diff options
51 files changed, 352 insertions, 205 deletions
diff --git a/Bugzilla/Auth/CGI.pm b/Bugzilla/Auth/CGI.pm index 034013bda..3588b7037 100644 --- a/Bugzilla/Auth/CGI.pm +++ b/Bugzilla/Auth/CGI.pm @@ -70,9 +70,13 @@ sub login { undef, $userid, $ipaddr); my $logincookie = $dbh->selectrow_array("SELECT LAST_INSERT_ID()"); - my $cookiepath = Param("cookiepath"); - print "Set-Cookie: Bugzilla_login=$userid ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; - print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + + $cgi->send_cookie(-name => 'Bugzilla_login', + -value => $userid, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); + $cgi->send_cookie(-name => 'Bugzilla_logincookie', + -value => $logincookie, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); # compat code. The cookie value is used for logouts, and that # isn't generic yet. @@ -120,7 +124,7 @@ sub login { if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) { # Throw up the login page - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); my $template = Bugzilla->template; $template->process("account/auth/login.html.tmpl", @@ -152,9 +156,12 @@ sub login { # The account may be disabled if ($authres == AUTH_DISABLED) { # Clear the cookie - my $cookiepath = Param("cookiepath"); - print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n"; - print "Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n"; + + $cgi->send_cookie(-name => 'Bugzilla_login', + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); + $cgi->send_cookie(-name => 'Bugzilla_logincookie', + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); + # and throw a user error &::ThrowUserError("account_disabled", {'disabled_reason' => $extra}); diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 3c00ed347..e87c89a5e 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -23,11 +23,12 @@ use strict; package Bugzilla::CGI; -use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles); +use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles :unique_headers); use base qw(CGI); use Bugzilla::Util; +use Bugzilla::Config; # We need to disable output buffering - see bug 179174 $| = 1; @@ -44,6 +45,9 @@ sub new { my $self = $class->SUPER::new(@args); + # Make sure that we don't send any charset headers + $self->charset(''); + # Check for errors # All of the Bugzilla code wants to do this, so do it here instead of # in each script @@ -62,20 +66,18 @@ sub new { # multipart requests, and so should never happen unless there is a # browser bug. - # Using CGI.pm to do this means that ThrowCodeError prints the - # content-type again... - #print $self->header(-status => $err); - print "Status: $err\n"; - - my $vars = {}; - if ($err =~ m/(\d{3})\s(.*)/) { - $vars->{http_error_code} = $1; - $vars->{http_error_string} = $2; - } else { - $vars->{http_error_string} = $err; - } - - &::ThrowCodeError("cgi_error", $vars); + print $self->header(-status => $err); + + # ThrowCodeError wants to print the header, so it grabs Bugzilla->cgi + # which creates a new Bugzilla::CGI object, which fails again, which + # ends up here, and calls ThrowCodeError, and then recurses forever. + # So don't use it. + # In fact, we can't use templates at all, because we need a CGI object + # to determine the template lang as well as the current url (from the + # template) + # Since this is an internal error which indicates a severe browser bug, + # just die. + die "CGI parsing error: $err"; } return $self; @@ -105,6 +107,46 @@ sub canonicalise_query { return join("&", @parameters); } +# CGI.pm makes this nph, but apache doesn't like that +sub multipart_init { + my $self = shift; + + unshift(@_, '-nph' => undef); + + return $self->SUPER::multipart_init(@_); +} + +sub cookie { + my $self = shift; + + # Add the default path in, but only if we're fetching stuff + # (This test fails for |$cgi->cookie(-name=>'x')| which _is_ meant to + # fetch, but thats an ugly notation for the fetch case which we shouldn't + # be using) + unshift(@_, '-path' => Param('cookiepath')) if scalar(@_)>1; + + return $self->SUPER::cookie(@_); +} + +# The various parts of Bugzilla which create cookies don't want to have to +# pass them arround to all of the callers. Instead, store them locally here, +# and then output as required from |headers|. +# This is done instead of just printing the result from the script, because +# we need to use |$r->header_out| under mod_perl (which is what CGI.pm +# does, and we need to match, plus if we don't |print| anything, we can turn +# off mod_perl/Apache's header parsing for a small perf gain) +sub send_cookie { + my $self = shift; + + my $cookie = $self->cookie(@_); + + # XXX - mod_perl + print "Set-Cookie: $cookie\r\n"; + + return; +} + + 1; __END__ @@ -149,4 +191,21 @@ I<Bugzilla::CGI> also includes additional functions. This returns a sorted string of the parameters, suitable for use in a url. Values in C<@exclude> are not included in the result. +=item C<cookie> + +Identical to the CGI.pm C<cookie> routine, except that the cookie path is +automatically added. + +=item C<send_cookie> + +This routine is identical to CGI.pm's C<cookie> routine, except that the cookie +is sent to the browser, rather than returned. This should be used by all +Bugzilla code (instead of C<cookie> or the C<-cookie> argument to C<header>), +so that under mod_perl the headers can be sent correctly, using C<print> or +the mod_perl APIs as appropriate. + =back + +=head1 SEE ALSO + +L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie> diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 5e6b5365d..a1bf74ba0 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -47,7 +47,8 @@ use base qw(Exporter); LOGIN_NORMAL LOGIN_REQUIRED ); - + +@Bugzilla::Constants::EXPORT_OK = qw(contenttypes); # CONSTANTS # @@ -94,4 +95,14 @@ use constant LOGIN_OPTIONAL => 0; use constant LOGIN_NORMAL => 1; use constant LOGIN_REQUIRED => 2; +use constant contenttypes => + { + "html" => "text/html" , + "rdf" => "application/xml" , + "xml" => "text/xml" , + "js" => "application/x-javascript" , + "csv" => "text/plain" , + "png" => "image/png" , + }; + 1; diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm index 64314121a..485646274 100644 --- a/Bugzilla/Error.pm +++ b/Bugzilla/Error.pm @@ -39,8 +39,7 @@ sub ThrowUserError { Bugzilla->dbh->do("UNLOCK TABLES") if $unlock_tables; - # XXX - mod_perl - print "Content-type: text/html\n\n" if !