summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/CGI.pm25
-rwxr-xr-xbuglist.cgi30
-rwxr-xr-xreport.cgi7
-rwxr-xr-xrequest.cgi19
-rw-r--r--template/en/default/request/queue.html.tmpl2
5 files changed, 52 insertions, 31 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index ce7cdf429..58a681491 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -347,6 +347,10 @@ sub header {
unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
}
+ if ($self->{'_content_disp'}) {
+ unshift(@_, '-content_disposition' => $self->{'_content_disp'});
+ }
+
# Add X-XSS-Protection header to prevent simple XSS attacks
# and enforce the blocking (rather than the rewriting) mode.
unshift(@_, '-x_xss_protection' => '1; mode=block');
@@ -560,6 +564,22 @@ sub url_is_attachment_base {
return ($self->self_url =~ $regex) ? 1 : 0;
}
+sub set_dated_content_disp {
+ my ($self, $type, $prefix, $ext) = @_;
+
+ my @time = localtime(time());
+ my $date = sprintf "%04d-%02d-%02d", 1900+$time[5], $time[4]+1, $time[3];
+ my $filename = "$prefix-$date.$ext";
+
+ $filename =~ s/\s/_/g; # Remove whitespace to avoid HTTP header tampering
+ $filename =~ s/\\/_/g; # Remove backslashes as well
+ $filename =~ s/"/\\"/g; # escape quotes
+
+ my $disposition = "$type; filename=\"$filename\"";
+
+ $self->{'_content_disp'} = $disposition;
+}
+
##########################
# Vars TIEHASH Interface #
##########################
@@ -667,6 +687,11 @@ instead of calling this directly.
Redirects from the current URL to one prefixed by the urlbase parameter.
+=item C<set_dated_content_disp>
+
+Sets an appropriate date-dependent value for the Content Disposition header
+for a downloadable resource.
+
=back
=head1 SEE ALSO
diff --git a/buglist.cgi b/buglist.cgi
index 27badae7c..9d259de5c 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -316,22 +316,20 @@ sub GetGroups {
}
sub _close_standby_message {
- my ($contenttype, $disposition, $serverpush) = @_;
+ my ($contenttype, $disp, $disp_prefix, $extension, $serverpush) = @_;
my $cgi = Bugzilla->cgi;
+ $cgi->set_dated_content_disp($disp, $disp_prefix, $extension);
# Close the "please wait" page, then open the buglist page
if ($serverpush) {
print $cgi->multipart_end();
- print $cgi->multipart_start(-type => $contenttype,
- -content_disposition => $disposition);
+ print $cgi->multipart_start(-type => $contenttype);
}
else {
- print $cgi->header(-type => $contenttype,
- -content_disposition => $disposition);
+ print $cgi->header($contenttype);
}
}
-
################################################################################
# Command Execution
################################################################################
@@ -359,17 +357,10 @@ $params ||= new Bugzilla::CGI($cgi);
# if available. We have to do this now, even though we return HTTP headers
# at the end, because the fact that there is a remembered query gets
# forgotten in the process of retrieving it.
-my @time = localtime(time());
-my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
-my $filename = "bugs-$date.$format->{extension}";
+my $disp_prefix = "bugs";
if ($cmdtype eq "dorem" && $remaction =~ /^run/) {
- $filename = $cgi->param('namedcmd') . "-$date.$format->{extension}";
- # Remove white-space from the filename so the user cannot tamper
- # with the HTTP headers.
- $filename =~ s/\s/_/g;
+ $disp_prefix = $cgi->param('namedcmd');
}
-$filename =~ s/\\/\\\\/g; # escape backslashes
-$filename =~ s/"/\\"/g; # escape quotes
# Take appropriate action based on user's request.
if ($cmdtype eq "dorem") {
@@ -1030,7 +1021,8 @@ if ($one_product && Bugzilla->user->can_enter_product($one_product)) {
# The following variables are used when the user is making changes to multiple bugs.
if ($dotweak && scalar @bugs) {
if (!$vars->{'caneditbugs'}) {
- _close_standby_message('text/html', 'inline', $serverpush);
+ _close_standby_message('text/html',
+ 'inline', "error", "html", $serverpush);
ThrowUserError('auth_failure', {group => 'editbugs',
action => 'modify',
object => 'multiple_bugs'});
@@ -1137,10 +1129,8 @@ if ($format->{'extension'} eq "csv") {
$vars->{'human'} = $cgi->param('human');
}
-# Suggest a name for the bug list if the user wants to save it as a file.
