summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2011-11-22 00:01:04 +0100
committerDave Lawrence <dlawrence@mozilla.com>2011-11-22 00:01:04 +0100
commit5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f (patch)
tree0dff9880cef5fdf236ebe16b788366a28599927b /attachment.cgi
parentb689f676ba312e3a06d1f8f68df520f5ca220381 (diff)
parent4d99c123ee568e5a548968de8417ebc70a24efe4 (diff)
downloadbugzilla-5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f.tar.gz
bugzilla-5f1ae49c9a96fca5be3297c4d6b322df4c7ac77f.tar.xz
merged with bmo/4.2
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi33
1 files changed, 5 insertions, 28 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 9fec1b2bd..a028bc8b0 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -508,7 +508,7 @@ sub enter {
$vars->{'flag_types'} = $flag_types;
$vars->{'any_flags_requesteeble'} =
grep { $_->is_requestable && $_->is_requesteeble } @$flag_types;
- $vars->{'token'} = issue_session_token('create_attachment:');
+ $vars->{'token'} = issue_session_token('create_attachment');
print $cgi->header();
@@ -531,27 +531,7 @@ sub insert {
# Detect if the user already used the same form to submit an attachment
my $token = trim($cgi->param('token'));
- if ($token) {
- my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token);
- unless ($creator_id
- && ($creator_id == $user->id)
- && ($old_attach_id =~ "^create_attachment:"))
- {
- # The token is invalid.
- ThrowUserError('token_does_not_exist');
- }
-
- $old_attach_id =~ s/^create_attachment://;
-
- if ($old_attach_id) {
- $vars->{'bugid'} = $bugid;
- $vars->{'attachid'} = $old_attach_id;
- print $cgi->header();
- $template->process("attachment/cancel-create-dupe.html.tmpl", $vars)
- || ThrowTemplateError($template->error());
- exit;
- }
- }
+ check_token_data($token, 'create_attachment', 'index.cgi');
# Check attachments the user tries to mark as obsolete.
my @obsolete_attachments;
@@ -577,6 +557,9 @@ sub insert {
mimetype => $content_type,
});
+ # Delete the token used to create this attachment.
+ delete_token($token);
+
foreach my $obsolete_attachment (@obsolete_attachments) {
$obsolete_attachment->set_is_obsolete(1);
$obsolete_attachment->update($timestamp);
@@ -614,12 +597,6 @@ sub insert {
}
$bug->update($timestamp);
- if ($token) {
- trick_taint($token);
- $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef,
- ("create_attachment:" . $attachment->id, $token));
- }
-
$dbh->bz_commit_transaction;
# Define the variables and functions that will be passed to the UI template.