$::vars->{'header_done'}; + print Bugzilla->cgi->header(); my $template = Bugzilla->template; $template->process("global/user-error.html.tmpl", $vars) diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index a327f2922..f8eb8a4a4 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -587,7 +587,7 @@ sub notify { my $rv = $::template->process($template_file, $::vars, \$message); if (!$rv) { - print "Content-Type: text/html\n\n" unless $::vars->{'header_done'}; + Bugzilla->cgi->header(); &::ThrowTemplateError($::template->error()); } diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 46f520b77..fde9d336b 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -366,7 +366,7 @@ sub match_field { $vars->{'matches'} = $matches; # matches that were made $vars->{'matchsuccess'} = $matchsuccess; # continue or fail - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); $::template->process("global/confirm-user-match.html.tmpl", $vars) || &::ThrowTemplateError($::template->error()); @@ -59,7 +59,7 @@ if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) { $::vars->{'message'} = "shutdown"; # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return an HTML message about the downtime. $::template->process("global/message.html.tmpl", $::vars) @@ -320,7 +320,7 @@ sub ThrowCodeError { $vars->{'variables'} = $extra_vars; } - print "Content-type: text/html\n\n" if !$vars->{'header_done'}; + print Bugzilla->cgi->header(); $template->process("global/code-error.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/attachment.cgi b/attachment.cgi index 621477ed5..26892181f 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -33,7 +33,6 @@ use strict; use lib qw(.); use vars qw( - $cgi $template $vars ); @@ -63,6 +62,8 @@ quietly_check_login(); # to just above validateID(). my $bugid; +my $cgi = Bugzilla->cgi; + ################################################################################ # Main Body Execution ################################################################################ @@ -399,11 +400,12 @@ sub view # Return the appropriate HTTP response headers. $filename =~ s/^.*[\/\\]//; my $filesize = length($thedata); - print qq{Content-Type: $contenttype; name="$filename"\n}; - print qq{Content-Disposition: inline; filename=$filename\n}; - print qq{Content-Length: $filesize\n}; - print qq{\n$thedata}; + print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"", + -content_disposition=> "inline; filename=$filename\n", + -content_length => $filesize); + + print $thedata; } @@ -450,8 +452,7 @@ sub viewall $vars->{'bugsummary'} = $bugsummary; $vars->{'GetBugLink'} = \&GetBugLink; - # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("attachment/show-multiple.html.tmpl", $vars) @@ -495,8 +496,7 @@ sub enter $vars->{'bugsummary'} = $bugsummary; $vars->{'GetBugLink'} = \&GetBugLink; - # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("attachment/create.html.tmpl", $vars) @@ -604,8 +604,7 @@ sub insert $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'}; $vars->{'contenttype'} = $::FORM{'contenttype'}; - # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("attachment/created.html.tmpl", $vars) @@ -667,8 +666,7 @@ sub edit $vars->{'attachments'} = \@bugattachments; $vars->{'GetBugLink'} = \&GetBugLink; - # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("attachment/edit.html.tmpl", $vars) @@ -815,8 +813,7 @@ sub update $vars->{'attachid'} = $::FORM{'id'}; $vars->{'bugid'} = $bugid; - # Return the appropriate HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("attachment/updated.html.tmpl", $vars) diff --git a/buglist.cgi b/buglist.cgi index 4acd5d55e..06c00db93 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -33,7 +33,7 @@ use strict; use lib qw(.); -use vars qw($cgi $template $vars); +use vars qw($template $vars); use Bugzilla; use Bugzilla::Search; @@ -56,10 +56,12 @@ use vars qw($db_name $userid @versions); +my $cgi = Bugzilla->cgi; + if (length($::buffer) == 0) { - print "Refresh: 10; URL=query.cgi\n"; + print $cgi->header(-refresh=> '10; URL=query.cgi'); ThrowUserError("buglist_parameters_required"); -} +} ConnectToDatabase(); @@ -131,8 +133,7 @@ if ($::FORM{'regetlastlist'}) { if ($::buffer =~ /&cmd-/) { my $url = "query.cgi?$::buffer#chart"; - print "Refresh: 0; URL=$url\n"; - print "Content-Type: text/html\n\n"; + print $cgi->redirect(-location => $url); # Generate and return the UI (HTML page) from the appropriate template. $vars->{'message'} = "buglist_adding_field"; $vars->{'url'} = $url; @@ -257,8 +258,7 @@ if ($::FORM{'cmdtype'} eq "dorem") { } elsif ($::FORM{'remaction'} eq "load") { my $url = "query.cgi?" . LookupNamedQuery($::FORM{"namedcmd"}); - print "Refresh: 0; URL=$url\n"; - print "Content-Type: text/html\n\n"; + print $cgi->redirect(-location=>$url); # Generate and return the UI (HTML page) from the appropriate template. $vars->{'message'} = "buglist_load_named_query"; $vars->{'namedcmd'} = $::FORM{'namedcmd'}; @@ -282,7 +282,7 @@ if ($::FORM{'cmdtype'} eq "dorem") { $count++; } - print "Content-Type: text/html\n\n"; + print $cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $vars->{'message'} = "buglist_query_gone"; $vars->{'namedcmd'} = $::FORM{'namedcmd'}; @@ -535,8 +535,8 @@ if ($order) { if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) { $vars->{'fragment'} = $fragment; if ($order_from_cookie) { - my $cookiepath = Param("cookiepath"); - print "Set-Cookie: LASTORDER= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n"; + $cgi->send_cookie(-name => 'LASTORDER', + -expires => 'Tue, 15-Sep-1998 21:49:00 GMT'); ThrowCodeError("invalid_column_name_cookie"); } else { @@ -618,15 +618,15 @@ $query .