summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xattachment.cgi31
-rw-r--r--template/en/default/attachment/cancel-create-dupe.html.tmpl48
-rw-r--r--template/en/default/attachment/create.html.tmpl1
3 files changed, 80 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 937087a51..2520c0032 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -327,6 +327,7 @@ sub enter {
'component_id' => $bug->component_id});
$vars->{'flag_types'} = $flag_types;
$vars->{'any_flags_requesteeble'} = grep($_->is_requesteeble, @$flag_types);
+ $vars->{'token'} = issue_session_token('createattachment:');
print $cgi->header();
@@ -348,6 +349,30 @@ sub insert {
validateCanChangeBug($bugid);
my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()");
+ # Detect if the user already used the same form to submit an attachment
+ my $token = trim($cgi->param('token'));
+ if ($token) {
+ my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token);
+ unless ($creator_id
+ && ($creator_id == $user->id)
+ && ($old_attach_id =~ "^createattachment:"))
+ {
+ # The token is invalid.
+ ThrowUserError('token_does_not_exist');
+ }
+
+ $old_attach_id =~ s/^createattachment://;
+
+ if ($old_attach_id) {
+ $vars->{'bugid'} = $bugid;
+ $vars->{'attachid'} = $old_attach_id;
+ print $cgi->header();
+ $template->process("attachment/cancel-create-dupe.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+ }
+ }
+
my $bug = new Bugzilla::Bug($bugid);
my $attachment =
Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user,
@@ -379,6 +404,12 @@ sub insert {
}
$bug->update($timestamp);
+ if ($token) {
+ trick_taint($token);
+ $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef,
+ ("createattachment:" . $attachment->id, $token));
+ }
+
$dbh->bz_commit_transaction;
# Define the variables and functions that will be passed to the UI template.
diff --git a/template/en/default/attachment/cancel-create-dupe.html.tmpl b/template/en/default/attachment/cancel-create-dupe.html.tmpl
new file mode 100644
index 000000000..f838955bc
--- /dev/null
+++ b/template/en/default/attachment/cancel-create-dupe.html.tmpl
@@ -0,0 +1,48 @@
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Olav Vitters.
+ #
+ # Contributor(s): Olav Vitters <olav@bkor.dhs.org>
+ # David Lawrence <dkl@redhat.com>
+ #%]
+
+[%# INTERFACE:
+ # bugid: integer. ID of the bug report that this attachment relates to.
+ # attachid: integer. ID of the previous attachment recently created.
+ #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl
+ title = "Already filed attachment"
+%]
+
+[% USE Bugzilla %]
+
+<table cellpadding="20">
+ <tr>
+ <td bgcolor="#ff0000">
+ <font size="+2">
+ You already used the form to file
+ <a href="[% urlbase FILTER html %]attachment.cgi?id=[% attachid FILTER url_quote %]&action=edit">attachment [% attachid FILTER url_quote %]</a>.
+ </font>
+ </td>
+ </tr>
+</table>
+
+<p>
+ You can either <a href="[% urlbase FILTER html %]attachment.cgi?bugid=[% bugid FILTER url_quote %]&action=enter">
+ create a new attachment</a> or [% "go back to $terms.bug $bugid" FILTER bug_link(bugid) FILTER none %].
+<p>
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/attachment/create.html.tmpl b/template/en/default/attachment/create.html.tmpl
index 7944228f3..10648159b 100644
--- a/template/en/default/attachment/create.html.tmpl
+++ b/template/en/default/attachment/create.html.tmpl
@@ -42,6 +42,7 @@
<form name="entryform" method="post" action="attachment.cgi" enctype="multipart/form-data">
<input type="hidden" name="bugid" value="[% bug.bug_id %]">
<input type="hidden" name="action" value="insert">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<table class="attachment_entry">
[% PROCESS attachment/createformcontents.html.tmpl %]