diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-22 00:01:04 +0100 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-22 00:01:04 +0100 |
commit | 5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f (patch) | |
tree | 0dff9880cef5fdf236ebe16b788366a28599927b /attachment.cgi | |
parent | b689f676ba312e3a06d1f8f68df520f5ca220381 (diff) | |
parent | 4d99c123ee568e5a548968de8417ebc70a24efe4 (diff) | |
download | bugzilla-5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f.tar.gz bugzilla-5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f.tar.xz |
merged with bmo/4.2
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 33 |
1 files changed, 5 insertions, 28 deletions
diff --git a/attachment.cgi b/attachment.cgi index 9fec1b2bd..a028bc8b0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -508,7 +508,7 @@ sub enter { $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep { $_->is_requestable && $_->is_requesteeble } @$flag_types; - $vars->{'token'} = issue_session_token('create_attachment:'); + $vars->{'token'} = issue_session_token('create_attachment'); print $cgi->header(); @@ -531,27 +531,7 @@ sub insert { # Detect if the user already used the same form to submit an attachment my $token = trim($cgi->param('token')); - if ($token) { - my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token); - unless ($creator_id - && ($creator_id == $user->id) - && ($old_attach_id =~ "^create_attachment:")) - { - # The token is invalid. - ThrowUserError('token_does_not_exist'); - } - - $old_attach_id =~ s/^create_attachment://; - - if ($old_attach_id) { - $vars->{'bugid'} = $bugid; - $vars->{'attachid'} = $old_attach_id; - print $cgi->header(); - $template->process("attachment/cancel-create-dupe.html.tmpl", $vars) - || ThrowTemplateError($template->error()); - exit; - } - } + check_token_data($token, 'create_attachment', 'index.cgi'); # Check attachments the user tries to mark as obsolete. my @obsolete_attachments; @@ -577,6 +557,9 @@ sub insert { mimetype => $content_type, }); + # Delete the token used to create this attachment. + delete_token($token); + foreach my $obsolete_attachment (@obsolete_attachments) { $obsolete_attachment->set_is_obsolete(1); $obsolete_attachment->update($timestamp); @@ -614,12 +597,6 @@ sub insert { } $bug->update($timestamp); - if ($token) { - trick_taint($token); - $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, - ("create_attachment:" . $attachment->id, $token)); - } - $dbh->bz_commit_transaction; # Define the variables and functions that will be passed to the UI template. |