diff options
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/attachment.cgi b/attachment.cgi index 64f78dc36..b5c0f8efe 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -76,6 +76,12 @@ local our $vars = {}; my $action = $cgi->param('action') || 'view'; my $format = $cgi->param('format') || ''; +# BMO: Don't allow updating of bugs if disabled +if (Bugzilla->params->{disable_bug_updates} && $cgi->request_method eq 'POST') { + ThrowErrorPage('bug/process/updates-disabled.html.tmpl', + 'Bug updates are currently disabled.'); +} + # You must use the appropriate urlbase/sslbase param when doing anything # but viewing an attachment, or a raw diff. if ($action ne 'view' @@ -174,7 +180,7 @@ sub validateID { { attach_id => scalar $cgi->param($param) }); # Make sure the attachment exists in the database. - my $attachment = new Bugzilla::Attachment($attach_id) + my $attachment = new Bugzilla::Attachment({ id => $attach_id, cache => 1 }) || ThrowUserError("invalid_attach_id", { attach_id => $attach_id }); return $attachment if ($dont_validate_access || check_can_access($attachment)); @@ -186,7 +192,7 @@ sub check_can_access { my $user = Bugzilla->user; # Make sure the user is authorized to access this attachment's bug. - Bugzilla::Bug->check($attachment->bug_id); + Bugzilla::Bug->check({ id => $attachment->bug_id, cache => 1 }); if ($attachment->isprivate && $user->id != $attachment->attacher->id && !$user->is_insider) { @@ -448,7 +454,7 @@ sub diff { # HTML page. sub viewall { # Retrieve and validate parameters - my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); + my $bug = Bugzilla::Bug->check({ id => scalar $cgi->param('bugid'), cache => 1 }); my $bugid = $bug->id; my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid); @@ -496,7 +502,8 @@ sub enter { my $flag_types = Bugzilla::FlagType::match({'target_type' => 'attachment', 'product_id' => $bug->product_id, - 'component_id' => $bug->component_id}); + 'component_id' => $bug->component_id, + 'is_active' => 1}); $vars->{'flag_types'} = $flag_types; $vars->{'any_flags_requesteeble'} = grep { $_->is_requestable && $_->is_requesteeble } @$flag_types; @@ -617,8 +624,6 @@ sub edit { my $bugattachments = Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id); - # We only want attachment IDs. - @$bugattachments = map { $_->id } @$bugattachments; my $any_flags_requesteeble = grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types}; @@ -774,7 +779,6 @@ sub delete_attachment { # The token is valid. Delete the content of the attachment. my $msg; $vars->{'attachment'} = $attachment; - $vars->{'date'} = $date; $vars->{'reason'} = clean_text($cgi->param('reason') || ''); $template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg) |