= " ORDER BY $db_order " if ($order); # Time to use server push to display an interim message to the user until # the query completes and we can display the bug list. if ($serverpush) { - # Generate HTTP headers. - print "Content-Disposition: inline; filename=$filename\n"; - print "Content-Type: multipart/x-mixed-replace;boundary=thisrandomstring\n\n"; - print "--thisrandomstring\n"; - print "Content-Type: text/html\n\n"; + print $cgi->multipart_init(-content_disposition => "inline; filename=$filename"); + + print $cgi->multipart_start(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("list/server-push.html.tmpl", $vars) || ThrowTemplateError($template->error()); + + print $cgi->multipart_end(); } # Connect to the shadow database if this installation is using one to improve @@ -800,39 +800,47 @@ if ($dotweak) { # HTTP Header Generation ################################################################################ -# If we are doing server push, output a separator string. -print "\n--thisrandomstring\n" if $serverpush; - # Generate HTTP headers -# Suggest a name for the bug list if the user wants to save it as a file. -# If we are doing server push, then we did this already in the HTTP headers -# that started the server push, so we don't have to do it again here. -print "Content-Disposition: inline; filename=$filename\n" unless $serverpush; +my $contenttype; if ($format->{'extension'} eq "html") { my $cookiepath = Param("cookiepath"); - print "Content-Type: text/html\n"; if ($order) { my $qorder = url_quote($order); - print "Set-Cookie: LASTORDER=$qorder ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + $cgi->send_cookie(-name => 'LASTORDER', + -value => $qorder, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); } my $bugids = join(":", @bugidlist); # See also Bug 111999 if (length($bugids) < 4000) { - print "Set-Cookie: BUGLIST=$bugids ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + $cgi->send_cookie(-name => 'BUGLIST', + -value => $bugids, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); } else { - print "Set-Cookie: BUGLIST= ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + $cgi->send_cookie(-name => 'BUGLIST', + -expires => 'Tue, 15-Sep-1998 21:49:00 GMT'); $vars->{'toolong'} = 1; } + + $contenttype = "text/html"; } else { - print "Content-Type: $format->{'ctype'}\n"; + $contenttype = $format->{'ctype'}; } -print "\n"; # end HTTP headers +if ($serverpush) { + print $cgi->multipart_start(-type=>$contenttype); +} else { + # Suggest a name for the bug list if the user wants to save it as a file. + # If we are doing server push, then we did this already in the HTTP headers + # that started the server push, so we don't have to do it again here. + print $cgi->header(-type => $contenttype, + -content_disposition => "inline; filename=$filename"); +} ################################################################################ @@ -848,4 +856,4 @@ $template->process($format->{'template'}, $vars) # Script Conclusion ################################################################################ -print "\n--thisrandomstring--\n" if $serverpush; +print $cgi->multipart_final() if $serverpush; diff --git a/checksetup.pl b/checksetup.pl index 4173c67d8..451078863 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -211,7 +211,7 @@ my $modules = [ }, { name => 'CGI', - version => '2.88' + version => '2.93' }, { name => 'Data::Dumper', @@ -587,24 +587,6 @@ LocalVar('platforms', ' ); '); - - -LocalVar('contenttypes', ' -# -# The types of content that template files can generate, indexed by file extension. -# -$contenttypes = { - "html" => "text/html" , - "rdf" => "application/xml" , - "xml" => "text/xml" , - "js" => "application/x-javascript" , - "csv" => "text/plain" , - "png" => "image/png" , -}; -'); - - - if ($newstuff ne "") { print "\nThis version of Bugzilla contains some variables that you may want\n", "to change and adapt to your local settings. Please edit the file\n", diff --git a/colchange.cgi b/colchange.cgi index 5e28a4622..2ff2f3fee 100755 --- a/colchange.cgi +++ b/colchange.cgi @@ -32,6 +32,8 @@ use vars qw( $vars ); +use Bugzilla; + require "CGI.pl"; ConnectToDatabase(); @@ -39,6 +41,8 @@ quietly_check_login(); GetVersionTable(); +my $cgi = Bugzilla->cgi; + # The master list not only says what fields are possible, but what order # they get displayed in. my @masterlist = ("opendate", "changeddate", "bug_severity", "priority", @@ -87,12 +91,15 @@ if (defined $::FORM{'rememberedquery'}) { } my $list = join(" ", @collist); my $urlbase = Param("urlbase"); - my $cookiepath = Param("cookiepath"); - - print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; - print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; - print "Refresh: 0; URL=buglist.cgi?$::FORM{'rememberedquery'}\n"; - print "Content-type: text/html\n\n"; + + $cgi->send_cookie(-name => 'COLUMNLIST', + -value => $list, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); + $cgi->send_cookie(-name => 'SPLITHEADER', + -value => $::FORM{'splitheader'}, + -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); + + print $cgi->redirect("buglist.cgi?$::FORM{'rememberedquery'}"); $vars->{'message'} = "change_columns"; $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -111,6 +118,6 @@ $vars->{'splitheader'} = $::COOKIE{'SPLITHEADER'} ? 1 : 0; $vars->{'buffer'} = $::buffer; # Generate and return the UI (HTML page) from the appropriate template. -print "Content-type: text/html\n\n"; +print $cgi->header(); $template->process("list/change-columns.