diff options
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-x | buglist.cgi | 125 |
1 files changed, 63 insertions, 62 deletions
diff --git a/buglist.cgi b/buglist.cgi index daee34c9b..ee4b34578 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -56,7 +56,7 @@ if (defined($searchstring)) { } # If configured to not allow empty words, reject empty searches from the -# Find a Specific Bug search form, including words being a single or +# Find a Specific Bug search form, including words being a single or # several consecutive whitespaces only. if (!Bugzilla->params->{'search_allow_no_criteria'} && defined($cgi->param('content')) && $cgi->param('content') =~ /^\s*$/) @@ -88,29 +88,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { $cgi->param('ctype', "atom"); } -# Determine the format in which the user would like to receive the output. -# Uses the default format if the user did not specify an output format; -# otherwise validates the user's choice against the list of available formats. -my $format = $template->get_format("list/list", scalar $cgi->param('format'), - scalar $cgi->param('ctype')); - -# Use server push to display a "Please wait..." message for the user while -# executing their query if their browser supports it and they are viewing -# the bug list as HTML and they have not disabled it by adding &serverpush=0 -# to the URL. -# -# Server push is compatible with Gecko-based browsers and Opera, but not with -# MSIE, Lynx or Safari (bug 441496). - -my $serverpush = - $format->{'extension'} eq "html" - && exists $ENV{'HTTP_USER_AGENT'} - && $ENV{'HTTP_USER_AGENT'} =~ /(Mozilla.[3-9]|Opera)/ - && $ENV{'HTTP_USER_AGENT'} !~ /compatible/i - && $ENV{'HTTP_USER_AGENT'} !~ /(?:WebKit|Trident|KHTML)/ - && !defined($cgi->param('serverpush')) - || $cgi->param('serverpush'); - my $order = $cgi->param('order') || ""; # The params object to use for the actual query itself @@ -197,14 +174,14 @@ sub LookupNamedQuery { # will throw a UserError. Leading and trailing whitespace # will be stripped from this value before it is inserted # into the DB. -# query - The query part of the buglist.cgi URL, unencoded. Must not be +# query - The query part of the buglist.cgi URL, unencoded. Must not be # empty, or we will throw a UserError. -# link_in_footer (optional) - 1 if the Named Query should be +# link_in_footer (optional) - 1 if the Named Query should be # displayed in the user's footer, 0 otherwise. # # All parameters are validated before passing them into the database. # -# Returns: A boolean true value if the query existed in the database +# Returns: A boolean true value if the query existed in the database # before, and we updated it. A boolean false value otherwise. sub InsertNamedQuery { my ($query_name, $query, $link_in_footer) = @_; @@ -231,7 +208,7 @@ sub InsertNamedQuery { sub LookupSeries { my ($series_id) = @_; detaint_natural($series_id) || ThrowCodeError("invalid_series_id"); - + my $dbh = Bugzilla->dbh; my $result = $dbh->selectrow_array("SELECT query FROM series " . "WHERE series_id = ?" @@ -248,8 +225,8 @@ sub GetQuip { my $count = $dbh->selectrow_array("SELECT COUNT(quip)" . " FROM quips WHERE approved = 1"); my $random = int(rand($count)); - my $quip = - $dbh->selectrow_array("SELECT quip FROM quips WHERE approved = 1 " . + my $quip = + $dbh->selectrow_array("SELECT quip FROM quips WHERE approved = 1 " . $dbh->sql_limit(1, $random)); return $quip; } @@ -322,30 +299,20 @@ my $sharer_id; # Backwards-compatibility - the old interface had cmdtype="runnamed" to run # a named command, and we can't break this because it's in bookmarks. -if ($cmdtype eq "runnamed") { +if ($cmdtype eq "runnamed") { $cmdtype = "dorem"; $remaction = "run"; } # Now we're going to be running, so ensure that the params object is set up, -# using ||= so that we only do so if someone hasn't overridden this +# using ||= so that we only do so if someone hasn't overridden this # earlier, for example by setting up a named query search. # This will be modified, so make a copy. $params ||= new Bugzilla::CGI($cgi); -# Generate a reasonable filename for the user agent to suggest to the user -# when the user saves the bug list. Uses the name of the remembered query -# if available. We have to do this now, even though we return HTTP headers -# at the end, because the fact that there is a remembered query gets -# forgotten in the process of retrieving it. -my $disp_prefix = "bugs"; -if ($cmdtype eq "dorem" && $remaction =~ /^run/) { - $disp_prefix = $cgi->param('namedcmd'); -} - # Take appropriate action based on user's request. -if ($cmdtype eq "dorem") { +if ($cmdtype eq "dorem") { if ($remaction eq "run") { my $query_id; ($buffer, $query_id, $sharer_id) = @@ -373,13 +340,13 @@ if ($cmdtype eq "dorem") { elsif ($remaction eq "forget") { $user = Bugzilla->login(LOGIN_REQUIRED); # Copy the name into a variable, so that we can trick_taint it for - # the DB. We know it's safe, because we're using placeholders in + # the DB. We know it's safe, because we're using placeholders in # the SQL, and the SQL is only a DELETE. my $qname = $cgi->param('namedcmd'); trick_taint($qname); # Do not forget the saved search if it is being used in a whine - my $whines_in_use = + my $whines_in_use = $dbh->selectcol_arrayref('SELECT DISTINCT whine_events.subject FROM whine_events INNER JOIN whine_queries @@ -391,7 +358,7 @@ if ($cmdtype eq "dorem") { = ? ', undef, $user->id, $qname); if (scalar(@$whines_in_use)) { - ThrowUserError('saved_search_used_by_whines', + ThrowUserError('saved_search_used_by_whines', { subjects => join(',', @$whines_in_use), search_name => $qname } ); @@ -477,6 +444,40 @@ if (!$params->param('query_format')) { $buffer = $params->query_string; } +# Determine the format in which the user would like to receive the output. +# Uses the default format if the user did not specify an output format; +# otherwise validates the user's choice against the list of available formats. +my $format = $template->get_format("list/list", scalar $cgi->param('format'), + scalar $cgi->param('ctype')); + +# Use server push to display a "Please wait..." message for the user while +# executing their query if their browser supports it and they are viewing +# the bug list as HTML and they have not disabled it by adding &serverpush=0 +# to the URL. +# +# Server push is compatible with Gecko-based browsers and Opera, but not with +# MSIE, Lynx or Safari (bug 441496). + +my $serverpush = + $format->{'extension'} eq "html" + && exists $ENV{'HTTP_USER_AGENT'} + && $ENV{'HTTP_USER_AGENT'} =~ /(Mozilla.[3-9]|Opera)/ + && $ENV{'HTTP_USER_AGENT'} !~ /compatible/i + && $ENV{'HTTP_USER_AGENT'} !~ /(?:WebKit|Trident|KHTML)/ + && !defined($cgi->param('serverpush')) + || $cgi->param('serverpush'); + + +# Generate a reasonable filename for the user agent to suggest to the user +# when the user saves the bug list. Uses the name of the remembered query +# if available. We have to do this now, even though we return HTTP headers +# at the end, because the fact that there is a remembered query gets +# forgotten in the process of retrieving it. +my $disp_prefix = "bugs"; +if ($cmdtype eq "dorem" && $remaction =~ /^run/) { + $disp_prefix = $cgi->param('namedcmd'); +} + ################################################################################ # Column Definition ################################################################################ @@ -487,7 +488,7 @@ my $columns = Bugzilla::Search::COLUMNS; # Display Column Determination ################################################################################ -# Determine the columns that will be displayed in the bug list via the +# Determine the columns that will be displayed in the bug list via the # columnlist CGI parameter, the user's preferences, or the default. my @displaycolumns = (); if (defined $params->param('columnlist')) { @@ -519,8 +520,8 @@ else { @displaycolumns = DEFAULT_COLUMN_LIST; } -# Weed out columns that don't actually exist to prevent the user -# from hacking their column list cookie to grab data to which they +# Weed