summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi105
1 files changed, 39 insertions, 66 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 45538ae23..fcbe86a78 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -114,7 +114,7 @@ elsif ($action eq "update")
}
else
{
- DisplayError("I could not figure out what you wanted to do.")
+ ThrowCodeError("unknown_action");
}
exit;
@@ -128,15 +128,15 @@ sub validateID
# Validate the value of the "id" form field, which must contain an
# integer that is the ID of an existing attachment.
- detaint_natural($::FORM{'id'})
- || DisplayError("You did not enter a valid attachment number.")
- && exit;
+ $vars->{'attach_id'} = $::FORM{'id'};
+
+ detaint_natural($::FORM{'id'})
+ || ThrowUserError("invalid_attach_id");
# Make sure the attachment exists in the database.
SendSQL("SELECT bug_id, isprivate FROM attachments WHERE attach_id = $::FORM{'id'}");
MoreSQLData()
- || DisplayError("Attachment #$::FORM{'id'} does not exist.")
- && exit;
+ || ThrowUserError("invalid_attach_id");
# Make sure the user is authorized to access this attachment's bug.
my ($bugid, $isprivate) = FetchSQLData();
@@ -164,15 +164,13 @@ sub validateCanEdit
"attach_id = $attach_id AND submitter_id = $::userid");
FetchSQLData()
- || DisplayError("You are not authorised to edit attachment #$attach_id")
- && exit;
+ || ThrowUserError("illegal_attachment_edit");
}
sub validateDescription
{
$::FORM{'description'}
- || DisplayError("You must enter a description for the attachment.")
- && exit;
+ || ThrowUserError("missing_attachment_description");
}
sub validateIsPatch
@@ -190,10 +188,7 @@ sub validateContentType
{
if (!$::FORM{'contenttypemethod'})
{
- DisplayError("You must choose a method for determining the content type,
- either <em>auto-detect</em>, <em>select from list</em>, or <em>enter
- manually</em>.");
- exit;
+ ThrowUserError("missing_content_type_method");
}
elsif ($::FORM{'contenttypemethod'} eq 'autodetect')
{
@@ -201,10 +196,7 @@ sub validateContentType
# specified in the HTTP request headers.
if ( !$::FILE{'data'}->{'contenttype'} )
{
- DisplayError("You asked Bugzilla to auto-detect the content type, but
- your browser did not specify a content type when uploading the file,
- so you must enter a content type manually.");
- exit;
+ ThrowUserError("missing_content_type");
}
$::FORM{'contenttype'} = $::FILE{'data'}->{'contenttype'};
}
@@ -220,22 +212,14 @@ sub validateContentType
}
else
{
- my $htmlcontenttypemethod = html_quote($::FORM{'contenttypemethod'});
- DisplayError("Your form submission got corrupted somehow. The <em>content
- method</em> field, which specifies how the content type gets determined,
- should have been either <em>autodetect</em>, <em>list</em>,
- or <em>manual</em>, but was instead <em>$htmlcontenttypemethod</em>.");
- exit;
+ $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};
+ ThrowCodeError("illegal_content_type_method");
}
if ( $::FORM{'contenttype'} !~ /^(application|audio|image|message|model|multipart|text|video)\/.+$/ )
{
- my $htmlcontenttype = html_quote($::FORM{'contenttype'});
- DisplayError("The content type <em>$htmlcontenttype</em> is invalid.
- Valid types must be of the form <em>foo/bar</em> where <em>foo</em>
- is either <em>application, audio, image, message, model, multipart,
- text,</em> or <em>video</em>.");
- exit;
+ $vars->{'contenttype'} = $::FORM{'contenttype'};
+ ThrowUserError("invalid_content_type");
}
}
@@ -271,9 +255,8 @@ sub validateStatuses
foreach my $status (@{$::MFORM{'status'}})
{
grep($_ == $status, @statusdefs)
- || DisplayError("One of the statuses you entered is not a valid status
- for this attachment.")
- && exit;
+ || ThrowUserError("invalid_attach_status");
+
# We have tested that the status is valid, so it can be detainted
detaint_natural($status);
}
@@ -282,8 +265,7 @@ sub validateStatuses
sub validateData
{
$::FORM{'data'}
- || DisplayError("The file you are trying to attach is empty!")