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/createaccount.cgi b/createaccount.cgi index dec8e716c..cce598ac9 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -47,13 +47,16 @@ unless (Bugzilla::Auth->can_edit) { ThrowUserError("auth_cant_create_account"); } +my $cgi = Bugzilla->cgi; + # Clear out the login cookies. Make people log in again if they create an # account; otherwise, they'll probably get confused. -my $cookiepath = Param("cookiepath"); -print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT -Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n"; +$cgi->send_cookie(-name => 'Bugzilla_login', + -expires => 'Tue, 15-Sep-1998 21:49:00 GMT'); +$cgi->send_cookie(-name => 'Bugzilla_logincookie', + -expires => 'Tue, 15-Sep-1998 21:49:00 GMT'); -print "Content-Type: text/html\n\n"; +print $cgi->header(); my $login = $::FORM{'login'}; diff --git a/describecomponents.cgi b/describecomponents.cgi index bdb824b82..ff7f46ac8 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -31,6 +31,8 @@ use strict; use lib qw(.); +use Bugzilla; + require "CGI.pl"; ConnectToDatabase(); @@ -38,6 +40,8 @@ quietly_check_login(); GetVersionTable(); +my $cgi = Bugzilla->cgi; + if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; @@ -63,7 +67,7 @@ if (!defined $::FORM{'product'}) { $::vars->{'proddesc'} = \%products; $::vars->{'target'} = "describecomponents.cgi"; - print "Content-type: text/html\n\n"; + print $cgi->header(); $::template->process("global/choose-product.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); exit; @@ -118,7 +122,7 @@ while (MoreSQLData()) { $::vars->{'product'} = $product; $::vars->{'components'} = \@components; -print "Content-type: text/html\n\n"; +print $cgi->header(); $::template->process("reports/components.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); diff --git a/describekeywords.cgi b/describekeywords.cgi index 0ff538b63..60c5a9fd8 100755 --- a/describekeywords.cgi +++ b/describekeywords.cgi @@ -24,6 +24,8 @@ use strict; use lib "."; +use Bugzilla; + require "CGI.pl"; # Use the global template variables. @@ -33,6 +35,8 @@ ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + SendSQL("SELECT keyworddefs.name, keyworddefs.description, COUNT(keywords.bug_id) FROM keyworddefs LEFT JOIN keywords ON keyworddefs.id=keywords.keywordid @@ -52,6 +56,6 @@ while (MoreSQLData()) { $vars->{'keywords'} = \@keywords; $vars->{'caneditkeywords'} = UserInGroup("editkeywords"); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); $template->process("reports/keywords.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/doeditparams.cgi b/doeditparams.cgi index 48c39bc7a..cba06dd29 100755 --- a/doeditparams.cgi +++ b/doeditparams.cgi @@ -25,6 +25,7 @@ use strict; use lib qw(.); +use Bugzilla; use Bugzilla::Config qw(:DEFAULT :admin); require "CGI.pl"; @@ -34,7 +35,9 @@ use vars %::MFORM; ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +my $cgi = Bugzilla->cgi; + +print $cgi->header(); if (!UserInGroup("tweakparams")) { print "<H1>Sorry, you aren't a member of the 'tweakparams' group.</H1>\n"; diff --git a/duplicates.cgi b/duplicates.cgi index dc65ef502..27333cbab 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -36,15 +36,18 @@ use vars qw($buffer); use Bugzilla; use Bugzilla::Search; -use Bugzilla::CGI; + +my $cgi = Bugzilla->cgi; # Go directly to the XUL version of the duplicates report (duplicates.xul) # if the user specified ctype=xul. Adds params if they exist, and directs # the user to a signed copy of the script in duplicates.jar if it exists. if ($::FORM{'ctype'} && $::FORM{'ctype'} eq "xul") { my $params = CanonicaliseParams($::buffer, ["format", "ctype"]); - print "Location: " . (-e "duplicates.jar" ? "duplicates.jar!/" : "") . + my $url = (-e "duplicates.jar" ? "duplicates.jar!/" : "") . "duplicates.xul" . ($params ? "?$params" : "") . "\n\n"; + + print $cgi->redirect($url); exit; } @@ -261,8 +264,8 @@ $vars->{'products'} = \@::legal_product; my $format = GetFormat("reports/duplicates", $::FORM{'format'}, $::FORM{'ctype'}); - -print "Content-Type: $format->{'ctype'}\n\n"; + +print $cgi->header($format->{'ctype'}); # Generate and return the UI (HTML page) from the appropriate template. $template->process($format->{'template'}, $vars) diff --git a/editcomponents.cgi b/editcomponents.cgi index 35c6426b2..74e0debe8 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -191,7 +191,7 @@ sub PutTrailer (@) ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); unless (UserInGroup("editcomponents")) { PutHeader("Not allowed"); diff --git a/editflagtypes.cgi b/editflagtypes.cgi index d7794ff93..711828b6a 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -35,6 +35,7 @@ require "CGI.pl"; ConnectToDatabase(); # Use Bugzilla's flag modules for handling flag types. +use Bugzilla; use Bugzilla::Flag; use Bugzilla::FlagType; @@ -94,7 +95,7 @@ sub list { Bugzilla::FlagType::match({ 'target_type' => 'attachment' }, 1); # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/list.html.tmpl", $vars) @@ -138,7 +139,7 @@ sub edit { } # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/edit.html.tmpl", $vars) @@ -189,7 +190,7 @@ sub processCategoryChange { $vars->{'type'} = $type; # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/edit.html.tmpl", $vars) @@ -246,7 +247,7 @@ sub insert { $vars->{'message'} = "flag_type_created"; # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("global/message.html.tmpl", $vars) @@ -328,7 +329,7 @@ sub update { $vars->{'message'} = "flag_type_changes_saved"; # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("global/message.html.tmpl", $vars) @@ -348,7 +349,7 @@ sub confirmDelete $vars->{'flag_count'} = scalar($count); # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars) @@ -380,7 +381,7 @@ sub delete { $vars->{'message'} = "flag_type_deleted"; # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("global/message.html.tmpl", $vars) @@ -400,7 +401,7 @@ sub deactivate { $vars->{'flag_type'} = Bugzilla::FlagType::get($::FORM{'id'}); # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("global/message.html.tmpl", $vars) diff --git a/editgroups.cgi b/editgroups.cgi index ca653b77a..a283d0501 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -33,7 +33,7 @@ require "CGI.pl"; ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); if (!UserInGroup("creategroups")) { PutHeader("Not