out columns that don't actually exist to prevent the user +# from hacking their column list cookie to grab data to which they # should not have access. Detaint the data along the way. @displaycolumns = grep($columns->{$_} && trick_taint($_), @displaycolumns); @@ -576,7 +577,7 @@ foreach my $col (@displaycolumns) { push (@selectcolumns, $col) if !grep($_ eq $col, @selectcolumns); } -# If the user is editing multiple bugs, we also make sure to select the +# If the user is editing multiple bugs, we also make sure to select the # status, because the values of that field determines what options the user # has for modifying the bugs. if ($dotweak) { @@ -629,7 +630,7 @@ if ($format->{'extension'} eq 'atom') { if (!$order || $order =~ /^reuse/i) { if ($cgi->cookie('LASTORDER')) { $order = $cgi->cookie('LASTORDER'); - + # Cookies from early versions of Specific Search included this text, # which is now invalid. $order =~ s/ LIMIT 200//; @@ -683,7 +684,7 @@ if ($format->{'extension'} eq 'html' && !defined $params->param('limit')) { } # Generate the basic SQL query that will be used to generate the bug list. -my $search = new Bugzilla::Search('fields' => \@selectcolumns, +my $search = new Bugzilla::Search('fields' => \@selectcolumns, 'params' => scalar $params->Vars, 'order' => \@order_columns, 'sharer' => $sharer_id); @@ -806,7 +807,7 @@ foreach my $row (@$data) { # Process certain values further (i.e. date format conversion). if ($bug->{'changeddate'}) { - $bug->{'changeddate'} =~ + $bug->{'changeddate'} =~ s/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/$1-$2-$3 $4:$5:$6/; $bug->{'changedtime'} = $bug->{'changeddate'}; # for iCalendar and Atom @@ -852,7 +853,7 @@ if (@bugidlist) { "LEFT JOIN group_control_map " . "ON group_control_map.product_id = bugs.product_id " . "AND group_control_map.group_id = bug_group_map.group_id " . - "WHERE " . $dbh->sql_in('bugs.bug_id', \@bugidlist) . + "WHERE " . $dbh->sql_in('bugs.bug_id', \@bugidlist) . $dbh->sql_group_by('bugs.bug_id')); $sth->execute(); while (my ($bug_id, $min_membercontrol) = $sth->fetchrow_array()) { @@ -874,9 +875,9 @@ my $sum = $time_info->{'actual_time'}+$time_info->{'remaining_time'}; if ($sum > 0) { $time_info->{'percentage_complete'} = 100*$time_info->{'actual_time'}/$sum; } -else { # remaining_time <= 0 +else { # remaining_time <= 0 $time_info->{'percentage_complete'} = 0 -} +} ################################################################################ # Template Variable Definition @@ -948,7 +949,7 @@ elsif (my @product_input = $cgi->param('product')) { $one_product = Bugzilla::Product->new({ name => $product_input[0], cache => 1 }); } } -# We only want the template to use it if the user can actually +# We only want the template to use it if the user can actually # enter bugs against it. if ($one_product && $user->can_enter_product($one_product)) { $vars->{'one_product'} = $one_product; @@ -976,7 +977,7 @@ if ($dotweak && scalar @bugs) { object => 'multiple_bugs'}); } $vars->{'dotweak'} = 1; - + # issue_session_token needs to write to the master DB. Bugzilla->switch_to_main_db(); $vars->{'token'} = issue_session_token('buglist_mass_change'); @@ -1007,12 +1008,12 @@ if ($dotweak && scalar @bugs) { INNER JOIN bug_status ON bug_status.id = sw1.new_status WHERE bug_status.isactive = 1 - AND NOT EXISTS + AND NOT EXISTS (SELECT * FROM status_workflow sw2 - WHERE sw2.old_status != sw1.new_status + WHERE sw2.old_status != sw1.new_status AND ' . $dbh->sql_in('sw2.old_status', $bug_status_ids) - . ' AND NOT EXISTS + . ' AND NOT EXISTS (SELECT * FROM status_workflow sw3 WHERE sw3.new_status = sw1.new_status AND sw3.old_status = sw2.old_status))'); @@ -1078,7 +1079,7 @@ if ($dotweak && scalar @bugs) { # the "Remember search as" field. $vars->{'defaultsavename'} = $cgi->param('query_based_on'); -# If we did a quick search then redisplay the previously entered search +# If we did a quick search then redisplay the previously entered search # string in the text field. $vars->{'quicksearch'} = $searchstring; |