summaryrefslogtreecommitdiffstats
path: root/editwhines.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editwhines.cgi')
-rwxr-xr-xeditwhines.cgi550
1 files changed, 277 insertions, 273 deletions
diff --git a/editwhines.cgi b/editwhines.cgi
index 31b3dcfaf..1ad1292f5 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -39,9 +39,9 @@ my $template = Bugzilla->template;
my $vars = {};
my $dbh = Bugzilla->dbh;
-my $userid = $user->id;
-my $token = $cgi->param('token');
-my $sth; # database statement handle
+my $userid = $user->id;
+my $token = $cgi->param('token');
+my $sth; # database statement handle
# $events is a hash ref of Bugzilla::Whine objects keyed by event id,
# that stores the active user's events.
@@ -64,9 +64,8 @@ my $events = get_events($userid);
# First see if this user may use whines
$user->in_group('bz_canusewhines')
- || ThrowUserError("auth_failure", {group => "bz_canusewhines",
- action => "schedule",
- object => "reports"});
+ || ThrowUserError("auth_failure",
+ {group => "bz_canusewhines", action => "schedule", object => "reports"});
# May this user send mail to other users?
my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
@@ -75,240 +74,245 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
# removed, then what was altered.
if ($cgi->param('update')) {
- check_token_data($token, 'edit_whine');
-
- if ($cgi->param("add_event")) {
- # we create a new event
- $sth = $dbh->prepare("INSERT INTO whine_events " .
- "(owner_userid) " .
- "VALUES (?)");
- $sth->execute($userid);
- }
- else {
- for my $eventid (keys %{$events}) {
- # delete an entire event
- if ($cgi->param("remove_event_$eventid")) {
- # We need to make sure these belong to the same user,
- # otherwise we could simply delete whatever matched that ID.
- #
- # schedules
- my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $eventid });
- $sth = $dbh->prepare("DELETE FROM whine_schedules "
- . "WHERE id=?");
- foreach my $schedule (@$schedules) {
- $sth->execute($schedule->id);
- }
-
- # queries
- $sth = $dbh->prepare("SELECT whine_queries.id " .
- "FROM whine_queries " .
- "LEFT JOIN whine_events " .
- "ON whine_events.id = " .
- "whine_queries.eventid " .
- "WHERE whine_events.id = ? " .
- "AND whine_events.owner_userid = ?");
- $sth->execute($eventid, $userid);
- my @ids = @{$sth->fetchall_arrayref};
- $sth = $dbh->prepare("DELETE FROM whine_queries " .
- "WHERE id=?");
- for (@ids) {
- my $delete_id = $_->[0];
- $sth->execute($delete_id);
- }
-
- # events
- $sth = $dbh->prepare("DELETE FROM whine_events " .
- "WHERE id=? AND owner_userid=?");
- $sth->execute($eventid, $userid);
- }
- else {
- # check the subject, body and mailifnobugs for changes
- my $subject = ($cgi->param("event_${eventid}_subject") or '');
- my $body = ($cgi->param("event_${eventid}_body") or '');
- my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0;
-
- trick_taint($subject) if $subject;
- trick_taint($body) if $body;
-
- if ( ($subject ne $events->{$eventid}->subject)
- || ($mailifnobugs != $events->{$eventid}->mail_if_no_bugs)
- || ($body ne $events->{$eventid}->body) ) {
-
- $sth = $dbh->prepare("UPDATE whine_events " .
- "SET subject=?, body=?, mailifnobugs=? " .
- "WHERE id=?");
- $sth->execute($subject, $body, $mailifnobugs, $eventid);
- }
-
- # add a schedule
- if ($cgi->param("add_schedule_$eventid")) {
- # the schedule table must be locked before altering
- $sth = $dbh->prepare("INSERT INTO whine_schedules " .
- "(eventid, mailto_type, mailto, " .
- "run_day, run_time) " .
- "VALUES (?, ?, ?, 'Sun', 2)");
- $sth->execute($eventid, MAILTO_USER, $userid);
- }
- # add a query
- elsif ($cgi->param("add_query_$eventid")) {
- $sth = $dbh->prepare("INSERT INTO whine_queries "
- . "(eventid) "
- . "VALUES (?)");
- $sth->execute($eventid);
- }
- }
+ check_token_data($token, 'edit_whine');
+
+ if ($cgi->param("add_event")) {
+
+ # we create a new event
+ $sth = $dbh->prepare(
+ "INSERT INTO whine_events " . "(owner_userid) " . "VALUES (?)");
+ $sth->execute($userid);
+ }
+ else {
+ for my $eventid (keys %{$events}) {
+
+ # delete an entire event
+ if ($cgi->param("remove_event_$eventid")) {
+
+ # We need to make sure these belong to the same user,
+ # otherwise we could simply delete whatever matched that ID.