Authorized","Edit Groups","","Not Authorized for this function!"); diff --git a/editkeywords.cgi b/editkeywords.cgi index 4d11a4aae..8ef11aee0 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -110,7 +110,7 @@ sub Validate ($$) { ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); unless (UserInGroup("editkeywords")) { PutHeader("Not allowed"); diff --git a/editmilestones.cgi b/editmilestones.cgi index 1fd600900..504a36e7c 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -148,7 +148,7 @@ sub PutTrailer (@) ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); unless (UserInGroup("editcomponents")) { PutHeader("Not allowed"); diff --git a/editparams.cgi b/editparams.cgi index 89099823f..dd61e9543 100755 --- a/editparams.cgi +++ b/editparams.cgi @@ -32,7 +32,7 @@ require "CGI.pl"; ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); if (!UserInGroup("tweakparams")) { print "<H1>Sorry, you aren't a member of the 'tweakparams' group.</H1>\n"; diff --git a/editproducts.cgi b/editproducts.cgi index 147fbbc38..423f028fe 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -178,7 +178,7 @@ sub PutTrailer (@) ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); unless (UserInGroup("editcomponents")) { PutHeader("Not allowed"); diff --git a/editusers.cgi b/editusers.cgi index 143e87442..b0e6d621c 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -236,7 +236,7 @@ sub PutTrailer (@) ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); $editall = UserInGroup("editusers"); diff --git a/editversions.cgi b/editversions.cgi index a1bd3e4e4..d47ec5d76 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -157,7 +157,7 @@ sub PutTrailer (@) ConnectToDatabase(); confirm_login(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); unless (UserInGroup("editcomponents")) { PutHeader("Not allowed"); diff --git a/enter_bug.cgi b/enter_bug.cgi index 8f736ff03..6a859264b 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -36,6 +36,7 @@ use strict; use lib qw(.); +use Bugzilla; use Bugzilla::Constants; require "CGI.pl"; @@ -65,6 +66,8 @@ ConnectToDatabase(); # user is right from the start. confirm_login() if AnyEntryGroups(); +my $cgi = Bugzilla->cgi; + if (!defined $::FORM{'product'}) { GetVersionTable(); quietly_check_login(); @@ -88,7 +91,7 @@ if (!defined $::FORM{'product'}) { $vars->{'target'} = "enter_bug.cgi"; $vars->{'format'} = $::FORM{'format'}; - print "Content-type: text/html\n\n"; + print $cgi->header(); $template->process("global/choose-product.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -364,7 +367,7 @@ $vars->{'use_keywords'} = 1 if (@::legal_keywords); my $format = GetFormat("bug/create/create", $::FORM{'format'}, $::FORM{'ctype'}); -print "Content-type: $format->{'ctype'}\n\n"; +print $cgi->header($format->{'ctype'}); $template->process($format->{'template'}, $vars) || ThrowTemplateError($template->error()); diff --git a/globals.pl b/globals.pl index 88c8720e8..1c1ee075a 100644 --- a/globals.pl +++ b/globals.pl @@ -40,7 +40,6 @@ use Bugzilla::Config qw(:DEFAULT ChmodDataFile); sub globals_pl_sillyness { my $zz; $zz = @main::SqlStateStack; - $zz = $main::contenttypes; $zz = @main::default_column_list; $zz = $main::defaultqueryname; $zz = @main::enterable_products; @@ -1536,7 +1535,7 @@ sub GetFormat { { 'template' => $template , 'extension' => $ctype , - 'ctype' => $::contenttypes->{$ctype} , + 'ctype' => Bugzilla::Constants::contenttypes->{$ctype} , }; } diff --git a/importxml.pl b/importxml.pl index 40182c954..afc02faa9 100755 --- a/importxml.pl +++ b/importxml.pl @@ -59,6 +59,8 @@ BEGIN { chdir $::path; use lib ($::path); +use Bugzilla; + use XML::Parser; use Data::Dumper; $Data::Dumper::Useqq = 1; @@ -136,7 +138,7 @@ sub Lock { open(LOCKFID, ">>data/maillock") || die "Can't open data/maillock: $!"; my $val = flock(LOCKFID,2); if (!$val) { # '2' is magic 'exclusive lock' const. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); print "Lock failed: $val\n"; } chmod 0666, "data/maillock"; @@ -51,10 +51,12 @@ quietly_check_login('permit_anonymous'); # Main Body Execution ############################################################################### +my $cgi = Bugzilla->cgi; + $vars->{'username'} = $::COOKIE{'Bugzilla_login'} || ''; # Return the appropriate HTTP response headers. -print "Content-Type: text/html\n\n"; +print $cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("index.html.tmpl", $vars) diff --git a/long_list.cgi b/long_list.cgi index 4c787a34e..08bc6679f 100755 --- a/long_list.cgi +++ b/long_list.cgi @@ -24,6 +24,8 @@ use strict; use lib qw(.); +use Bugzilla; + require "CGI.pl"; use vars qw($userid @legal_keywords %FORM); @@ -37,6 +39,8 @@ quietly_check_login(); GetVersionTable(); +my $cgi = Bugzilla->cgi; + my $generic_query = " SELECT bugs.bug_id, @@ -116,8 +120,7 @@ my @time = localtime(time()); my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3]; my $filename = "bugs-$date.html"; -print "Content-Type: text/html\n"; -print "Content-Disposition: inline; filename=$filename\n\n"; +print $cgi->header(-content_disposition => "inline; filename=$filename"); # Generate and return the UI (HTML page) from the appropriate template. $template->process("bug/show-multiple.html.tmpl", $vars) @@ -31,6 +31,7 @@ require "CGI.pl"; use vars qw($template $userid %COOKIE); use Bug; +use Bugzilla; use Bugzilla::BugMail; $::lockcount = 0; @@ -44,6 +45,8 @@ unless ( Param("move-enabled") ) { ConnectToDatabase(); confirm_login(); +my $cgi = Bugzilla->cgi; + sub Log { my ($str) = (@_); Lock(); @@ -59,7 +62,7 @@ sub Lock { open(LOCKFID, ">>data/maillock") || die "Can't open data/maillock: $!"; my $val = flock(LOCKFID,2); if (!$val) { # '2' is magic 'exclusive lock' const. - print "Content-type: text/html\n\n"; + print $cgi->header(); print "Lock failed: $val\n"; } chmod 0666, "data/maillock"; @@ -76,7 +79,7 @@ sub Unlock { } if ( !defined $::FORM{'buglist'} ) { - print "Content-type: text/html\n\n"; + print $cgi->header(); PutHeader("Move Bugs"); print "Move bugs either from the bug display page or perform a "; print "<A HREF=\"query.cgi\">query</A> and change several bugs at once.