diff options
| author | bbaetz%student.usyd.edu.au <> | 2002-06-17 18:38:56 +0200 |
|---|---|---|
| committer | bbaetz%student.usyd.edu.au <> | 2002-06-17 18:38:56 +0200 |
| commit | 70eb21091d161fe0325000af992f6f398683c92a (patch) | |
| tree | f76e853435c05bbb3d88b56c174faa54ae7828f6 | |
| parent | 89aebbf6bf7cf73f9ae51d295aee68205c68e731 (diff) | |
| download | bugzilla-70eb21091d161fe0325000af992f6f398683c92a.tar.gz bugzilla-70eb21091d161fe0325000af992f6f398683c92a.tar.xz | |
Bug 151053, ConnectToDatabase/quietly_check_login sometimes not called
early enough
r=mattyt, jouni
| -rwxr-xr-x | buglist.cgi | 34 | ||||
| -rwxr-xr-x | colchange.cgi | 2 | ||||
| -rwxr-xr-x | createaccount.cgi | 3 | ||||
| -rwxr-xr-x | describecomponents.cgi | 4 | ||||
| -rwxr-xr-x | doeditparams.cgi | 2 | ||||
| -rwxr-xr-x | editcomponents.cgi | 1 | ||||
| -rwxr-xr-x | editgroups.cgi | 1 | ||||
| -rwxr-xr-x | editkeywords.cgi | 1 | ||||
| -rwxr-xr-x | editmilestones.cgi | 1 | ||||
| -rwxr-xr-x | editparams.cgi | 1 | ||||
| -rwxr-xr-x | editproducts.cgi | 1 | ||||
| -rwxr-xr-x | editusers.cgi | 1 | ||||
| -rwxr-xr-x | editversions.cgi | 1 | ||||
| -rwxr-xr-x | move.pl | 2 | ||||
| -rwxr-xr-x | post_bug.cgi | 2 | ||||
| -rwxr-xr-x | process_bug.cgi | 3 | ||||
| -rwxr-xr-x | queryhelp.cgi | 5 | ||||
| -rwxr-xr-x | quips.cgi | 5 | ||||
| -rwxr-xr-x | sidebar.cgi | 4 | ||||
| -rwxr-xr-x | token.cgi | 1 | ||||
| -rwxr-xr-x | userprefs.cgi | 2 | ||||
| -rwxr-xr-x | xml.cgi | 5 |
22 files changed, 49 insertions, 33 deletions
diff --git a/buglist.cgi b/buglist.cgi index b649b8f1e..06eff5605 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -66,14 +66,28 @@ ConnectToDatabase(); # Data and Security Validation ################################################################################ +# Whether or not the user wants to change multiple bugs. +my $dotweak = $::FORM{'tweak'} ? 1 : 0; + +# Log the user in +if ($dotweak) { + confirm_login(); + if (!UserInGroup("editbugs")) { + DisplayError("Sorry, you do not have sufficient privileges to edit + multiple bugs."); + exit; + } + GetVersionTable(); +} +else { + quietly_check_login(); +} + # Determine the format in which the user would like to receive the output. # Uses the default format if the user did not specify an output format; # otherwise validates the user's choice against the list of available formats. my $format = ValidateOutputFormat($::FORM{'format'}, "list"); -# Whether or not the user wants to change multiple bugs. -my $dotweak = $::FORM{'tweak'} ? 1 : 0; - # Use server push to display a "Please wait..." message for the user while # executing their query if their browser supports it and they are viewing # the bug list as HTML and they have not disabled it by adding &serverpush=0 @@ -137,20 +151,6 @@ if ($::FORM{'cmdtype'} eq 'runnamed') { $filename =~ s/\s//; } -if ($dotweak) { - confirm_login(); - if (!UserInGroup("editbugs")) { - DisplayError("Sorry, you do not have sufficient privileges to edit - multiple bugs."); - exit; - } - GetVersionTable(); -} -else { - quietly_check_login(); -} - - ################################################################################ # Utilities ################################################################################ diff --git a/colchange.cgi b/colchange.cgi index 5e6857724..64dd9c4a5 100755 --- a/colchange.cgi +++ b/colchange.cgi @@ -34,6 +34,7 @@ use vars qw( require "CGI.pl"; +ConnectToDatabase(); quietly_check_login(); print "Content-type: text/html\n"; @@ -41,7 +42,6 @@ print "Content-type: text/html\n"; # The master list not only says what fields are possible, but what order # they get displayed in. -ConnectToDatabase(); GetVersionTable(); my @masterlist = ("opendate", "changeddate", "severity", "priority", diff --git a/createaccount.cgi b/createaccount.cgi index ff07da782..577ab8dba 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -42,6 +42,9 @@ ConnectToDatabase(); # If we're using LDAP for login, then we can't create a new account here. if(Param('useLDAP')) { + # Just in case someone already has an account, let them get the correct + # footer on the error message + quietly_check_login(); DisplayError("This site is using LDAP for authentication. Please contact an LDAP administrator to get a new account created.", "Can't create LDAP accounts"); diff --git a/describecomponents.cgi b/describecomponents.cgi index 8ae98260b..2f723757e 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -34,10 +34,10 @@ use lib qw(.); require "CGI.pl"; ConnectToDatabase(); -GetVersionTable(); - quietly_check_login(); +GetVersionTable(); + if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; diff --git a/doeditparams.cgi b/doeditparams.cgi index 7390333c0..3e97e140b 100755 --- a/doeditparams.cgi +++ b/doeditparams.cgi @@ -33,7 +33,7 @@ use vars %::param, %::param_default, @::param_list; - +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editcomponents.cgi b/editcomponents.cgi index f48566906..4f76593df 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -188,6 +188,7 @@ sub PutTrailer (@) # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editgroups.cgi b/editgroups.cgi index fe8b32ff7..9c93363c0 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -29,6 +29,7 @@ use