+ #
+ # schedules
+ my $schedules = Bugzilla::Whine::Schedule->match({eventid => $eventid});
+ $sth = $dbh->prepare("DELETE FROM whine_schedules " . "WHERE id=?");
+ foreach my $schedule (@$schedules) {
+ $sth->execute($schedule->id);
+ }
+
+ # queries
+ $sth
+ = $dbh->prepare("SELECT whine_queries.id "
+ . "FROM whine_queries "
+ . "LEFT JOIN whine_events "
+ . "ON whine_events.id = "
+ . "whine_queries.eventid "
+ . "WHERE whine_events.id = ? "
+ . "AND whine_events.owner_userid = ?");
+ $sth->execute($eventid, $userid);
+ my @ids = @{$sth->fetchall_arrayref};
+ $sth = $dbh->prepare("DELETE FROM whine_queries " . "WHERE id=?");
+ for (@ids) {
+ my $delete_id = $_->[0];
+ $sth->execute($delete_id);
+ }
- # now check all of the schedules and queries to see if they need
- # to be altered or deleted
+ # events
+ $sth = $dbh->prepare(
+ "DELETE FROM whine_events " . "WHERE id=? AND owner_userid=?");
+ $sth->execute($eventid, $userid);
+ }
+ else {
+ # check the subject, body and mailifnobugs for changes
+ my $subject = ($cgi->param("event_${eventid}_subject") or '');
+ my $body = ($cgi->param("event_${eventid}_body") or '');
+ my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0;
+
+ trick_taint($subject) if $subject;
+ trick_taint($body) if $body;
+
+ if ( ($subject ne $events->{$eventid}->subject)
+ || ($mailifnobugs != $events->{$eventid}->mail_if_no_bugs)
+ || ($body ne $events->{$eventid}->body))
+ {
+
+ $sth
+ = $dbh->prepare("UPDATE whine_events "
+ . "SET subject=?, body=?, mailifnobugs=? "
+ . "WHERE id=?");
+ $sth->execute($subject, $body, $mailifnobugs, $eventid);
+ }
- # Check schedules for changes
- my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $eventid });
- my @scheduleids = ();
- foreach my $schedule (@$schedules) {
- push @scheduleids, $schedule->id;
- }
+ # add a schedule
+ if ($cgi->param("add_schedule_$eventid")) {
- # we need to double-check all of the user IDs in mailto to make
- # sure they exist
- my $arglist = {}; # args for match_field
- for my $sid (@scheduleids) {
- if ($cgi->param("mailto_type_$sid") == MAILTO_USER) {
- $arglist->{"mailto_$sid"} = {
- 'type' => 'single',
- };
- }
- }
- if (scalar %{$arglist}) {
- Bugzilla::User::match_field($arglist);
- }
+ # the schedule table must be locked before altering
+ $sth
+ = $dbh->prepare("INSERT INTO whine_schedules "
+ . "(eventid, mailto_type, mailto, "
+ . "run_day, run_time) "
+ . "VALUES (?, ?, ?, 'Sun', 2)");
+ $sth->execute($eventid, MAILTO_USER, $userid);
+ }
- for my $sid (@scheduleids) {
- if ($cgi->param("remove_schedule_$sid")) {
- # having the assignee id in here is a security failsafe
- $sth = $dbh->prepare("SELECT whine_schedules.id " .
- "FROM whine_schedules " .
- "LEFT JOIN whine_events " .
- "ON whine_events.id = " .
- "whine_schedules.eventid " .
- "WHERE whine_events.owner_userid=? " .
- "AND whine_schedules.id =?");
- $sth->execute($userid, $sid);
-
- my @ids = @{$sth->fetchall_arrayref};
- for (@ids) {
- $sth = $dbh->prepare("DELETE FROM whine_schedules " .