\n"; @@ -91,7 +94,7 @@ my $movers = Param("movers"); $movers =~ s/\s?,\s?/|/g; $movers =~ s/@/\@/g; unless ($exporter =~ /($movers)/) { - print "Content-type: text/html\n\n"; + print $cgi->header(); PutHeader("Move Bugs"); print "<P>You do not have permission to move bugs<P>\n"; PutFooter(); @@ -31,6 +31,9 @@ use strict; use lib "."; + +use Bugzilla; + require "CGI.pl"; use vars qw($template $vars); @@ -39,6 +42,8 @@ ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + if ($::FORM{'id'}) { # Remove all dodgy chars, and split into name and ctype. $::FORM{'id'} =~ s/[^\w\-\.]//g; @@ -47,8 +52,8 @@ if ($::FORM{'id'}) { my $format = GetFormat($1, undef, $2); $vars->{'form'} = \%::FORM; - - print "Content-Type: $format->{'ctype'}\n\n"; + + print $cgi->header($format->{'ctype'}); $template->process("pages/$format->{'template'}", $vars) || ThrowTemplateError($template->error()); diff --git a/post_bug.cgi b/post_bug.cgi index 37a43afb4..76d86fe58 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -26,6 +26,7 @@ use strict; use lib qw(.); +use Bugzilla; use Bugzilla::Constants; require "CGI.pl"; @@ -55,6 +56,8 @@ use vars qw($vars $template); ConnectToDatabase(); my $whoid = confirm_login(); +my $cgi = Bugzilla->cgi; + # do a match on the fields if applicable &Bugzilla::User::match_field ({ @@ -85,16 +88,17 @@ if (!$product_id) { # Set cookies my $cookiepath = Param("cookiepath"); if (exists $::FORM{'product'}) { - if (exists $::FORM{'version'}) { - print "Set-Cookie: VERSION-$product=$::FORM{'version'} ; " . - "path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + if (exists $::FORM{'version'}) { + $cgi->send_cookie(-name => "VERSION-$product", + -value => $cgi->param('version'), + -expires => "Fri, 01-Jan-2038 00:00:00 GMT"); } } if (defined $::FORM{'maketemplate'}) { $vars->{'url'} = $::buffer; - print "Content-type: text/html\n\n"; + print $cgi->header(); $template->process("bug/create/make-template.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -491,7 +495,7 @@ if ($::COOKIE{"BUGLIST"}) { } $vars->{'bug_list'} = \@bug_list; -print "Content-type: text/html\n\n"; +print $cgi->header(); $template->process("bug/create/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/process_bug.cgi b/process_bug.cgi index 83d601d33..b9414d534 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -31,6 +31,7 @@ my $UserInCanConfirmGroupSet = -1; use lib qw(.); +use Bugzilla; use Bugzilla::Constants; require "CGI.pl"; @@ -58,6 +59,8 @@ use vars qw(%versions ConnectToDatabase(); my $whoid = confirm_login(); +my $cgi = Bugzilla->cgi; + my $requiremilestone = 0; use vars qw($template $vars); @@ -143,7 +146,7 @@ foreach my $field ("dependson", "blocked") { # End Data/Security Validation ###################################################################### -print "Content-type: text/html\n\n"; +print $cgi->header(); $vars->{'title_tag'} = "bug_processed"; # Set the title if we can see a mid-air coming. This test may have false @@ -493,7 +496,7 @@ sub DuplicateUserConfirm { # Confirm whether or not to add the reporter to the cc: list # of the original bug (the one this bug is being duped against). - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("bug/process/confirm-duplicate.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -50,6 +50,9 @@ use vars qw( ); ConnectToDatabase(); + +my $cgi = Bugzilla->cgi; + my $userid = 0; if (defined $::FORM{"GoAheadAndLogIn"}) { # We got here from a login page, probably from relogin.cgi. We better @@ -87,8 +90,8 @@ if ($userid) { "($userid, $qname, " . SqlQuote($value) . ")"); } } - print "Set-Cookie: $cookiename= ; path=" . Param("cookiepath") . - "; expires=Sun, 30-Jun-1980 00:00:00 GMT\n"; + $cgi->send_cookie(-name => $cookiename, + -expires => "Fri, 01-Jan-2038 00:00:00 GMT"); } } } @@ -398,6 +401,8 @@ $vars->{'format'} = $::FORM{'format'}; my $format = GetFormat("search/search", $::FORM{'query_format'} || $::FORM{'format'}, $::FORM{'ctype'}); -print "Content-Type: $format->{'ctype'}\n\n"; + +print $cgi->header($format->{'ctype'}); + $template->process($format->{'template'}, $vars) || ThrowTemplateError($template->error()); diff --git a/queryhelp.cgi b/queryhelp.cgi index 175605d9a..a4aff1d07 100755 --- a/queryhelp.cgi +++ b/queryhelp.cgi @@ -35,7 +35,7 @@ quietly_check_login(); GetVersionTable(); -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); my $product = $::FORM{'product'}; @@ -39,6 +39,8 @@ require "CGI.pl"; ConnectToDatabase(); confirm_login(); +my $cgi = Bugzilla->cgi; + if (Param('enablequips') eq "off") { ThrowUserError("quips_disabled"); } @@ -129,6 +131,6 @@ if ($action eq "delete") { SendSQL("DELETE FROM quips WHERE quipid = $quipid"); } -print "Content-type: text/html\n\n"; +print $cgi->header(); $template->process("list/quips.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/relogin.cgi b/relogin.cgi index c0182de49..d2ce053a5 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -37,6 +37,8 @@ require "CGI.pl"; ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + if ($::userid) { # Even though we know the userid must match, we still check it in the # SQL as a sanity check, since there is no locking here, and if @@ -49,17 +51,17 @@ if ($::userid) { "AND userid = $::userid"); } -my $cookiepath = Param("cookiepath"); -print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT -Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT -"; +$cgi->send_cookie(-name => "Bugzilla_login", + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); +$cgi->send_cookie(-name => "Bugzilla_logincookie", + -expires => "Tue, 15-Sep-1998 21:49:00 GMT"); delete $::COOKIE{"Bugzilla_login"}; -$vars->{'message'} = "logged_out"; +$vars->{'message'} = "logged_out"; $vars->{'user'} = {}; -print "Content-Type: text/html\n\n"; +print $cgi->header(); $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/report.cgi b/report.cgi