-$disposition .= "; filename=\"$filename\"";
-
-_close_standby_message($contenttype, $disposition, $serverpush);
+_close_standby_message($contenttype, $disposition, $disp_prefix,
+ $format->{'extension'}, $serverpush);
################################################################################
# Content Generation
diff --git a/report.cgi b/report.cgi
index 4e8689527..7a6093c8c 100755
--- a/report.cgi
+++ b/report.cgi
@@ -280,11 +280,8 @@ my $format = $template->get_format("reports/report", $formatparam,
# set debug=1 to always get an HTML content-type, and view the error.
$format->{'ctype'} = "text/html" if $cgi->param('debug');
-my @time = localtime(time());
-my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
-my $filename = "report-$date.$format->{extension}";
-print $cgi->header(-type => $format->{'ctype'},
- -content_disposition => "inline; filename=$filename");
+$cgi->set_dated_content_disp("inline", "report", $format->{extension});
+print $cgi->header($format->{'ctype'});
# Problems with this CGI are often due to malformed data. Setting debug=1
# prints out both data structures.
diff --git a/request.cgi b/request.cgi
index 5ac95f240..1bab9ff45 100755
--- a/request.cgi
+++ b/request.cgi
@@ -46,8 +46,12 @@ my $cgi = Bugzilla->cgi;
Bugzilla->switch_to_shadow_db;
my $template = Bugzilla->template;
my $action = $cgi->param('action') || '';
+my $format = $template->get_format('request/queue',
+ scalar($cgi->param('format')),
+ scalar($cgi->param('ctype')));
-print $cgi->header();
+$cgi->set_dated_content_disp("inline", "requests", $format->{extension});
+print $cgi->header($format->{'ctype'});
################################################################################
# Main Body Execution
@@ -66,7 +70,7 @@ unless (defined $cgi->param('requestee')
Bugzilla::User::match_field($fields);
if ($action eq 'queue') {
- queue();
+ queue($format);
}
else {
my $flagtypes = get_flag_types();
@@ -84,8 +88,8 @@ else {
}
$vars->{'components'} = [ sort { $a cmp $b } keys %components ];
- $template->process('request/queue.html.tmpl', $vars)
- || ThrowTemplateError($template->error());
+ $template->process($format->{'template'}, $vars)
+ || ThrowTemplateError($template->error());
}
exit;
@@ -94,6 +98,7 @@ exit;
################################################################################
sub queue {
+ my $format = shift;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
@@ -327,9 +332,11 @@ sub queue {
}
$vars->{'components'} = [ sort { $a cmp $b } keys %components ];
+ $vars->{'urlquerypart'} = $cgi->canonicalise_query('ctype');
+
# Generate and return the UI (HTML page) from the appropriate template.
- $template->process("request/queue.html.tmpl", $vars)
- || ThrowTemplateError($template->error());
+ $template->process($format->{'template'}, $vars)
+ || ThrowTemplateError($template->error());
}
################################################################################
diff --git a/template/en/default/request/queue.html.tmpl b/template/en/default/request/queue.html.tmpl
index 0ed14bad7..261db0438 100644
--- a/template/en/default/request/queue.html.tmpl
+++ b/template/en/default/request/queue.html.tmpl
@@ -220,6 +220,8 @@ to some group are shown by default.
</tr>
[% END %]
[% PROCESS display_buglist %]
+ <br><br>
+ <a href="request.cgi?[% urlquerypart FILTER html %]&amp;ctype=csv">(view entire list as CSV)</a>
[% END %]
[% PROCESS global/footer.html.tmpl %]