- "WHERE id=?");
- $sth->execute($_->[0]);
- }
- }
- else {
- my $o_day = $cgi->param("orig_day_$sid") || '';
- my $day = $cgi->param("day_$sid") || '';
- my $o_time = $cgi->param("orig_time_$sid") || 0;
- my $time = $cgi->param("time_$sid") || 0;
- my $o_mailto = $cgi->param("orig_mailto_$sid") || '';
- my $mailto = $cgi->param("mailto_$sid") || '';
- my $o_mailto_type = $cgi->param("orig_mailto_type_$sid") || 0;
- my $mailto_type = $cgi->param("mailto_type_$sid") || 0;
-
- my $mailto_id = $userid;
-
- # get an id for the mailto address
- if ($can_mail_others && $mailto) {
- if ($mailto_type == MAILTO_USER) {
- $mailto_id = login_to_id($mailto);
- }
- elsif ($mailto_type == MAILTO_GROUP) {
- # The group name is used in a placeholder.
- trick_taint($mailto);
- $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
- || ThrowUserError('invalid_group_name', { name => $mailto });
- }
- else {
- # bad value, so it will just mail to the whine
- # owner. $mailto_id was already set above.
- $mailto_type = MAILTO_USER;
- }
- }
-
- detaint_natural($mailto_type);
-
- if ( ($o_day ne $day) ||
- ($o_time ne $time) ||
- ($o_mailto ne $mailto) ||
- ($o_mailto_type != $mailto_type) ){
-
- trick_taint($day);
- trick_taint($time);
-
- # the schedule table must be locked
- $sth = $dbh->prepare("UPDATE whine_schedules " .
- "SET run_day=?, run_time=?, " .
- "mailto_type=?, mailto=?, " .
- "run_next=NULL " .
- "WHERE id=?");
- $sth->execute($day, $time, $mailto_type,
- $mailto_id, $sid);
- }
- }
+ # add a query
+ elsif ($cgi->param("add_query_$eventid")) {
+ $sth
+ = $dbh->prepare("INSERT INTO whine_queries " . "(eventid) " . "VALUES (?)");
+ $sth->execute($eventid);
+ }
+ }
+
+ # now check all of the schedules and queries to see if they need
+ # to be altered or deleted
+
+ # Check schedules for changes
+ my $schedules = Bugzilla::Whine::Schedule->match({eventid => $eventid});
+ my @scheduleids = ();
+ foreach my $schedule (@$schedules) {
+ push @scheduleids, $schedule->id;
+ }
+
+ # we need to double-check all of the user IDs in mailto to make
+ # sure they exist
+ my $arglist = {}; # args for match_field
+ for my $sid (@scheduleids) {
+ if ($cgi->param("mailto_type_$sid") == MAILTO_USER) {
+ $arglist->{"mailto_$sid"} = {'type' => 'single',};
+ }
+ }
+ if (scalar %{$arglist}) {
+ Bugzilla::User::match_field($arglist);
+ }
+
+ for my $sid (@scheduleids) {
+ if ($cgi->param("remove_schedule_$sid")) {
+
+ # having the assignee id in here is a security failsafe
+ $sth
+ = $dbh->prepare("SELECT whine_schedules.id "
+ . "FROM whine_schedules "
+ . "LEFT JOIN whine_events "
+ . "ON whine_events.id = "
+ . "whine_schedules.eventid "
+ . "WHERE whine_events.owner_userid=? "
+ . "AND whine_schedules.id =?");
+ $sth->execute($userid, $sid);
+
+ my @ids = @{$sth->fetchall_arrayref};
+ for (@ids) {
+ $sth = $dbh->prepare("DELETE FROM whine_schedules " . "WHERE id=?");
+ $sth->execute($_->[0]);
+ }
+ }
+ else {
+ my $o_day = $cgi->param("orig_day_$sid") || '';
+ my $day = $cgi->param("day_$sid") || '';
+ my $o_time = $cgi->param("orig_time_$sid") || 0;
+ my $time = $cgi->param("time_$sid") || 0;
+ my $o_mailto = $cgi->param("orig_mailto_$sid") || '';
+ my $mailto = $cgi->param("mailto_$sid") || '';
+ my $o_mailto_type = $cgi->param("orig_mailto_type_$sid") || 0;
+ my $mailto_type = $cgi->param("mailto_type_$sid") || 0;
+
+ my $mailto_id = $userid;
+
+ # get an id for the mailto address
+ if ($can_mail_others && $mailto) {
+ if ($mailto_type == MAILTO_USER) {
+ $mailto_id = login_to_id($mailto);
}
+ elsif ($mailto_type == MAILTO_GROUP) {
- # Check queries for changes
- my $queries = Bugzilla::Whine::Query->match({ eventid => $eventid });
- for my $query (@$queries) {
- my $qid = $query->id;
- if ($cgi->param("remove_query_$qid")) {
-
- $sth = $dbh->prepare("SELECT whine_queries.id " .
- "FROM whine_queries " .
- "LEFT JOIN whine_events " .