index d3cde688d..de659ab25 100755 --- a/report.cgi +++ b/report.cgi @@ -26,15 +26,19 @@ use lib "."; require "CGI.pl"; -use vars qw($cgi $template $vars); +use vars qw($template $vars); use Bugzilla; +my $cgi = Bugzilla->cgi; + # Go straight back to query.cgi if we are adding a boolean chart. if (grep(/^cmd-/, $cgi->param())) { my $params = $cgi->canonicalise_query("format", "ctype"); - print "Location: query.cgi?format=" . $cgi->param('query_format') . - ($params ? "&$params" : "") . "\n\n"; + my $location = "query.cgi?format=" . $cgi->param('query_format') . + ($params ? "&$params" : "") . "\n\n"; + + print $cgi->redirect($location); exit; } @@ -52,7 +56,7 @@ my $action = $cgi->param('action') || 'menu'; if ($action eq "menu") { # No need to do any searching in this case, so bail out early. - print "Content-Type: text/html\n\n"; + print $cgi->header(); $template->process("reports/menu.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -276,8 +280,8 @@ $format->{'ctype'} = "text/html" if $::FORM{'debug'}; my @time = localtime(time()); my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3]; my $filename = "report-$date.$format->{extension}"; -print "Content-Disposition: inline; filename=$filename\n"; -print "Content-Type: $format->{'ctype'}\n\n"; +print $cgi->header(-type => $format->{'ctype'}, + -content_disposition => "inline; filename=$filename"); # Problems with this CGI are often due to malformed data. Setting debug=1 # prints out both data structures. diff --git a/reports.cgi b/reports.cgi index d3b1d9431..71ecf6c31 100755 --- a/reports.cgi +++ b/reports.cgi @@ -62,6 +62,8 @@ GetVersionTable(); Bugzilla->switch_to_shadow_db(); +my $cgi = Bugzilla->cgi; + # We only want those products that the user has permissions for. my @myproducts; push( @myproducts, "-All-"); @@ -69,7 +71,7 @@ push( @myproducts, GetSelectableProducts()); if (! defined $FORM{'product'}) { - print "Content-type: text/html\n\n"; + print $cgi->header(); PutHeader("Bug Charts"); choose_product(@myproducts); PutFooter(); @@ -93,10 +95,7 @@ if (! defined $FORM{'product'}) { # This means that is OK to detaint trick_taint($FORM{'product'}); - # Output appropriate HTTP response headers - print "Content-type: text/html\n"; - # Changing attachment to inline to resolve 46897 - zach@zachlipton.com - print "Content-disposition: inline; filename=bugzilla_report.html\n\n"; + print $cgi->header(-Content_Disposition=>'inline; filename=bugzilla_report.html'); PutHeader("Bug Charts"); diff --git a/request.cgi b/request.cgi index 790916359..ae137959d 100755 --- a/request.cgi +++ b/request.cgi @@ -266,7 +266,7 @@ sub queue { $vars->{'types'} = \@types; # Return the appropriate HTTP response headers. - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. $template->process("request/queue.html.tmpl", $vars) diff --git a/show_activity.cgi b/show_activity.cgi index c748c3df7..8c636ea0b 100755 --- a/show_activity.cgi +++ b/show_activity.cgi @@ -51,7 +51,7 @@ ValidateBugID($::FORM{'id'}); $vars->{'bug_id'} = $::FORM{'id'}; -print "Content-type: text/html\n\n"; +print Bugzilla->cgi->header(); $template->process("bug/activity/show.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/show_bug.cgi b/show_bug.cgi index c4c05f42c..711b7201b 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -24,14 +24,18 @@ use strict; use lib qw(.); +use Bugzilla; + require "CGI.pl"; ConnectToDatabase(); -use vars qw($cgi $template $vars $userid); +use vars qw($template $vars $userid); use Bug; +my $cgi = Bugzilla->cgi; + if ($::FORM{'GoAheadAndLogIn'}) { confirm_login(); } else { @@ -44,7 +48,7 @@ my $single = !$cgi->param('format') # If we don't have an ID, _AND_ we're only doing a single bug, then prompt if (!defined $cgi->param('id') && $single) { - print "Content-type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("bug/choose.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -100,6 +104,7 @@ foreach ($cgi->param("excludefield")) { $vars->{'displayfields'} = \%displayfields; -print "Content-type: $format->{'ctype'}\n\n"; +print $cgi->header($format->{'ctype'}); + $template->process("$format->{'template'}", $vars) || ThrowTemplateError($template->error()); diff --git a/showattachment.cgi b/showattachment.cgi index bfe9ef988..82fc1ba9a 100755 --- a/showattachment.cgi +++ b/showattachment.cgi @@ -25,12 +25,16 @@ use strict; use lib qw(.); -require "CGI.pl"; +use Bugzilla; +use Bugzilla::Util; + +my $cgi = Bugzilla->cgi; + +my $id = $cgi->param('attach_id'); +detaint_natural($id) if defined $id; +$id ||= ""; + +print $cgi->redirect(-location=>"attachment.cgi?id=$id&action=view", + -status=>'301 Permanent Redirect'); -# Redirect to the new interface for displaying attachments. -detaint_natural($::FORM{'attach_id'}) if defined($::FORM{'attach_id'}); -my $id = $::FORM{'attach_id'} || ""; -print "Status: 301 Permanent Redirect\n"; -print "Location: attachment.cgi?id=$id&action=view\n\n"; exit; - diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 61278b5f3..b035abad4 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -26,6 +26,7 @@ use strict; use lib qw(.); use File::Temp; +use Bugzilla; require "CGI.pl"; @@ -33,6 +34,8 @@ ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + # Connect to the shadow database if this installation is using one to improve # performance. Bugzilla->switch_to_shadow_db(); @@ -228,6 +231,6 @@ $vars->{'rankdir'} = $::FORM{'rankdir'}; $vars->{'showsummary'} = $::FORM{'showsummary'}; # Generate and return the UI (HTML page) from the appropriate template. -print "Content-type: text/html\n\n"; +print $cgi->header(); $template->process("bug/dependency-graph.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/showdependencytree.cgi b/showdependencytree.cgi index 9149296b7..d9f642a3e 100755 --- a/showdependencytree.cgi +++ b/showdependencytree.cgi @@ -37,6 +37,8 @@ ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + # Connect to the shadow database if this installation is using one to improve # performance. Bugzilla->switch_to_shadow_db(); @@ -95,7 +97,7 @@ $vars->{'maxdepth'} = $maxdepth; $vars->{'hide_resolved'} = $hide_resolved; $vars->{'canedit'} = UserInGroup("editbugs"); -print "Content-Type: text/html\n\n"; +print $cgi->header(); $template->process("bug/dependency-tree.