diff options
| -rwxr-xr-x | enter_bug.cgi | 3 | ||||
| -rwxr-xr-x | post_bug.cgi | 34 | ||||
| -rw-r--r-- | template/en/default/bug/create/confirm-create-dupe.html.tmpl | 55 | ||||
| -rw-r--r-- | template/en/default/bug/create/create-guided.html.tmpl | 1 | ||||
| -rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 1 |
5 files changed, 94 insertions, 0 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index 4b39cb750..e4adb8fb7 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -45,6 +45,7 @@ use Bugzilla::Hook; use Bugzilla::Product; use Bugzilla::Classification; use Bugzilla::Keyword; +use Bugzilla::Token; require "globals.pl"; use vars qw( @@ -358,6 +359,8 @@ $vars->{'qa_contact_disabled'} = !UserInGroup('editbugs'); $vars->{'cloned_bug_id'} = $cloned_bug_id; +$vars->{'token'} = Bugzilla::Token::IssueSessionToken('createbug:'); + if ($cloned_bug_id) { $default{'component_'} = $cloned_bug->{'component'}; diff --git a/post_bug.cgi b/post_bug.cgi index 4258251b5..5f3f91c3b 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -35,6 +35,7 @@ use Bugzilla::User; use Bugzilla::Field; use Bugzilla::Product; use Bugzilla::Keyword; +use Bugzilla::Token; # Shut up misguided -w warnings about "used only once". For some reason, # "use vars" chokes on me when I try it here. @@ -73,6 +74,33 @@ sub GroupIsActive { # Main Script ###################################################################### +# Detect if the user already used the same form to submit a bug +my $token = trim($cgi->param('token')); +if ($token) { + my ($creator_id, $date, $old_bug_id) = Bugzilla::Token::GetTokenData($token); + unless ($creator_id + && ($creator_id == $user->id) + && ($old_bug_id =~ "^createbug:")) + { + # The token is invalid. + ThrowUserError('token_inexistent'); + } + + $old_bug_id =~ s/^createbug://; + + if ($old_bug_id && (!$cgi->param('ignore_token') + || ($cgi->param('ignore_token') != $old_bug_id))) + { + $vars->{'bugid'} = $old_bug_id; + $vars->{'allow_override'} = defined $cgi->param('ignore_token') ? 0 : 1; + + print $cgi->header(); + $template->process("bug/create/confirm-create-dupe.html.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; + } +} + # do a match on the fields if applicable &Bugzilla::User::match_field ($cgi, { @@ -544,6 +572,12 @@ if ($cgi->cookie("BUGLIST")) { $vars->{'bug_list'} = \@bug_list; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); +if ($token) { + trick_taint($token); + $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, + ("createbug:$id", $token)); +} + print $cgi->header(); $template->process("bug/create/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/template/en/default/bug/create/confirm-create-dupe.html.tmpl b/template/en/default/bug/create/confirm-create-dupe.html.tmpl new file mode 100644 index 000000000..ef3d1ff23 --- /dev/null +++ b/template/en/default/bug/create/confirm-create-dupe.html.tmpl @@ -0,0 +1,55 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Olav Vitters. + # + # Contributor(s): Olav Vitters <olav@bkor.dhs.org> + #%] + +[%# INTERFACE: + # bugid: integer. ID of the bug previously used to create a bug. + # allow_override: boolean int. Is 1 if the user may submit the bug again. + #%] + +[% PROCESS "global/field-descs.none.tmpl" %] + +[% PROCESS global/header.html.tmpl + title = "Already filed $terms.bug" +%] + +<table cellpadding="20"> + <tr> + <td bgcolor="#ff0000"> + <font size="+2"> + You already used the form to file [% "$terms.bug $bugid" FILTER bug_link(bugid) FILTER none %]. + </font> + </td> + </tr> +</table> + +<p><font size="big">You are highly encouraged to visit [% "$terms.bug $bugid" +FILTER bug_link(bugid) FILTER none %].</font></p> + +[% IF allow_override %] + <p>If you are sure you used the same form to submit a new [% terms.bug %], + click 'File [% terms.bug %] again'.<p> + + <form name="create" id="create" method="post" action="post_bug.cgi"> + [% PROCESS "global/hidden-fields.html.tmpl" + exclude="^(Bugzilla_login|Bugzilla_password|ignore_token)$" %] + <input type="hidden" name="ignore_token" value="[% bugid FILTER html %]"> + <input type="submit" value="File [% terms.bug %] again"> + </form> +[% END %] + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/bug/create/create-guided.html.tmpl b/template/en/default/bug/create/create-guided.html.tmpl index 1e41c07ef..fc15e5ce5 100644 --- a/template/en/default/bug/create/create-guided.html.tmpl +++ b/template/en/default/bug/create/create-guided.html.tmpl @@ -185,6 +185,7 @@ function PutDescription() { value="[% default.priority FILTER html %]"> <input type="hidden" name="version" value="[% default.version FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <table valign="top" cellpadding="5" cellspacing="5" border="0"> diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index ca400d31c..eddb8bc68 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -94,6 +94,7 @@ function set_assign_to() { <form name="Create" id="Create" method="post" action="post_bug.cgi"> <input type="hidden" name="product" value="[% product FILTER html %]"> +<input type="hidden" name="token" value="[% token FILTER html %]"> <table cellspacing="2" cellpadding="0" border="0"> |