- "ON whine_events.id = " .
- "whine_queries.eventid " .
- "WHERE whine_events.owner_userid=? " .
- "AND whine_queries.id =?");
- $sth->execute($userid, $qid);
-
- for (@{$sth->fetchall_arrayref}) {
- $sth = $dbh->prepare("DELETE FROM whine_queries " .
- "WHERE id=?");
- $sth->execute($_->[0]);
- }
- }
- else {
- my $o_sort = $cgi->param("orig_query_sort_$qid") || 0;
- my $sort = $cgi->param("query_sort_$qid") || 0;
- my $o_queryname = $cgi->param("orig_query_name_$qid") || '';
- my $queryname = $cgi->param("query_name_$qid") || '';
- my $o_title = $cgi->param("orig_query_title_$qid") || '';
- my $title = $cgi->param("query_title_$qid") || '';
- my $o_onemailperbug =
- $cgi->param("orig_query_onemailperbug_$qid") || 0;
- my $onemailperbug =
- $cgi->param("query_onemailperbug_$qid") ? 1 : 0;
-
- if ( ($o_sort != $sort) ||
- ($o_queryname ne $queryname) ||
- ($o_onemailperbug != $onemailperbug) ||
- ($o_title ne $title) ){
-
- detaint_natural($sort);
- trick_taint($queryname);
- trick_taint($title);
-
- $sth = $dbh->prepare("UPDATE whine_queries " .
- "SET sortkey=?, " .
- "query_name=?, " .
- "title=?, " .
- "onemailperbug=? " .
- "WHERE id=?");
- $sth->execute($sort, $queryname, $title,
- $onemailperbug, $qid);
- }
- }
+ # The group name is used in a placeholder.
+ trick_taint($mailto);
+ $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
+ || ThrowUserError('invalid_group_name', {name => $mailto});
}
+ else {
+ # bad value, so it will just mail to the whine
+ # owner. $mailto_id was already set above.
+ $mailto_type = MAILTO_USER;
+ }
+ }
+
+ detaint_natural($mailto_type);
+
+ if ( ($o_day ne $day)
+ || ($o_time ne $time)
+ || ($o_mailto ne $mailto)
+ || ($o_mailto_type != $mailto_type))
+ {
+
+ trick_taint($day);
+ trick_taint($time);
+
+ # the schedule table must be locked
+ $sth
+ = $dbh->prepare("UPDATE whine_schedules "
+ . "SET run_day=?, run_time=?, "
+ . "mailto_type=?, mailto=?, "
+ . "run_next=NULL "
+ . "WHERE id=?");
+ $sth->execute($day, $time, $mailto_type, $mailto_id, $sid);
+ }
+ }
+ }
+
+ # Check queries for changes
+ my $queries = Bugzilla::Whine::Query->match({eventid => $eventid});
+ for my $query (@$queries) {
+ my $qid = $query->id;
+ if ($cgi->param("remove_query_$qid")) {
+
+ $sth
+ = $dbh->prepare("SELECT whine_queries.id "
+ . "FROM whine_queries "
+ . "LEFT JOIN whine_events "
+ . "ON whine_events.id = "
+ . "whine_queries.eventid "
+ . "WHERE whine_events.owner_userid=? "
+ . "AND whine_queries.id =?");
+ $sth->execute($userid, $qid);
+
+ for (@{$sth->fetchall_arrayref}) {
+ $sth = $dbh->prepare("DELETE FROM whine_queries " . "WHERE id=?");
+ $sth->execute($_->[0]);
+ }
}
+ else {
+ my $o_sort = $cgi->param("orig_query_sort_$qid") || 0;
+ my $sort = $cgi->param("query_sort_$qid") || 0;
+ my $o_queryname = $cgi->param("orig_query_name_$qid") || '';
+ my $queryname = $cgi->param("query_name_$qid") || '';
+ my $o_title = $cgi->param("orig_query_title_$qid") || '';
+ my $title = $cgi->param("query_title_$qid") || '';
+ my $o_onemailperbug = $cgi->param("orig_query_onemailperbug_$qid") || 0;
+ my $onemailperbug = $cgi->param("query_onemailperbug_$qid") ? 1 : 0;
+
+ if ( ($o_sort != $sort)
+ || ($o_queryname ne $queryname)
+ || ($o_onemailperbug != $onemailperbug)
+ || ($o_title ne $title))
+ {
+
+ detaint_natural($sort);
+ trick_taint($queryname);
+ trick_taint($title);
+
+ $sth
+ = $dbh->prepare("UPDATE whine_queries "
+ . "SET sortkey=?, "
+ . "query_name=?, "
+ . "title=?, "
+ . "onemailperbug=? "
+ . "WHERE id=?");
+ $sth->execute($sort, $queryname, $title, $onemailperbug, $qid);
+ }
+ }
+ }
}
- delete_token($token);
+ }
+ delete_token($token);
}
$vars->{'mail_others'} = $can_mail_others;
@@ -334,44 +338,43 @@ $events = get_events($userid);
#
# build the whine list by event id
for my $event_id (keys %{$events}) {
- $events->{$event_id}->{'schedule'} = [];
- $events->{$event_id}->{'queries'} = [];
-
- # schedules
- my $schedules = Bugzilla::Whine::Schedule->match({ eventid => $event_id });
- foreach my $schedule (@$schedules) {
- my $mailto_type = $schedule->mailto_is_group ? MAILTO_GROUP
- : MAILTO_USER;
- my $mailto = '';
- if ($mailto_type == MAILTO_USER) {
- $mailto = $schedule->mailto->login;
- }
- elsif ($mailto_type == MAILTO_GROUP) {
- $mailto = $schedule->mailto->name;
- }
-
- push @{$events->{$event_id}->{'schedule'}},
- {
- 'day' => $schedule->run_day,
- 'time' => $schedule->run_time,
- 'mailto_type' => $mailto_type,
- 'mailto' => $mailto,
- 'id' => $schedule->id,
- };
+ $events->{$event_id}->{'schedule'} = [];
+ $events->{$event_id}->{'queries'} = [];
+
+ # schedules
+ my $schedules = Bugzilla::Whine::Schedule->match({eventid => $event_id});
+ foreach my $schedule (@$schedules) {
+ my $mailto_type = $schedule->mailto_is_group ? MAILTO_GROUP : MAILTO_USER;
+ my $mailto = '';
+ if ($mailto_type == MAILTO_USER) {
+ $mailto = $schedule->mailto->login;
}
-
- # queries
- my $queries = Bugzilla::Whine::Query->match({ eventid => $event_id });
- for my $query (@$queries) {
- push @{$events->{$event_id}->{'queries'}},
- {
- 'name' => $query->name,
- 'title' => $query->title,
- 'sort' => $query->sortkey,
- 'id' => $query->id,
- 'onemailperbug' => $query->one_email_per_bug,
- };
+ elsif ($mailto_type == MAILTO_GROUP) {
+ $mailto = $schedule->mailto->name;
}
+
+ push @{$events->{$event_id}->{'schedule'}},
+ {
+ 'day' => $schedule->run_day,
+ 'time' => $schedule->run_time,
+ 'mailto_type' => $mailto_type,
+ 'mailto' => $mailto,
+ 'id' => $schedule->id,
+ };
+ }
+
+ # queries
+ my $queries = Bugzilla::Whine::Query->match({eventid => $event_id});
+ for my $query (@$queries) {
+ push @{$events->{$event_id}->{'queries'}},
+ {
+ 'name' => $query->name,
+ 'title' => $query->title,
+ 'sort' => $query->sortkey,
+ 'id' => $query->id,
+ 'onemailperbug' => $query->one_email_per_bug,
+ };
+ }
}
$vars->{'events'} = $events;
@@ -382,10 +385,11 @@ $sth->execute($userid);
$vars->{'available_queries'} = [];
while (my ($query) = $sth->fetchrow_array) {
- push @{$vars->{'available_queries'}}, $query;
+ push @{$vars->{'available_queries'}}, $query;
}
$vars->{'token'} = issue_session_token('edit_whine');
-$vars->{'local_timezone'} = Bugzilla->local_timezone->short_name_for_datetime(DateTime->now());
+$vars->{'local_timezone'}
+ = Bugzilla->local_timezone->short_name_for_datetime(DateTime->now());
$template->process("whine/schedule.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -393,10 +397,10 @@ $template->process("whine/schedule.html.tmpl", $vars)
# get_events takes a userid and returns a hash of
# Bugzilla::Whine objects keyed by event ID.
sub get_events {
- my $userid = shift;
- my $event_rows = Bugzilla::Whine->match({ owner_userid => $userid });
- my %events = map { $_->{id} => $_ } @$event_rows;
+ my $userid = shift;
+ my $event_rows = Bugzilla::Whine->match({owner_userid => $userid});
+ my %events = map { $_->{id} => $_ } @$event_rows;
- return \%events;
+ return \%events;
}
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-03 09:12:56 +0200