diff options
-rw-r--r-- | Bugzilla/CGI.pm | 16 | ||||
-rwxr-xr-x | buglist.cgi | 22 |
2 files changed, 26 insertions, 12 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 6fb986aa5..1a1a1ac74 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -141,7 +141,7 @@ sub canonicalise_query { sub clean_search_url { my $self = shift; - # Delete any empty URL parameter + # Delete any empty URL parameter. my @cgi_params = $self->param; foreach my $param (@cgi_params) { @@ -161,6 +161,9 @@ sub clean_search_url { # Delete certain parameters if the associated parameter is empty. $self->delete('bugidtype') if !$self->param('bug_id'); + # Delete leftovers from the login form + $self->delete('Bugzilla_remember', 'GoAheadAndLogIn'); + foreach my $num (1,2) { # If there's no value in the email field, delete the related fields. if (!$self->param("email$num")) { @@ -299,6 +302,17 @@ sub param { return wantarray ? @result : $result[0]; } + # And for various other functions in CGI.pm, we need to correctly + # return the URL parameters in addition to the POST parameters when + # asked for the list of parameters. + elsif (!scalar(@_) && $self->request_method + && $self->request_method eq 'POST') + { + my @post_params = $self->SUPER::param; + my @url_params = $self->url_param; + my %params = map { $_ => 1 } (@post_params, @url_params); + return keys %params; + } return $self->SUPER::param(@_); } diff --git a/buglist.cgi b/buglist.cgi index 531d1500c..edee13bde 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -407,14 +407,14 @@ sub _close_standby_message { # Command Execution ################################################################################ -$cgi->param('cmdtype', "") if !defined $cgi->param('cmdtype'); -$cgi->param('remaction', "") if !defined $cgi->param('remaction'); +my $cmdtype = $cgi->param('cmdtype') || ''; +my $remaction = $cgi->param('remaction') || ''; # Backwards-compatibility - the old interface had cmdtype="runnamed" to run # a named command, and we can't break this because it's in bookmarks. -if ($cgi->param('cmdtype') eq "runnamed") { - $cgi->param('cmdtype', "dorem"); - $cgi->param('remaction', "run"); +if ($cmdtype eq "runnamed") { + $cmdtype = "dorem"; + $remaction = "run"; } # Now we're going to be running, so ensure that the params object is set up, @@ -432,7 +432,7 @@ $params ||= new Bugzilla::CGI($cgi); my @time = localtime(time()); my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3]; my $filename = "bugs-$date.$format->{extension}"; -if ($cgi->param('cmdtype') eq "dorem" && $cgi->param('remaction') =~ /^run/) { +if ($cmdtype eq "dorem" && $remaction =~ /^run/) { $filename = $cgi->param('namedcmd') . "-$date.$format->{extension}"; # Remove white-space from the filename so the user cannot tamper # with the HTTP headers. @@ -442,8 +442,8 @@ $filename =~ s/\\/\\\\/g; # escape backslashes $filename =~ s/"/\\"/g; # escape quotes # Take appropriate action based on user's request. -if ($cgi->param('cmdtype') eq "dorem") { - if ($cgi->param('remaction') eq "run") { +if ($cmdtype eq "dorem") { + if ($remaction eq "run") { my $query_id; ($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"), scalar $cgi->param('sharer_id')); @@ -459,14 +459,14 @@ if ($cgi->param('cmdtype') eq "dorem") { $order = $params->param('order') || $order; } - elsif ($cgi->param('remaction') eq "runseries") { + elsif ($remaction eq "runseries") { $buffer = LookupSeries(scalar $cgi->param("series_id")); $vars->{'searchname'} = $cgi->param('namedcmd'); $vars->{'searchtype'} = "series"; $params = new Bugzilla::CGI($buffer); $order = $params->param('order') || $order; } - elsif ($cgi->param('remaction') eq "forget") { + elsif ($remaction eq "forget") { my $user = Bugzilla->login(LOGIN_REQUIRED); # Copy the name into a variable, so that we can trick_taint it for # the DB. We know it's safe, because we're using placeholders in @@ -530,7 +530,7 @@ if ($cgi->param('cmdtype') eq "dorem") { exit; } } -elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) { +elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { my $user = Bugzilla->login(LOGIN_REQUIRED); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); |