diff options
| author | dkl%redhat.com <> | 2008-06-28 02:56:18 +0200 |
|---|---|---|
| committer | dkl%redhat.com <> | 2008-06-28 02:56:18 +0200 |
| commit | b8f0c041640c48d0e0e88eb02da6f9cf1bc0aaf3 (patch) | |
| tree | 0f1f1ef60878ba7a308ea2cfee2b979b1aac7b5e /attachment.cgi | |
| parent | 56ccd58774980ac41436242ac1a5ed223f8868aa (diff) | |
| download | bugzilla-b8f0c041640c48d0e0e88eb02da6f9cf1bc0aaf3.tar.gz bugzilla-b8f0c041640c48d0e0e88eb02da6f9cf1bc0aaf3.tar.xz | |
Bug 422691 â Attachment gets added twice after hitting "Back" and "Refresh"
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi index 937087a51..2520c0032 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -327,6 +327,7 @@ sub enter { 'component_id' => $bug->component_id}); $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep($_->is_requesteeble, @$flag_types); + $vars->{'token'} = issue_session_token('createattachment:'); print $cgi->header(); @@ -348,6 +349,30 @@ sub insert { validateCanChangeBug($bugid); my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()"); + # Detect if the user already used the same form to submit an attachment + my $token = trim($cgi->param('token')); + if ($token) { + my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token); + unless ($creator_id + && ($creator_id == $user->id) + && ($old_attach_id =~ "^createattachment:")) + { + # The token is invalid. + ThrowUserError('token_does_not_exist'); + } + + $old_attach_id =~ s/^createattachment://; + + if ($old_attach_id) { + $vars->{'bugid'} = $bugid; + $vars->{'attachid'} = $old_attach_id; + print $cgi->header(); + $template->process("attachment/cancel-create-dupe.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; + } + } + my $bug = new Bugzilla::Bug($bugid); my $attachment = Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user, @@ -379,6 +404,12 @@ sub insert { } $bug->update($timestamp); + if ($token) { + trick_taint($token); + $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, + ("createattachment:" . $attachment->id, $token)); + } + $dbh->bz_commit_transaction; # Define the variables and functions that will be passed to the UI template. |