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/sidebar.cgi b/sidebar.cgi index 7a054abc2..83c89c29c 100755 --- a/sidebar.cgi +++ b/sidebar.cgi @@ -29,6 +29,8 @@ use vars qw( ConnectToDatabase(); quietly_check_login(); +my $cgi = Bugzilla->cgi; + ############################################################################### # Main Body Execution ############################################################################### @@ -63,13 +65,10 @@ if (defined $::COOKIE{'Bugzilla_login'}) { my $useragent = $ENV{HTTP_USER_AGENT}; if ($useragent =~ m:Mozilla/([1-9][0-9]*):i && $1 >= 5 && $useragent !~ m/compatible/i) { - print "Content-type: application/vnd.mozilla.xul+xml\n\n"; + print $cgi->header("application/vnd.mozilla.xul+xml"); # Generate and return the XUL from the appropriate template. $template->process("sidebar.xul.tmpl", $vars) || ThrowTemplateError($template->error()); } else { ThrowUserError("sidebar_supports_mozilla_only"); } - - - diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 92836f4db..68f046091 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -61,11 +61,6 @@ [% ELSIF error == "bug_error" %] Trying to retrieve bug [% bug.bug_id %] returned the error [% bug.error FILTER html %] - - [% ELSIF error == "cgi_error" %] - [% title = "CGI Error" %] - Bugzilla has had trouble interpreting your CGI request; - [%+ Param('browserbugmessage') %] [% ELSIF error == "chart_data_not_generated" %] The tool which gathers bug counts has not been run yet. @@ -31,6 +31,8 @@ use lib qw(.); use vars qw($template $vars); +use Bugzilla; + # Include the Bugzilla CGI and general utility library. require "CGI.pl"; @@ -156,7 +158,7 @@ sub requestChangePassword { $vars->{'message'} = "password_change_request"; - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -164,7 +166,7 @@ sub requestChangePassword { sub confirmChangePassword { $vars->{'token'} = $::token; - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("account/password/set-forgotten-password.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -173,7 +175,7 @@ sub cancelChangePassword { $vars->{'message'} = "password_change_canceled"; Token::Cancel($::token, $vars->{'message'}); - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -200,14 +202,14 @@ sub changePassword { $vars->{'message'} = "password_changed"; - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); } sub confirmChangeEmail { # Return HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $vars->{'token'} = $::token; @@ -249,7 +251,7 @@ sub changeEmail { DeriveGroup($userid); # Return HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); # Let the user know their email address has been changed. @@ -300,7 +302,7 @@ sub cancelChangeEmail { SendSQL("UNLOCK TABLES"); # Return HTTP response headers. - print "Content-Type: text/html\n\n"; + print Bugzilla->cgi->header(); $template->process("global/message.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/userprefs.cgi b/userprefs.cgi index fa340f50f..206a115a9 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -24,6 +24,8 @@ use strict; use lib qw(.); +use Bugzilla; + require "CGI.pl"; use RelationSet; @@ -354,6 +356,8 @@ confirm_login(); GetVersionTable(); +my $cgi = Bugzilla->cgi; + $vars->{'login'} = $::COOKIE{'Bugzilla_login'}; $vars->{'changes_saved'} = $::FORM{'dosave'}; @@ -390,7 +394,7 @@ SWITCH: for ($current_tab_name) { } # Generate and return the UI (HTML page) from the appropriate template. -print "Content-type: text/html\n\n"; +print $cgi->header(); $template->process("account/prefs/prefs.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -26,14 +26,17 @@ use strict; use lib "."; -require "CGI.pl"; +use Bugzilla; +require "CGI.pl"; # Use global template variables use vars qw($template $vars); ConnectToDatabase(); +my $cgi = Bugzilla->cgi; + # If the action is show_bug, you need a bug_id. # If the action is show_user, you can supply a userid to show the votes for # another user, otherwise you see your own. @@ -86,6 +89,8 @@ exit; # Display the names of all the people voting for this one bug. sub show_bug { + my $cgi = Bugzilla->cgi; + my $bug_id = $::FORM{'bug_id'} || ThrowCodeError("missing_bug_id"); @@ -107,7 +112,7 @@ sub show_bug { $vars->{'users'} = \@users; $vars->{'total'} = $total; - print "Content-type: text/html\n\n"; + print $cgi->header(); $template->process("bug/votes/list-for-bug.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -117,6 +122,8 @@ sub show_bug { sub show_user { GetVersionTable(); + my $cgi = Bugzilla->cgi; + # If a bug_id is given, and we're editing, we'll add it to the votes list. my $bug_id = $::FORM{'bug_id'} || ""; @@ -213,7 +220,7 @@ sub show_user { $vars->{'voting_user'} = { "login" => $name }; $vars->{'products'} = \@products; - print "Content-type: text/html\n\n"; + print $cgi->header(); $template->process("bug/votes/list-for-user.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -224,6 +231,8 @@ sub record_votes { # Begin Data/Security Validation ############################################################################ + my $cgi = Bugzilla->cgi; + # Build a list of bug IDs for which votes have been submitted. Votes # are submitted in form fields in which the field names are the bug # IDs and the field values are the number of votes. @@ -233,13 +242,13 @@ sub record_votes { # that their votes will get nuked if they continue. if (scalar(@buglist) == 0) { if (!defined($::FORM{'delete_all_votes'})) { - print "Content-type: text/html\n\n"; + print $cgi->header(); $template->process("bug/votes/delete-all.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit(); } elsif ($::FORM{'delete_all_votes'} == 0) { - print "Location: votes.cgi\n\n"; + print $cgi->redirect("votes.cgi"); exit(); } } |