diff options
-rw-r--r-- | Bugzilla/Constants.pm | 7 | ||||
-rw-r--r-- | Bugzilla/WebService.pm | 27 | ||||
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 20 | ||||
-rw-r--r-- | Bugzilla/WebService/Bugzilla.pm | 70 | ||||
-rw-r--r-- | Bugzilla/WebService/Server.pm | 9 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 26 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 22 | ||||
-rw-r--r-- | Bugzilla/WebService/User.pm | 4 | ||||
-rwxr-xr-x | buglist.cgi | 8 | ||||
-rw-r--r-- | docs/en/xml/installation.xml | 79 | ||||
-rw-r--r-- | template/en/default/pages/release-notes.html.tmpl | 46 |
11 files changed, 232 insertions, 86 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 4a39110fa..d38f123fd 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -173,6 +173,8 @@ use File::Basename; PASSWORD_DIGEST_ALGORITHM PASSWORD_SALT_LENGTH + + CGI_URI_LIMIT ); @Bugzilla::Constants::EXPORT_OK = qw(contenttypes); @@ -515,6 +517,11 @@ use constant PASSWORD_DIGEST_ALGORITHM => 'SHA-256'; # of your users will be able to log in until they reset their passwords. use constant PASSWORD_SALT_LENGTH => 8; +# Certain scripts redirect to GET even if the form was submitted originally +# via POST such as buglist.cgi. This value determines whether the redirect +# can be safely done or not based on the web server's URI length setting. +use constant CGI_URI_LIMIT => 8000; + sub bz_locations { # We know that Bugzilla/Constants.pm must be in %INC at this point. # So the only question is, what's the name of the directory diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 21c6b8175..6ff751881 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -21,6 +21,8 @@ package Bugzilla::WebService; use strict; use Date::Parse; use XMLRPC::Lite; +use Bugzilla::Util qw(datetime_from); +use Scalar::Util qw(blessed); # Used by the JSON-RPC server to convert incoming date fields apprpriately. use constant DATE_FIELDS => {}; @@ -36,21 +38,24 @@ sub login_exempt { sub type { my ($self, $type, $value) = @_; if ($type eq 'dateTime') { - $value = datetime_format($value); + $value = $self->datetime_format_outbound($value); } return XMLRPC::Data->type($type)->value($value); } -sub datetime_format { - my ($date_string) = @_; - - my $time = str2time($date_string); - my ($sec, $min, $hour, $mday, $mon, $year) = localtime $time; - # This format string was stolen from SOAP::Utils->format_datetime, - # which doesn't work but which has almost the right format string. - my $iso_datetime = sprintf('%d%02d%02dT%02d:%02d:%02d', - $year + 1900, $mon + 1, $mday, $hour, $min, $sec); - return $iso_datetime; +sub datetime_format_outbound { + my ($self, $date) = @_; + + my $time = $date; + if (blessed($date)) { + # We expect this to mean we were sent a datetime object + $time->set_time_zone('UTC'); + } else { + # We always send our time in UTC, for consistency. + # passed in value is likely a string, create a datetime object + $time = datetime_from($date, 'UTC'); + } + return $time->iso8601(); } diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index b38168602..da6f22c87 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1087,7 +1087,7 @@ private attachments. =item C<comments> -B<UNSTABLE> +B<STABLE> =over @@ -1225,7 +1225,7 @@ that id. =item C<get> -B<EXPERIMENTAL> +B<STABLE> =over @@ -1252,7 +1252,7 @@ Note that it's possible for aliases to be disabled in Bugzilla, in which case you will be told that you have specified an invalid bug_id if you try to specify an alias. (It will be error 100.) -=item C<permissive> B<UNSTABLE> +=item C<permissive> B<EXPERIMENTAL> C<boolean> Normally, if you request any inaccessible or invalid bug ids, Bug.get will throw an error. If this parameter is True, instead of throwing an @@ -1301,12 +1301,14 @@ isn't a duplicate of any bug, this will be an empty int. C<int> The numeric bug_id of this bug. -=item internals B<UNSTABLE> +=item internals B<DEPRECATED> A hash. The internals of a L<Bugzilla::Bug> object. This is extremely unstable, and you should