diff options
| -rwxr-xr-x | doeditvotes.cgi | 169 | ||||
| -rwxr-xr-x | showvotes.cgi | 181 |
2 files changed, 0 insertions, 350 deletions
diff --git a/doeditvotes.cgi b/doeditvotes.cgi deleted file mode 100755 index 4d88e13c9..000000000 --- a/doeditvotes.cgi +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bonsaitools/bin/perl -wT -# -*- Mode: perl; indent-tabs-mode: nil -*- -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Bugzilla Bug Tracking System. -# -# The Initial Developer of the Original Code is Netscape Communications -# Corporation. Portions created by Netscape are -# Copyright (C) 1998 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): Terry Weissman <terry@mozilla.org> -# Christopher Aillon <christopher@aillon.com> - -use diagnostics; -use strict; - -use lib qw(.); - -require "CGI.pl"; - -ConnectToDatabase(); - -confirm_login(); - -###################################################################### -# Begin Data/Security Validation -###################################################################### - -# Build a list of bug IDs for which votes have been submitted. Votes -# are submitted in form fields in which the field names are the bug -# IDs and the field values are the number of votes. -my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM); - -# If no bugs are in the buglist, let's make sure the user gets notified -# that their votes will get nuked if they continue. -if (0 == @buglist) { - if (! defined $::FORM{'delete_all_votes'}) { - print "Content-type: text/html\n\n"; - PutHeader("Remove your votes?"); - print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>"; - print qq{<form action="doeditvotes.cgi" method="post">\n}; - print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n}; - print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n}; - print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n}; - print qq{<p><input type="submit" value="Submit"></p></form>\n}; - PutFooter(); - exit(); - } - elsif ($::FORM{'delete_all_votes'} == 0) { - print "Location: showvotes.cgi\n\n"; - exit(); - } -} - -# Call ValidateBugID on each bug ID to make sure it is a positive -# integer representing an existing bug that the user is authorized -# to access, and make sure the number of votes submitted is also -# a non-negative integer (a series of digits not preceded by a -# minus sign). -foreach my $id (@buglist) { - ValidateBugID($id); -} - -###################################################################### -# End Data/Security Validation -###################################################################### - -print "Content-type: text/html\n\n"; - -GetVersionTable(); - -my $who = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'}); - -if ( (! defined $who) || (!$who) ) { - PutHeader("Bad login."); - print qq| - The login info got confused. Please <a href="query.cgi?GoAheadAndLogIn=1">log - in</a> (again) and try again.\n|; - PutFooter(); - exit(); -} - -# If the user is voting for bugs, make sure they aren't overstuffing -# the ballot box. -if (scalar(@buglist)) { - SendSQL("SELECT bugs.bug_id, bugs.product, products.maxvotesperbug " . - "FROM bugs, products " . - "WHERE products.product = bugs.product ". - " AND bugs.bug_id IN (" . join(", ", @buglist) . ")"); - - my %prodcount; - - while (MoreSQLData()) { - my ($id, $prod, $max) = (FetchSQLData()); - if (!defined $prodcount{$prod}) { - $prodcount{$prod} = 0; - } - $prodcount{$prod} += $::FORM{$id}; - if ($::FORM{$id} > $max) { - PutHeader("Don't overstuff!", "Illegal vote"); - print "You may only use at most $max votes for a single bug in the\n"; - print "<tt>$prod</tt> product, but you are trying to use $::FORM{$id}.\n"; - print "<P>Please click <b>Back</b> and try again.<hr>\n"; - PutFooter(); - exit(); - } - } - - foreach my $prod (keys(%prodcount)) { - if ($prodcount{$prod} > $::prodmaxvotes{$prod}) { - PutHeader("Don't overstuff!", "Illegal vote"); - print "You may only use $::prodmaxvotes{$prod} votes for bugs in the\n"; - print "<tt>$prod</tt> product, but you are trying to use $prodcount{$prod}.