} + && &::Param("insidergroup") + && !&::UserInGroup(&::Param("insidergroup"))); + $xml .= " <long_desc>\n"; + $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) + . "</who>\n"; + $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} + . "</bug_when>\n"; + $xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) + . "</thetext>\n"; + $xml .= " </long_desc>\n"; + } } - } - if (defined $self->{'attachments'}) { - for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { - $xml .= " <attachment>\n"; - $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} - . "</attachid>\n"; - $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; - $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; - # $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; - # $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; - $xml .= " </attachment>\n"; + if (defined $self->{'attachments'}) { + for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { + next if ($self->{'attachments'}[$i]->{'isprivate'} + && &::Param("insidergroup") + && !&::UserInGroup(&::Param("insidergroup"))); + $xml .= " <attachment>\n"; + $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} + . "</attachid>\n"; + $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; + $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; + # $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; + # $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; + $xml .= " </attachment>\n"; + } } - } - $xml .= "</bug>\n"; - return $xml; + $xml .= "</bug>\n"; + return $xml; } sub EmitDependList { diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 7857cb924..752cbfd2a 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -187,40 +187,39 @@ sub initBug { } } - &::SendSQL("select attach_id, creation_ts, description - from attachments - where bug_id = $bug_id"); - my @attachments; - while (&::MoreSQLData()) { - my ($attachid, $date, $desc) = (&::FetchSQLData()); - if ($date =~ /^(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/) { - $date = "$3/$4/$2 $5:$6"; - my %attach; - $attach{'attachid'} = $attachid; - $attach{'date'} = $date; - $attach{'desc'} = $desc; - push @attachments, \%attach; + &::SendSQL("select attach_id, creation_ts, isprivate, description + from attachments + where bug_id = $bug_id"); + my @attachments; + while (&::MoreSQLData()) { + my ($attachid, $date, $isprivate, $desc) = (&::FetchSQLData()); + my %attach; + $attach{'attachid'} = $attachid; + $attach{'isprivate'} = $isprivate; + $attach{'date'} = $date; + $attach{'desc'} = $desc; + push @attachments, \%attach; + } + if (@attachments) { + $self->{'attachments'} = \@attachments; } - } - if (@attachments) { - $self->{'attachments'} = \@attachments; - } - &::SendSQL("select bug_id, who, bug_when, thetext + &::SendSQL("select bug_id, who, bug_when, isprivate, thetext from longdescs where bug_id = $bug_id"); - my @longdescs; - while (&::MoreSQLData()) { - my ($bug_id, $who, $bug_when, $thetext) = (&::FetchSQLData()); - my %longdesc; - $longdesc{'who'} = $who; - $longdesc{'bug_when'} = $bug_when; - $longdesc{'thetext'} = $thetext; - push @longdescs, \%longdesc; - } - if (@longdescs) { - $self->{'longdescs'} = \@longdescs; - } + my @longdescs; + while (&::MoreSQLData()) { + my ($bug_id, $who, $bug_when, $isprivate, $thetext) = (&::FetchSQLData()); + my %longdesc; + $longdesc{'who'} = $who; + $longdesc{'bug_when'} = $bug_when; + $longdesc{'isprivate'} = $isprivate; + $longdesc{'thetext'} = $thetext; + push @longdescs, \%longdesc; + } + if (@longdescs) { + $self->{'longdescs'} = \@longdescs; + } my @depends = EmitDependList("blocked", "dependson", $bug_id); if (@depends) { @@ -271,34 +270,40 @@ sub emitXML { } } - if (defined $self->{'longdescs'}) { - for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { - $xml .= " <long_desc>\n"; - $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) - . "</who>\n"; - $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} - . "</bug_when>\n"; - $xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) - . "</thetext>\n"; - $xml .= " </long_desc>\n"; + if (defined $self->{'longdescs'}) { + for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { + next if ($self->{'longdescs'}[$i]->{'isprivate'} + && &::Param("insidergroup") + && !&::UserInGroup(&::Param("insidergroup"))); + $xml .= " <long_desc>\n"; + $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) + . "</who>\n"; + $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} + . "</bug_when>\n"; + $xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) + . "</thetext>\n"; + $xml .= " </long_desc>\n"; + } } - } - if (defined $self->{'attachments'}) { - for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { - $xml .= " <attachment>\n"; - $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} - . "</attachid>\n"; - $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; - $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; - # $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; - # $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; - $xml .= " </attachment>\n"; + if (defined $self->{'attachments'}) { + for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { + next if ($self->{'attachments'}[$i]->{'isprivate'} + && &::Param("insidergroup") + && !&::UserInGroup(&::Param("insidergroup"))); + $xml .= " <attachment>\n"; + $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} + . "</attachid>\n"; + $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; + $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; + # $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; + # $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; + $xml .= " </attachment>\n"; + } } - } - $xml .= "</bug>\n"; - return $xml; + $xml .= "</bug>\n"; + return $xml; } sub EmitDependList { |