only rely on this if you absolutely have to. The structure of the hash may even change between point releases of Bugzilla. +This will be disappearing in a future version of Bugzilla. + =item is_open C<boolean> Returns true (1) if this bug is open, false (0) if it is closed. @@ -1341,7 +1343,7 @@ C<string> The summary of this bug. =back -=item C<faults> B<UNSTABLE> +=item C<faults> B<EXPERIMENTAL> An array of hashes that contains invalid bug ids with error messages returned for them. Each hash contains the following items: @@ -1433,7 +1435,7 @@ in Bugzilla B<3.4>: =item C<history> -B<UNSTABLE> +B<EXPERIMENTAL> =over @@ -1730,7 +1732,7 @@ for that value. =item C<create> -B<EXPERIMENTAL> +B<STABLE> =over @@ -1886,7 +1888,7 @@ method. =item C<add_comment> -B<EXPERIMENTAL> +B<STABLE> =over @@ -1964,7 +1966,7 @@ purposes if you wish. =item C<update_see_also> -B<UNSTABLE> +B<EXPERIMENTAL> =over diff --git a/Bugzilla/WebService/Bugzilla.pm b/Bugzilla/WebService/Bugzilla.pm index 6e74900b9..c14cc7dea 100644 --- a/Bugzilla/WebService/Bugzilla.pm +++ b/Bugzilla/WebService/Bugzilla.pm @@ -21,6 +21,7 @@ package Bugzilla::WebService::Bugzilla; use strict; use base qw(Bugzilla::WebService); use Bugzilla::Constants; +use Bugzilla::Util qw(datetime_from); use DateTime; @@ -49,32 +50,27 @@ sub extensions { sub timezone { my $self = shift; - my $offset = Bugzilla->local_timezone->offset_for_datetime(DateTime->now()); - $offset = (($offset / 60) / 60) * 100; - $offset = sprintf('%+05d', $offset); - return { timezone => $self->type('string', $offset) }; + # All Webservices return times in UTC; Use UTC here for backwards compat. + return { timezone => $self->type('string', "+0000") }; } sub time { my ($self) = @_; + # All Webservices return times in UTC; Use UTC here for backwards compat. + # Hardcode values where appropriate my $dbh = Bugzilla->dbh; my $db_time = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); + $db_time = datetime_from($db_time, 'UTC'); my $now_utc = DateTime->now(); - my $tz = Bugzilla->local_timezone; - my $now_local = $now_utc->clone->set_time_zone($tz); - my $tz_offset = $tz->offset_for_datetime($now_local); - return { db_time => $self->type('dateTime', $db_time), - web_time => $self->type('dateTime', $now_local), + web_time => $self->type('dateTime', $now_utc), web_time_utc => $self->type('dateTime', $now_utc), - tz_name => $self->type('string', $tz->name), - tz_offset => $self->type('string', - $tz->offset_as_string($tz_offset)), - tz_short_name => $self->type('string', - $now_local->time_zone_short_name), + tz_name => $self->type('string', 'UTC'), + tz_offset => $self->type('string', '+0000'), + tz_short_name => $self->type('string', 'UTC'), }; } @@ -172,9 +168,7 @@ Use L</time> instead. =item B<Description> -Returns the timezone of the server Bugzilla is running on. This is -important because all dates/times that the webservice interface -returns will be in this timezone. +Returns the timezone that Bugzilla expects dates and times in. =item B<Params> (none) @@ -183,12 +177,21 @@ returns will be in this timezone. A hash with a single item, C<timezone>, that is the timezone offset as a string in (+/-)XXXX (RFC 2822) format. +=item B<History> + +=over + +=item As of Bugzilla B<3.6>, the timezone returned is always C<+0000> +(the UTC timezone). + +=back + =back =item C<time> -B<UNSTABLE> +B<STABLE> =over @@ -207,8 +210,8 @@ A struct with the following items: =item C<db_time> -C<dateTime> The current time in Bugzilla's B<local time zone>, according -to the Bugzilla I<database server>. +C<dateTime> The current time in UTC, according to the Bugzilla +I<database server>. Note that Bugzilla assumes that the database and the webserver are running in the same time zone. However, if the web server and the database server @@ -217,8 +220,8 @@ rely on for doing searches and other input to the WebService. =item C<web_time> -C<dateTime> This is the current time in Bugzilla's B<local time zone>, -according to Bugzilla's I<web server>. +C<dateTime> This