diff options
| -rwxr-xr-x | attachment.cgi | 31 | ||||
| -rw-r--r-- | template/en/default/attachment/cancel-create-dupe.html.tmpl | 48 | ||||
| -rw-r--r-- | template/en/default/attachment/create.html.tmpl | 1 |
3 files changed, 80 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi index 937087a51..2520c0032 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -327,6 +327,7 @@ sub enter { 'component_id' => $bug->component_id}); $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep($_->is_requesteeble, @$flag_types); + $vars->{'token'} = issue_session_token('createattachment:'); print $cgi->header(); @@ -348,6 +349,30 @@ sub insert { validateCanChangeBug($bugid); my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()"); + # Detect if the user already used the same form to submit an attachment + my $token = trim($cgi->param('token')); + if ($token) { + my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token); + unless ($creator_id + && ($creator_id == $user->id) + && ($old_attach_id =~ "^createattachment:")) + { + # The token is invalid. + ThrowUserError('token_does_not_exist'); + } + + $old_attach_id =~ s/^createattachment://; + + if ($old_attach_id) { + $vars->{'bugid'} = $bugid; + $vars->{'attachid'} = $old_attach_id; + print $cgi->header(); + $template->process("attachment/cancel-create-dupe.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; + } + } + my $bug = new Bugzilla::Bug($bugid); my $attachment = Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user, @@ -379,6 +404,12 @@ sub insert { } $bug->update($timestamp); + if ($token) { + trick_taint($token); + $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, + ("createattachment:" . $attachment->id, $token)); + } + $dbh->bz_commit_transaction; # Define the variables and functions that will be passed to the UI template. diff --git a/template/en/default/attachment/cancel-create-dupe.html.tmpl b/template/en/default/attachment/cancel-create-dupe.html.tmpl new file mode 100644 index 000000000..f838955bc --- /dev/null +++ b/template/en/default/attachment/cancel-create-dupe.html.tmpl @@ -0,0 +1,48 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Olav Vitters. + # + # Contributor(s): Olav Vitters <olav@bkor.dhs.org> + # David Lawrence <dkl@redhat.com> + #%] + +[%# INTERFACE: + # bugid: integer. ID of the bug report that this attachment relates to. + # attachid: integer. ID of the previous attachment recently created. + #%] + +[% PROCESS "global/field-descs.none.tmpl" %] + +[% PROCESS global/header.html.tmpl + title = "Already filed attachment" +%] + +[% USE Bugzilla %] + +<table cellpadding="20"> + <tr> + <td bgcolor="#ff0000"> + <font size="+2"> + You already used the form to file + <a href="[% urlbase FILTER html %]attachment.cgi?id=[% attachid FILTER url_quote %]&action=edit">attachment [% attachid FILTER url_quote %]</a>. + </font> + </td> + </tr> +</table> + +<p> + You can either <a href="[% urlbase FILTER html %]attachment.cgi?bugid=[% bugid FILTER url_quote %]&action=enter"> + create a new attachment</a> or [% "go back to $terms.bug $bugid" FILTER bug_link(bugid) FILTER none %]. +<p> + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/attachment/create.html.tmpl b/template/en/default/attachment/create.html.tmpl index 7944228f3..10648159b 100644 --- a/template/en/default/attachment/create.html.tmpl +++ b/template/en/default/attachment/create.html.tmpl @@ -42,6 +42,7 @@ <form name="entryform" method="post" action="attachment.cgi" enctype="multipart/form-data"> <input type="hidden" name="bugid" value="[% bug.bug_id %]"> <input type="hidden" name="action" value="insert"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <table class="attachment_entry"> [% PROCESS attachment/createformcontents.html.tmpl %] |