lib "."; require "CGI.pl"; +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editkeywords.cgi b/editkeywords.cgi index 4b6f76356..51294206d 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -108,6 +108,7 @@ sub Validate ($$) { # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editmilestones.cgi b/editmilestones.cgi index 63e27b440..fccf72533 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -146,6 +146,7 @@ sub PutTrailer (@) # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editparams.cgi b/editparams.cgi index dc6febb95..40f5ad537 100755 --- a/editparams.cgi +++ b/editparams.cgi @@ -32,6 +32,7 @@ require "defparams.pl"; use vars @::param_desc, @::param_list; +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editproducts.cgi b/editproducts.cgi index 611a98100..1b3441a8a 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -175,6 +175,7 @@ sub PutTrailer (@) # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editusers.cgi b/editusers.cgi index ebc07f2e4..f9800c704 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -231,6 +231,7 @@ sub PutTrailer (@) # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; diff --git a/editversions.cgi b/editversions.cgi index fafdb5683..950d597a7 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -155,6 +155,7 @@ sub PutTrailer (@) # Preliminary checks: # +ConnectToDatabase(); confirm_login(); print "Content-type: text/html\n\n"; @@ -37,6 +37,7 @@ unless ( Param("move-enabled") ) { } ConnectToDatabase(); +confirm_login(); sub Log { my ($str) = (@_); @@ -80,7 +81,6 @@ if ( !defined $::FORM{'buglist'} ) { exit; } -confirm_login(); my $exporter = $::COOKIE{"Bugzilla_login"}; my $movers = Param("movers"); $movers =~ s/\w?,\w?/|/g; diff --git a/post_bug.cgi b/post_bug.cgi index c04e34db0..fe0871191 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -50,6 +50,7 @@ sub sillyness { # Use global template variables. use vars qw($vars $template); +ConnectToDatabase(); confirm_login(); @@ -89,7 +90,6 @@ if (defined $::FORM{'maketemplate'}) { } umask 0; -ConnectToDatabase(); # Some sanity checking if(Param("usebuggroupsentry") && GroupExists($product)) { diff --git a/process_bug.cgi b/process_bug.cgi index e64cdac76..db19916a3 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -53,6 +53,7 @@ use vars qw(%versions %superusergroupset $next_bug); +ConnectToDatabase(); my $whoid = confirm_login(); my $requiremilestone = 0; @@ -124,8 +125,6 @@ if ( Param("usetargetmilestone") ) { CheckFormFieldDefined(\%::FORM, 'target_milestone'); } -ConnectToDatabase(); - # # This function checks if there is a comment required for a specific # function and tests, if the comment was given. diff --git a/queryhelp.cgi b/queryhelp.cgi index 3b2da379f..48a4e0855 100755 --- a/queryhelp.cgi +++ b/queryhelp.cgi @@ -32,6 +32,8 @@ use lib qw(.); require "CGI.pl"; ConnectToDatabase(); +quietly_check_login(); + GetVersionTable(); print "Content-type: text/html\n\n"; @@ -558,8 +560,6 @@ user with the proper permissions can edit these keywords. The following is a lis stored on this version of Bugzilla: }; -ConnectToDatabase(); - my $tableheader = qq{ <p><table border="1" cellpadding="4" cellspacing="0"> <tr bgcolor="#6666FF"> @@ -609,7 +609,6 @@ while (MoreSQLData()) { print "</table><p>\n"; -quietly_check_login(); if (UserInGroup("editkeywords")) { print qq{<p><a href="editkeywords.cgi">Edit keywords</a>\n}; @@ -34,6 +34,11 @@ use lib qw(.); require "CGI.pl"; +# Even though quips aren't (yet) in the database, we need to check +# logins for the footer +ConnectToDatabase(); +quietly_check_login(); + my $action = $::FORM{'action'} || ""; if ($action eq "show") { diff --git a/sidebar.cgi b/sidebar.cgi index 2f1b92a69..a7e0587f5 100755 --- a/sidebar.cgi +++ b/sidebar.cgi @@ -29,13 +29,11 @@ use vars qw( ); ConnectToDatabase(); +quietly_check_login(); # Needed for $::anyvotesallowed GetVersionTable(); -# Check to see if the user has logged in yet. -quietly_check_login(); - ############################################################################### # Main Body Execution ############################################################################### @@ -37,6 +37,7 @@ require "CGI.pl"; # Establish a connection to the database backend. ConnectToDatabase(); +quietly_check_login(); # Use the "Token" module that contains functions for doing various # token-related tasks. diff --git a/userprefs.cgi b/userprefs.cgi index 2205dd61a..649008864 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -359,6 +359,8 @@ sub DoPermissions { ############################################################################### # Live code (not subroutine definitions) starts here ############################################################################### + +ConnectToDatabase(); confirm_login(); GetVersionTable(); @@ -32,6 +32,9 @@ require "CGI.pl"; use vars qw($template $vars); +ConnectToDatabase(); +quietly_check_login(); + if (!defined $::FORM{'id'} || !$::FORM{'id'}) { print "Content-Type: text/html\n\n"; $template->process("bug/choose-xml.html.tmpl", $vars) @@ -39,8 +42,6 @@ if (!defined $::FORM{'id'} || !$::FORM{'id'}) { exit; } -quietly_check_login(); - my $exporter = $::COOKIE{"Bugzilla_login"} || undef; my @ids = split (/[, ]+/, $::FORM{'id'}); |