summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorbbaetz%student.usyd.edu.au <>2002-10-26 10:56:55 +0200
committerbbaetz%student.usyd.edu.au <>2002-10-26 10:56:55 +0200
commit818ce46d9780c7a04ac04a3f116021f1edadd476 (patch)
tree37a73f7a26876a5690ca7f477c10ee3979689b07 /attachment.cgi
parent37993682fd10962e944a1e5bf9633c7b08ad49e6 (diff)
downloadbugzilla-818ce46d9780c7a04ac04a3f116021f1edadd476.tar.gz
bugzilla-818ce46d9780c7a04ac04a3f116021f1edadd476.tar.xz
Bug 147833 - start using CGI.pm
r=gerv, justdave
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi65
1 files changed, 37 insertions, 28 deletions
diff --git a/attachment.cgi b/attachment.cgi
index b185312c6..6e9379af1 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -33,16 +33,11 @@ use strict;
use lib qw(.);
use vars qw(
+ $cgi
$template
$vars
);
-# Win32 specific hack to avoid a hang when creating/showing an attachment
-if ($^O eq 'MSWin32') {
- binmode(STDIN);
- binmode(STDOUT);
-}
-
# Include the Bugzilla CGI and general utility library.
require "CGI.pl";
@@ -89,12 +84,12 @@ elsif ($action eq "insert")
ValidateBugID($::FORM{'bugid'});
ValidateComment($::FORM{'comment'});
validateFilename();
- validateData();
- validateDescription();
validateIsPatch();
+ my $data = validateData();
+ validateDescription();
validateContentType() unless $::FORM{'ispatch'};
validateObsolete() if $::FORM{'obsolete'};
- insert();
+ insert($data);
}
elsif ($action eq "edit")
{
@@ -198,13 +193,14 @@ sub validateContentType
}
elsif ($::FORM{'contenttypemethod'} eq 'autodetect')
{
+ my $contenttype = $cgi->uploadInfo($cgi->param('data'))->{'Content-Type'};
# The user asked us to auto-detect the content type, so use the type
# specified in the HTTP request headers.
- if ( !$::FILE{'data'}->{'contenttype'} )
+ if ( !$contenttype )
{
ThrowUserError("missing_content_type");
}
- $::FORM{'contenttype'} = $::FILE{'data'}->{'contenttype'};
+ $::FORM{'contenttype'} = $contenttype;
}
elsif ($::FORM{'contenttypemethod'} eq 'list')
{
@@ -247,29 +243,40 @@ sub validatePrivate
sub validateData
{
- $::FORM{'data'}
- || ThrowUserError("zero_length_file");
+ my $maxsize = $::FORM{'ispatch'} ? Param('maxpatchsize') : Param('maxattachmentsize');
+ $maxsize *= 1024; # Convert from K
- my $len = length($::FORM{'data'});
+ my $fh = $cgi->upload('data');
+ my $data;
- my $maxpatchsize = Param('maxpatchsize');
- my $maxattachmentsize = Param('maxattachmentsize');
-
- # Makes sure the attachment does not exceed either the "maxpatchsize" or
- # the "maxattachmentsize" parameter.
- if ( $::FORM{'ispatch'} && $maxpatchsize && $len > $maxpatchsize*1024 )
+ # We could get away with reading only as much as required, except that then
+ # we wouldn't have a size to print to the error handler below.
{
- $vars->{'filesize'} = sprintf("%.0f", $len/1024);
- ThrowUserError("patch_too_large");
- } elsif ( !$::FORM{'ispatch'} && $maxattachmentsize && $len > $maxattachmentsize*1024 ) {
- $vars->{'filesize'} = sprintf("%.0f", $len/1024);
- ThrowUserError("file_too_large");
+ # enable 'slurp' mode
+ local $/;
+ $data = <$fh>;
}
+
+ $data
+ || ThrowUserError("zero_length_file");
+
+ # Make sure the attachment does not exceed the maximum permitted size
+ my $len = length($data);
+ if ($maxsize && $len > $maxsize) {
+ $vars->{'filesize'} = sprintf("%.0f", $len/1024);
+ if ( $::FORM{'ispatch'} ) {
+ ThrowUserError("patch_too_large");
+ } else {
+ ThrowUserError("file_too_large");
+ }
+ }
+
+ return $data;
}
sub validateFilename
{
- defined $::FILE{'data'}
+ defined $cgi->upload('data')
|| ThrowUserError("file_not_specified");
}
@@ -428,13 +435,15 @@ sub enter
sub insert
{
+ my ($data) = @_;
+
# Insert a new attachment into the database.
# Escape characters in strings that will be used in SQL statements.
- my $filename = SqlQuote($::FILE{'data'}->{'filename'});
+ my $filename = SqlQuote($cgi->param('data'));
my $description = SqlQuote($::FORM{'description'});
my $contenttype = SqlQuote($::FORM{'contenttype'});
- my $thedata = SqlQuote($::FORM{'data'});
+ my $thedata = SqlQuote($data);
my $isprivate = $::FORM{'isprivate'} ? 1 : 0;
# Insert the attachment into the database.