- && exit;
+ || ThrowUserError("zero_length_file");
my $len = length($::FORM{'data'});
@@ -294,27 +276,18 @@ sub validateData
# the "maxattachmentsize" parameter.
if ( $::FORM{'ispatch'} && $maxpatchsize && $len > $maxpatchsize*1024 )
{
- my $lenkb = sprintf("%.0f", $len/1024);
- DisplayError("The file you are trying to attach is ${lenkb} kilobytes (KB) in size.
- Patches cannot be more than ${maxpatchsize}KB in size.
- Try breaking your patch into several pieces.");
- exit;
+ $vars->{'filesize'} = sprintf("%.0f", $len/1024);
+ ThrowUserError("patch_too_large");
} elsif ( !$::FORM{'ispatch'} && $maxattachmentsize && $len > $maxattachmentsize*1024 ) {
- my $lenkb = sprintf("%.0f", $len/1024);
- DisplayError("The file you are trying to attach is ${lenkb} kilobytes (KB) in size.
- Non-patch attachments cannot be more than ${maxattachmentsize}KB.
- If your attachment is an image, try converting it to a compressable
- format like JPG or PNG, or put it elsewhere on the web and
- link to it from the bug's URL field or in a comment on the bug.");
- exit;
+ $vars->{'filesize'} = sprintf("%.0f", $len/1024);
+ ThrowUserError("file_too_large");
}
}
sub validateFilename
{
defined $::FILE{'data'}
- || DisplayError("You did not specify a file to attach.")
- && exit;
+ || ThrowUserError("file_not_specified");
}
sub validateObsolete
@@ -322,35 +295,32 @@ sub validateObsolete
# Make sure the attachment id is valid and the user has permissions to view
# the bug to which it is attached.
foreach my $attachid (@{$::MFORM{'obsolete'}}) {
+ $vars->{'attach_id'} = $attachid;
+
detaint_natural($attachid)
- || DisplayError("The attachment number of one of the attachments
- you wanted to obsolete is invalid.")
- && exit;
+ || ThrowCodeError("invalid_attach_id_to_obsolete");
SendSQL("SELECT bug_id, isobsolete, description
FROM attachments WHERE attach_id = $attachid");
# Make sure the attachment exists in the database.
MoreSQLData()
- || DisplayError("Attachment #$attachid does not exist.")
- && exit;
+ || ThrowUserError("invalid_attach_id");
my ($bugid, $isobsolete, $description) = FetchSQLData();
+ $vars->{'description'} = $description;
+
if ($bugid != $::FORM{'bugid'})
{
- $description = html_quote($description);
- DisplayError("Attachment #$attachid ($description) is attached
- to bug #$bugid, but you tried to flag it as obsolete while
- creating a new attachment to bug #$::FORM{'bugid'}.");
- exit;
+ $vars->{'my_bug_id'} = $::FORM{'bugid'};
+ $vars->{'attach_bug_id'} = $bugid;
+ ThrowCodeError("mismatched_bug_ids_on_obsolete");
}
if ( $isobsolete )
{
- $description = html_quote($description);
- DisplayError("Attachment #$attachid ($description) is already obsolete.");
- exit;
+ ThrowCodeError("attachment_already_obsolete");
}
# Check that the user can modify this attachment
@@ -632,10 +602,13 @@ sub update
# Get the bug ID for the bug to which this attachment is attached.
SendSQL("SELECT bug_id FROM attachments WHERE attach_id = $::FORM{'id'}");
- my $bugid = FetchSQLData()
- || DisplayError("Cannot figure out bug number.")
- && exit;
-
+ my $bugid = FetchSQLData();
+ unless ($bugid)
+ {
+ $vars->{'bug_id'} = $bugid;
+ ThrowUserError("invalid_bug_id");
+ }
+
# Lock database tables in preparation for updating the attachment.
SendSQL("LOCK TABLES attachments WRITE , attachstatuses WRITE ,
attachstatusdefs READ , fielddefs READ , bugs_activity WRITE");