diff options
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 66 |
1 files changed, 53 insertions, 13 deletions
diff --git a/attachment.cgi b/attachment.cgi index d707d68c0..3ffcda821 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -52,6 +52,7 @@ use Bugzilla::Attachment; use Bugzilla::Attachment::PatchReader; use Bugzilla::Token; use Bugzilla::Keyword; +use Bugzilla::Hook; use Encode qw(encode find_encoding); @@ -76,6 +77,12 @@ local our $vars = {}; my $action = $cgi->param('action') || 'view'; my $format = $cgi->param('format') || ''; +# BMO: Don't allow updating of bugs if disabled +if (Bugzilla->params->{disable_bug_updates} && $cgi->request_method eq 'POST') { + ThrowErrorPage('bug/process/updates-disabled.html.tmpl', + 'Bug updates are currently disabled.'); +} + # You must use the appropriate urlbase/sslbase param when doing anything # but viewing an attachment, or a raw diff. if ($action ne 'view' @@ -174,7 +181,7 @@ sub validateID { { attach_id => scalar $cgi->param($param) }); # Make sure the attachment exists in the database. - my $attachment = new Bugzilla::Attachment($attach_id) + my $attachment = new Bugzilla::Attachment({ id => $attach_id, cache => 1 }) || ThrowUserError("invalid_attach_id", { attach_id => $attach_id }); return $attachment if ($dont_validate_access || check_can_access($attachment)); @@ -186,7 +193,7 @@ sub check_can_access { my $user = Bugzilla->user; # Make sure the user is authorized to access this attachment's bug. - Bugzilla::Bug->check($attachment->bug_id); + Bugzilla::Bug->check({ id => $attachment->bug_id, cache => 1 }); if ($attachment->isprivate && $user->id != $attachment->attacher->id && !$user->is_insider) { @@ -381,6 +388,9 @@ sub view { # Return the appropriate HTTP response headers. $attachment->datasize || ThrowUserError("attachment_removed"); + # BMO add a hook for github url redirection + Bugzilla::Hook::process('attachment_view', { attachment => $attachment }); + $filename =~ s/^.*[\/\\]//; # escape quotes and backslashes in the filename, per RFCs 2045/822 $filename =~ s/\\/\\\\/g; # escape backslashes @@ -449,10 +459,9 @@ sub diff { # HTML page. sub viewall { # Retrieve and validate parameters - my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); - my $bugid = $bug->id; + my $bug = Bugzilla::Bug->check({ id => scalar $cgi->param('bugid'), cache => 1 }); - my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid); + my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bug); # Ignore deleted attachments. @$attachments = grep { $_->datasize } @$attachments; @@ -497,7 +506,8 @@ sub enter { my $flag_types = Bugzilla::FlagType::match({'target_type' => 'attachment', 'product_id' => $bug->product_id, - 'component_id' => $bug->component_id}); + 'component_id' => $bug->component_id, + 'is_active' => 1}); $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep { $_->is_requestable && $_->is_requesteeble } @$flag_types; @@ -540,6 +550,13 @@ sub insert { my $data_fh = $cgi->upload('data'); my $attach_text = $cgi->param('attach_text'); + if ($attach_text) { + # Convert to unix line-endings if pasting a patch + if (scalar($cgi->param('ispatch'))) { + $attach_text =~ s/[\012\015]{1,2}/\012/g; + } + } + my $attachment = Bugzilla::Attachment->create( {bug => $bug, creation_ts => $timestamp, @@ -559,6 +576,8 @@ sub insert { $obsolete_attachment->update($timestamp); } + # BMO - allow pre-processing of attachment flags + Bugzilla::Hook::process('create_attachment_flags', { bug => $bug }); my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi( $bug, $attachment, $vars, SKIP_REQUESTEE_ON_ERROR); $attachment->set_flags($flags, $new_flags); @@ -618,9 +637,7 @@ sub edit { my $attachment = validateID(); my $bugattachments = - Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id); - # We only want attachment IDs. - @$bugattachments = map { $_->id } @$bugattachments; + Bugzilla::Attachment->get_attachments_by_bug($attachment->bug); my $any_flags_requesteeble = grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types}; @@ -652,7 +669,7 @@ sub update { my $attachment = validateID(); my $bug = $attachment->bug; $attachment->_check_bug; - my $can_edit = $attachment->validate_can_edit($bug->product_id); + my $can_edit = $attachment->validate_can_edit; if ($can_edit) { $attachment->set_description(scalar $cgi->param('description')); @@ -705,11 +722,35 @@ sub update { extra_data => $attachment->id }); } + my ($flags, $new_flags) = + Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); + if ($can_edit) { - my ($flags, $new_flags) = - Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars); $attachment->set_flags($flags, $new_flags); } + # Requestees can set flags targetted to them, even if they cannot + # edit the attachment. Flag setters can edit their own flags too. + elsif (scalar @$flags) { + my @flag_ids = map { $_->{id} } @$flags; + my $flag_objs = Bugzilla::Flag->new_from_list(\@flag_ids); + my %flag_list = map { $_->id => $_ } @$flag_objs; + + my @editable_flags; + foreach my $flag (@$flags) { + my $flag_obj = $flag_list{$flag->{id}}; + if ($flag_obj->setter_id == $user->id + || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id)) + { + push(@editable_flags, $flag); + } + } + + if (scalar @editable_flags) { + $attachment->set_flags(\@editable_flags, []); + # Flag changes must be committed. + $can_edit = 1; + } + } # Figure out when the changes were made. my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); @@ -779,7 +820,6 @@ sub delete_attachment { # The token is valid. Delete the content of the attachment. my $msg; $vars->{'attachment'} = $attachment; - $vars->{'date'} = $date; $vars->{'reason'} = clean_text($cgi->param('reason') || ''); $template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg) |