is the current time in UTC, according to Bugzilla's +I<web server>. This might be different by a second from C<db_time> since this comes from a different source. If it's any more different than a second, then there is @@ -227,26 +230,23 @@ rely on the C<db_time>, not the C<web_time>. =item C<web_time_utc> -The same as C<web_time>, but in the B<UTC> time zone instead of the local -time zone. +Identical to C<web_time>. (Exists only for backwards-compatibility with +versions of Bugzilla before 3.6.) =item C<tz_name> -C<string> The long name of the time zone that the Bugzilla web server is -in. Will usually look something like: C<America/Los Angeles> +C<string> The literal string C<UTC>. (Exists only for backwards-compatibility +with versions of Bugzilla before 3.6.) =item C<tz_short_name> -C<string> The "short name" of the time zone that the Bugzilla web server -is in. This should only be used for display, and not relied on for your -programs, because different time zones can have the same short name. -(For example, there are two C<EST>s.) - -This will look something like: C<PST>. +C<string> The literal string C<UTC>. (Exists only for backwards-compatibility +with versions of Bugzilla before 3.6.) =item C<tz_offset> -C<string> The timezone offset as a string in (+/-)XXXX (RFC 2822) format. +C<string> The literal string C<+0000>. (Exists only for backwards-compatibility +with versions of Bugzilla before 3.6.) =back @@ -256,6 +256,10 @@ C<string> The timezone offset as a string in (+/-)XXXX (RFC 2822) format. =item Added in Bugzilla B<3.4>. +=item As of Bugzilla B<3.6>, this method returns all data as though the server +were in the UTC timezone, instead of returning information in the server's +local timezone. + =back =back diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index 9571e8030..21f0f787c 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -19,6 +19,7 @@ package Bugzilla::WebService::Server; use strict; use Bugzilla::Error; +use Bugzilla::Util qw(datetime_from); sub handle_login { my ($self, $class, $method, $full_method) = @_; @@ -29,4 +30,12 @@ sub handle_login { Bugzilla->login(); } +sub datetime_format_inbound { + my ($self, $time) = @_; + + my $converted = datetime_from($time, Bugzilla->local_timezone); + $time = $converted->ymd() . ' ' . $converted->hms(); + return $time +} + 1; diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index f929b28ac..d07901a7f 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -27,7 +27,6 @@ use base qw(JSON::RPC::Server::CGI Bugzilla::WebService::Server); use Bugzilla::Error; use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data); -use Bugzilla::Util qw(datetime_from); sub new { my $class = shift; @@ -77,20 +76,17 @@ sub type { } elsif ($type eq 'dateTime') { # ISO-8601 "YYYYMMDDTHH:MM:SS" with a literal T - $retval = $self->datetime_format($value); + $retval = $self->datetime_format_outbound($value); } # XXX Will have to implement base64 if Bugzilla starts using it. return $retval; } -sub datetime_format { - my ($self, $date_string) = @_; - - # YUI expects ISO8601 in UTC time; uncluding TZ specifier - my $time = datetime_from($date_string, 'UTC'); - my $iso_datetime = $time->iso8601() . 'Z'; - return $iso_datetime; +sub datetime_format_outbound { + my $self = shift; + # YUI expects ISO8601 in UTC time; including TZ specifier + return $self->SUPER::datetime_format_outbound(@_) . 'Z'; } @@ -192,10 +188,10 @@ sub _argument_type_check { my $value = $params->{$field}; if (ref $value eq 'ARRAY') { $params->{$field} = - [ map { $self->_bz_convert_datetime($_) } @$value ]; + [ map { $self->datetime_format_inbound($_) } @$value ]; } else { - $params->{$field} = $self->_bz_convert_datetime($value); + $params->{$field} = $self->datetime_format_inbound($value); } } } @@ -220,14 +216,6 @@ sub _argument_type_check { return $params; } -sub _bz_convert_datetime { - my ($self, $time) = @_; - - my $converted = datetime_from($time, Bugzilla->local_timezone); - $time = $converted->ymd() . ' ' . $converted->hms(); - return $time -} - sub handle_login { my $self = shift; diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index f06c81fc7..a492266c6 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -106,10 +106,12 @@ sub decode_value { # We convert dateTimes to a DB-friendly date format. if ($type eq 'dateTime.iso8601') { - # We leave off the $ from the end of this regex to allow for possible - # extensions to the XML-RPC date standard. - $value =~ /^(\d{4})(\d{2})(\d{2})T(\d{2}):(\d{2}):(\d{2})/; - $value = "$1-$2-$3 $4:$5:$6"; + if ($value !~ /T.*[\-+Z]/i) { + # The caller did not specify a timezone, so we assume UTC. + # pass 'Z' specifier to datetime_from to force it + $value = $value . 'Z'; + } + $value = $self->datetime_format_inbound($value); } return $value; @@ -288,7 +290,9 @@ API via: C<http://bugzilla.yourdomain.com/xmlrpc.cgi> =head1 PARAMETERS C<dateTime> fields are the standard C<dateTime.iso8601> XML-RPC field. They -should be in C<YYYY-MM-DDTHH:MM:SS> format (where C<T> is a literal T). +should be in C<YYYY-MM-DDTHH:MM:SS> format (where C<T> is a literal T). As +of Bugzilla B<3.6>, Bugzilla always expects C<dateTime> fields to be in the +UTC timezone, and all returned C<dateTime> values are in the UTC timezone. All other fields are standard XML-RPC types. @@ -306,6 +310,14 @@ Normally, XML-RPC does not allow empty values for C<int>, C<double>, or C<dateTime.iso8601> fields. Bugzilla does--it treats empty values as C<undef> (called C<NULL> or C<None> in some programming languages). +Bugzilla accepts a timezone specifier at the end of C<dateTime.iso8601> +fields that are specified as method arguments. The format of the timezone +specifier is specified in the ISO-8601 standard. If no timezone specifier +is included, the passed-in time is assumed to be in the UTC timezone. +Bugzilla will never output a timezone specifier on returned data, because +doing so would violate the XML-RPC specification. All returned times are in +the UTC timezone. + Bugzilla also accepts an element called C<< <nil> >>, as specified by the XML-RPC extension here: L<http://ontosys.com/xml-rpc/extensions.php>, which is always considered to be C<undef>, no matter what it contains. diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 67a4720de..76d4d3e37 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -370,7 +370,7 @@ An account with that email address already exists in Bugzilla. =item C<create> -B<EXPERIMENTAL> +B<STABLE> =over @@ -439,7 +439,7 @@ password is under three characters.) =item C<get> -B<UNSTABLE> +B<STABLE> =over diff --git a/buglist.cgi b/buglist.cgi index 810dd7b00..3090b2a88 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -85,9 +85,11 @@ if (grep { $_ =~ /^cmd\-/ } $cgi->param()) { # if ($cgi->request_method() eq 'POST') { $cgi->clean_search_url(); - - print $cgi->redirect(-url => $cgi->self_url()); - exit; + my $uri_length = length($cgi->self_url()); + if ($uri_length < CGI_URI_LIMIT) { + print $cgi->redirect(-url => $cgi->self_url()); + exit; + } } # Determine whether this is a quicksearch query. diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index c9552e0c6..546e7638d 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -285,7 +285,7 @@ <listitem> <para> - CGI &min-cgi-ver; + CGI (&min-cgi-ver;) </para> </listitem> @@ -297,6 +297,18 @@ <listitem> <para> + DateTime (&min-datetime-ver;) + </para> + </listitem> + + <listitem> + <para> + DateTime::TimeZone (&min-datetime-timezone-ver;) + </para> + </listitem> + + <listitem> + <para> DBI (&min-dbi-ver;) </para> </listitem> @@ -322,8 +334,7 @@ <listitem> <para> - <link linkend="install-modules-template">Template</link> - (&min-template-ver;) + Digest::SHA (&min-digest-sha-ver;) </para> </listitem> @@ -335,9 +346,34 @@ <listitem> <para> + Email::MIME (&min-email-mime-ver;) + </para> + </listitem> + + <listitem> + <para> + Email::MIME::Encodings (&min-email-mime-encodings-ver;) + </para> + </listitem> + + <listitem> + <para> Email::MIME::Modifier (&min-email-mime-modifier-ver;) </para> </listitem> + + <listitem> + <para> + <link linkend="install-modules-template">Template</link> + (&min-template-ver;) + </para> + </listitem> + + <listitem> + <para> + URI (&min-uri-ver;) + </para> + </listitem> </orderedlist> Optional Perl modules: @@ -352,7 +388,7 @@ <listitem> <para> Template::Plugin::GD::Image - (&min-gd-ver;) for Graphical Reports + (&min-template-plugin-gd-image-ver;) for Graphical Reports </para> </listitem> @@ -413,6 +449,13 @@ <listitem> <para> + Authen::SASL + (&min-authen-sasl-ver;) for SASL Authentication + </para> + </listitem> + + <listitem> + <para> Authen::Radius (&min-authen-radius-ver;) for RADIUS Authentication </para> @@ -427,6 +470,20 @@ <listitem> <para> + JSON::RPC + (&min-json-rpc-ver;) for the JSON-RPC interface + </para> + </listitem> + + <listitem> + <para> + Test::Taint + (&min-test-taint-ver;) for the web service interface + </para> + </listitem> + + <listitem> + <para> HTML::Parser (&min-html-parser-ver;) for More HTML in Product/Group Descriptions </para> @@ -455,6 +512,20 @@ <listitem> <para> + TheSchwartz + (&min-theschwartz-ver;) for Mail Queueing + </para> + </listitem> + + <listitem> + <para> + Daemon::Generic + (&min-daemon-generic-ver;) for Mail Queueing + </para> + </listitem> + + <listitem> + <para> mod_perl2 (&min-mod_perl2-ver;) for mod_perl </para> diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 37840c128..b22a47160 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -578,6 +578,52 @@ <h2 id="v34_point">Updates In This 3.4.x Release</h2> +<h3>3.4.6</h3> + +<ul> + <li>When doing a search that involves "not equals" or "does not contain the + string" or similar "negative" search types, the search description that + appears at the top of the resulting [% terms.bug %] list will indicate + that the search was of that type. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=474738">[% terms.Bug %] 474738</a>) + </li> + <li>In Internet Explorer, users couldn't easily mark a RESOLVED DUPLICATE + [%+ terms.bug %] as REOPENED, due to a JavaScript error. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=546719">[% terms.Bug %] 546719</a>) + </li> + <li>If you use a "bookmarkable template" to pre-fill forms on + the [% terms.bug %]-filing page, and you have custom fields + that are only supposed to appear (or only supposed to have certain + values) based on the values of other fields, those custom fields will + now work properly. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=538211">[% terms.Bug %] 538211</a>) + </li> + <li>If you have a custom field that's only supposed to appear when + a [% terms.bug %]'s resolution is FIXED, it will now behave properly + on the [% terms.bug %]-editing form when a user sets the [% terms.bug %]'s + status to RESOLVED. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=520993">[% terms.Bug %] 520993</a>) + </li> + <li>If you are logged-out and using <kbd>request.cgi</kbd>, the Requester + and Requestee fields no longer respect the <kbd>usermatching</kbd> + parameter--they always require full usernames. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=533018">[% terms.Bug %] 533018</a>) + </li> + <li>If you tried to do a search with too many terms (resulting in a URL + that was longer than about 7000 characters), Apache would return a + 500 error instead of your search results. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=513989">[% terms.Bug %] 513989</a>) + </li> + <li>[% terms.Bugzilla %] would sometimes lose fields from your sort order + when you added new fields to your sort order. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=470214">[% terms.Bug %] 470214</a>) + </li> + <li>The Atom format of search results would sometimes be missing the + Reporter or Assignee field for some [% terms.bugs %]. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=537834">[% terms.Bug %] 537834</a>) + </li> +</ul> + <h3>3.4.5</h3> <p>This release contains fixes for multiple security issues. See the |