\n"; - print "<P>Please click <b>Back</b> and try again.<hr>\n"; - PutFooter(); - exit(); - } - } -} - -# Update the user's votes in the database. If the user did not submit -# any votes, they may be using a form with checkboxes to remove all their -# votes (checkboxes are not submitted along with other form data when -# they are not checked, and Bugzilla uses them to represent single votes -# for products that only allow one vote per bug). In that case, we still -# need to clear the user's votes from the database. -my %affected; -SendSQL("lock tables bugs write, votes write"); -SendSQL("select bug_id from votes where who = $who"); -while (MoreSQLData()) { - my $id = FetchOneColumn(); - $affected{$id} = 1; -} -SendSQL("delete from votes where who = $who"); -foreach my $id (@buglist) { - if (detaint_natural($::FORM{$id}) && $::FORM{$id} > 0) { - SendSQL("insert into votes (who, bug_id, count) values ($who, $id, $::FORM{$id})"); - } - $affected{$id} = 1; -} -foreach my $id (keys %affected) { - SendSQL("select sum(count) from votes where bug_id = $id"); - my $v = FetchOneColumn(); - $v ||= 0; - SendSQL("update bugs set votes = $v, delta_ts=delta_ts where bug_id = $id"); -} -SendSQL("unlock tables"); - - -PutHeader("Voting tabulated", "Voting tabulated", $::COOKIE{'Bugzilla_login'}); -print "Your votes have been recorded.\n"; -print qq{<p><a href="showvotes.cgi?user=$who">Review your votes</a><hr>\n}; -foreach my $id (keys %affected) { - CheckIfVotedConfirmed($id, $who); -} -PutFooter(); -exit(); - - diff --git a/showvotes.cgi b/showvotes.cgi deleted file mode 100755 index 6ed4bb8e4..000000000 --- a/showvotes.cgi +++ /dev/null @@ -1,181 +0,0 @@ -#!/usr/bonsaitools/bin/perl -wT -# -*- Mode: perl; indent-tabs-mode: nil -*- -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Bugzilla Bug Tracking System. -# -# The Initial Developer of the Original Code is Netscape Communications -# Corporation. Portions created by Netscape are -# Copyright (C) 1998 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): Terry Weissman <terry@mozilla.org> -# Stephan Niemz <st.n@gmx.net> -# Christopher Aillon <christopher@aillon.com> - -use diagnostics; -use strict; - -use lib qw(.); - -require "CGI.pl"; - -ConnectToDatabase(); - -if (defined $::FORM{'voteon'} || (!defined $::FORM{'bug_id'} && - !defined $::FORM{'user'})) { - confirm_login(); - $::FORM{'user'} = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'}); -} else { - # Check whether or not the user is currently logged in without throwing - # an error if the user is not logged in. This function sets the value - # of $::usergroupset, the binary number that records the set of groups - # to which the user belongs and which gets used in ValidateBugID below - # to determine whether or not the user is authorized to access the bug - # whose votes are being shown or which is being voted on. - quietly_check_login(); -} - -################################################################################ -# Begin Data/Security Validation -################################################################################ - -# Make sure the bug ID is a positive integer representing an existing -# bug that the user is authorized to access. -if (defined $::FORM{'bug_id'}) { - ValidateBugID($::FORM{'bug_id'}); -} - -# Make sure the bug ID being voted on is a positive integer representing -# an existing bug that the user is authorized to access. -if (defined $::FORM{'voteon'}) { - ValidateBugID($::FORM{'voteon'}); -} - -# Make sure the user ID is a positive integer representing an existing user. -if (defined $::FORM{'user'}) { - detaint_natural($::FORM{'user'}) - || DisplayError("The user number is invalid.") - && exit; - SendSQL("SELECT 1 FROM profiles WHERE userid = $::FORM{'user'}"); - FetchSQLData() - || DisplayError("User #$::FORM{'user'} does not exist.") - && exit; -} - -################################################################################ -# End Data/Security Validation -################################################################################ - -print "Content-type: text/html\n\n"; - -if (defined $::FORM{'bug_id'}) { - my $id = $::FORM{'bug_id'}; - my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>}; - PutHeader("Show votes", "Show votes", "Bug $linkedid"); - SendSQL("select profiles.login_name, votes.who, votes.count from votes, profiles where votes.bug_id = " . SqlQuote($id) . " and profiles.userid = votes.who"); - print "<table>\n"; - print "<tr><th>Who</th><th>Number of votes</th></tr>\n"; - my $sum = 0; - while (MoreSQLData()) { - my ($name, $userid, $count) = (FetchSQLData()); - print qq{<tr><td><a href="showvotes.cgi?user=$userid">$name</a></td><td align=right>$count</td></tr>\n}; - $sum += $count; - } - print "</table>"; - print "<p>Total votes: $sum<p>\n"; -} elsif (defined $::FORM{'user'}) { - quietly_check_login(); - GetVersionTable(); - my $who = $::FORM{'user'}; - my $name = DBID_to_name($who); - PutHeader("Show votes", "Show votes", $name); - print qq{<form action="doeditvotes.cgi">\n}; - print "<table><tr><td></td><th>Bug \#</th><th>Summary</th><th>Votes</th></tr>\n"; - SendSQL("lock tables bugs read, products read, votes write"); - if (defined($::FORM{'voteon'})) { - # Oh, boy, what a hack. Make sure there is an entry for this bug - # in the vote table, just so that things display right. - # Yuck yuck yuck.### - SendSQL("select votes.count from votes where votes.bug_id = $::FORM{'voteon'} and votes.who = $who"); - if (!MoreSQLData()) { - SendSQL("insert into votes (who, bug_id, count) values ($who, $::FORM{'voteon'}, 0)"); - } - } - my $canedit = (defined $::COOKIE{'Bugzilla_login'} && - $::COOKIE{'Bugzilla_login'} eq $name); - my %maxvotesperbug; - if( $canedit ) { - SendSQL("SELECT products.product, products.maxvotesperbug FROM products"); - while (MoreSQLData()) { - my ($prod, $max) = (FetchSQLData()); - $maxvotesperbug{$prod}= $max; - } - } - foreach my $product (sort(keys(%::prodmaxvotes))) { - if ($::prodmaxvotes{$product} <= 0) { - next; - } - my $qprod = value_quote($product); - SendSQL("select votes.bug_id, votes.count, bugs.short_desc, bugs.bug_status from votes, bugs where votes.who = $who and votes.bug_id = bugs.bug_id and bugs.product = " . SqlQuote($product) . "order by votes.bug_id"); - next if !MoreSQLData(); # don't show products without any votes - my $sum = 0; - print "<tr><th>$product</th></tr>"; - while (MoreSQLData()) { - my ($id, $count, $summary, $status) = (FetchSQLData()); - if (!defined $status) { - next; - } - my $opened = IsOpenedState($status); - my $strike = $opened ? "" : "<strike>"; - my $endstrike = $opened ? "" : "</strike>"; - $summary = html_quote($summary); - $sum += $count; - if ($canedit) { - my $min = min($::prodmaxvotes{$product}, $maxvotesperbug{$product}); - if ($min < 2) { # checkbox - my $checked = $count ? ' checked="checked"' : ''; - $count = qq{<input type="checkbox" name="$id" value="1"$checked>}; - } - else { # text input - my $maxlength = length $min; - $count = qq{<input name="$id" value="$count" size="$maxlength" maxlength="$maxlength">}; - } - } - print qq{ -<tr> -<td></td> -<td>$strike<a href="showvotes.cgi?bug_id=$id">$id</a>$endstrike</td> -<td><a href="show_bug.cgi?id=$id">$summary</a></td> -<td align="right">$count</td> -</tr> -}; - } - my $plural = (($sum == 1) ? "" : "s"); - print "<td colspan=3>$sum vote$plural used out of\n"; - print "$::prodmaxvotes{$product} allowed.</td>\n"; - } - print "</table>\n"; - if ($canedit) { - print qq{<input type=submit value="Submit">\n}; - print "<br>To change your votes, type in new numbers (using zero to\n"; - print "mean no votes) or change the checkbox, and then click <b>Submit</b>.\n"; - } - print "<input type=hidden name=who value=$who>"; - print "</form>\n"; - SendSQL("delete from votes where count <= 0"); - SendSQL("unlock tables"); -} - -print qq{<a href="votehelp.html">Help! I don't understand this voting stuff</a>}; - -PutFooter(); |