summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi18
1 files changed, 11 insertions, 7 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 64f78dc36..b5c0f8efe 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -76,6 +76,12 @@ local our $vars = {};
my $action = $cgi->param('action') || 'view';
my $format = $cgi->param('format') || '';
+# BMO: Don't allow updating of bugs if disabled
+if (Bugzilla->params->{disable_bug_updates} && $cgi->request_method eq 'POST') {
+ ThrowErrorPage('bug/process/updates-disabled.html.tmpl',
+ 'Bug updates are currently disabled.');
+}
+
# You must use the appropriate urlbase/sslbase param when doing anything
# but viewing an attachment, or a raw diff.
if ($action ne 'view'
@@ -174,7 +180,7 @@ sub validateID {
{ attach_id => scalar $cgi->param($param) });
# Make sure the attachment exists in the database.
- my $attachment = new Bugzilla::Attachment($attach_id)
+ my $attachment = new Bugzilla::Attachment({ id => $attach_id, cache => 1 })
|| ThrowUserError("invalid_attach_id", { attach_id => $attach_id });
return $attachment if ($dont_validate_access || check_can_access($attachment));
@@ -186,7 +192,7 @@ sub check_can_access {
my $user = Bugzilla->user;
# Make sure the user is authorized to access this attachment's bug.
- Bugzilla::Bug->check($attachment->bug_id);
+ Bugzilla::Bug->check({ id => $attachment->bug_id, cache => 1 });
if ($attachment->isprivate && $user->id != $attachment->attacher->id
&& !$user->is_insider)
{
@@ -448,7 +454,7 @@ sub diff {
# HTML page.
sub viewall {
# Retrieve and validate parameters
- my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
+ my $bug = Bugzilla::Bug->check({ id => scalar $cgi->param('bugid'), cache => 1 });
my $bugid = $bug->id;
my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid);
@@ -496,7 +502,8 @@ sub enter {
my $flag_types = Bugzilla::FlagType::match({'target_type' => 'attachment',
'product_id' => $bug->product_id,
- 'component_id' => $bug->component_id});
+ 'component_id' => $bug->component_id,
+ 'is_active' => 1});
$vars->{'flag_types'} = $flag_types;
$vars->{'any_flags_requesteeble'} =
grep { $_->is_requestable && $_->is_requesteeble } @$flag_types;
@@ -617,8 +624,6 @@ sub edit {
my $bugattachments =
Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id);
- # We only want attachment IDs.
- @$bugattachments = map { $_->id } @$bugattachments;
my $any_flags_requesteeble =
grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types};
@@ -774,7 +779,6 @@ sub delete_attachment {
# The token is valid. Delete the content of the attachment.
my $msg;
$vars->{'attachment'} = $attachment;
- $vars->{'date'} = $date;
$vars->{'reason'} = clean_text($cgi->param('reason') || '');
$template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg)