summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi7
1 files changed, 4 insertions, 3 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 2f48c0805..8792b4aec 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -91,11 +91,13 @@ elsif ($action eq "viewall")
}
elsif ($action eq "enter")
{
+ confirm_login();
ValidateBugID($::FORM{'bugid'});
enter();
}
elsif ($action eq "insert")
{
+ confirm_login();
ValidateBugID($::FORM{'bugid'});
validateFilename();
validateData();
@@ -472,12 +474,11 @@ sub insert
my $filename = SqlQuote($::FILE{'data'}->{'filename'});
my $description = SqlQuote($::FORM{'description'});
my $contenttype = SqlQuote($::FORM{'contenttype'});
- my $submitterid = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'});
my $thedata = SqlQuote($::FORM{'data'});
# Insert the attachment into the database.
SendSQL("INSERT INTO attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata)
- VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $submitterid, $thedata)");
+ VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $::userid, $thedata)");
# Retrieve the ID of the newly created attachment record.
SendSQL("SELECT LAST_INSERT_ID()");
@@ -501,7 +502,7 @@ sub insert
foreach my $attachid (@{$::MFORM{'obsolete'}}) {
SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid");
SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added)
- VALUES ($::FORM{'bugid'}, $attachid, $submitterid, NOW(), $fieldid, '0', '1')");
+ VALUES ($::FORM{'bugid'}, $attachid, $::userid, NOW(), $fieldid, '0', '1')");
}
# Send mail to let people know the attachment has been created. Uses a