diff options
Diffstat (limited to 'extensions')
4 files changed, 69 insertions, 5 deletions
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index 8d7301f8b..34af43892 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -2258,9 +2258,11 @@ sub forced_format { sub query_database { my ($vars) = @_; + my $cgi = Bugzilla->cgi; + my $user = Bugzilla->user; + my $template = Bugzilla->template; # validate group membership - my $user = Bugzilla->user; $user->in_group('query_database') || ThrowUserError('auth_failure', { group => 'query_database', action => 'access', @@ -2272,6 +2274,12 @@ sub query_database { $vars->{query} = $query; if ($query) { + # Only allow POST requests + if ($cgi->request_method ne 'POST') { + ThrowCodeError('illegal_request_method', + { method => $cgi->request_method, accepted => ['POST'] }); + } + check_hash_token($input->{token}, ['query_database']); trick_taint($query); $vars->{executed} = 1; @@ -2308,6 +2316,14 @@ sub query_database { # return results $vars->{columns} = $columns; $vars->{rows} = $rows; + + if ($input->{csv}) { + print $cgi->header(-type=> 'text/csv', + -content_disposition=> "attachment; filename=\"query_database.csv\""); + $template->process("pages/query_database.csv.tmpl", $vars) + || ThrowTemplateError($template->error()); + exit; + } } } diff --git a/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl b/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl new file mode 100644 index 000000000..b9d8c31fe --- /dev/null +++ b/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl @@ -0,0 +1,13 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% IF error == "illegal_request_method" %] + [% title = "Illegal Request Method" %] + The request method '[% method FILTER html %]' is not allowed. + Legal methods are '[% accepted.join(', ') FILTER html %]'. +[% END %] diff --git a/extensions/BMO/template/en/default/pages/query_database.csv.tmpl b/extensions/BMO/template/en/default/pages/query_database.csv.tmpl new file mode 100644 index 000000000..81ba86556 --- /dev/null +++ b/extensions/BMO/template/en/default/pages/query_database.csv.tmpl @@ -0,0 +1,34 @@ +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Netscape Communications + # Corporation. Portions created by Netscape are + # Copyright (C) 1998 Netscape Communications Corporation. All + # Rights Reserved. + # + # Contributor(s): Myk Melez <myk@mozilla.org> + # Gervase Markham <gerv@gerv.net> + # miketosh + #%] + +[% colsepchar = user.settings.csv_colsepchar.value %] + +[% FOREACH column = columns %] + [% column FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %] +[% END %] + +[% FOREACH row = rows %] + [% FOREACH value = row %] + [% value FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %] + [% END %] + +[% END %] diff --git a/extensions/BMO/template/en/default/pages/query_database.html.tmpl b/extensions/BMO/template/en/default/pages/query_database.html.tmpl index 79c5be1d8..bc625b07c 100644 --- a/extensions/BMO/template/en/default/pages/query_database.html.tmpl +++ b/extensions/BMO/template/en/default/pages/query_database.html.tmpl @@ -12,10 +12,11 @@ %] <form method="post" action="page.cgi"> -<input type="hidden" name="id" value="query_database.html"> -<textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br> -<input type="submit" value="Execute"> -<input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]"> + <input type="hidden" name="id" value="query_database.html"> + <textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br> + <input type="checkbox" id="csv" name="csv" value="1"><label for="csv">Ouput as CSV</label><br><br> + <input type="submit" value="Execute"> + <input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]"> </form> [% IF executed %] |