From ffb13d2d20343c9f3279b95e3106159551eab559 Mon Sep 17 00:00:00 2001 From: Emma Humphries Date: Thu, 15 Mar 2018 10:26:34 -0700 Subject: Bug 1446042 - Please remove the IPC request form in Bugzilla --- .htaccess | 2 +- .../en/default/bug/create/comment-ipc.txt.tmpl | 47 ---- .../en/default/bug/create/create-ipc.html.tmpl | 259 --------------------- extensions/BMO/web/images/ipc_form_buildscreen.png | Bin 102103 -> 0 bytes 4 files changed, 1 insertion(+), 307 deletions(-) delete mode 100644 extensions/BMO/template/en/default/bug/create/comment-ipc.txt.tmpl delete mode 100644 extensions/BMO/template/en/default/bug/create/create-ipc.html.tmpl delete mode 100644 extensions/BMO/web/images/ipc_form_buildscreen.png diff --git a/.htaccess b/.htaccess index e0a9a7dcc..36195da50 100644 --- a/.htaccess +++ b/.htaccess @@ -76,7 +76,7 @@ RewriteRule ^form[\.:]third[\.\-:]party$ enter_bug.cgi?product=Marketing&format= RewriteRule ^form[\.:]fsa[\.:]budget$ enter_bug.cgi?product=FSA&format=fsa-budget [QSA] RewriteRule ^form[\.:]triage[\.\-]request$ page.cgi?id=triage_request.html [QSA] RewriteRule ^form[\.:](crm|CRM)$ enter_bug.cgi?product=Marketing&format=crm [QSA] -RewriteRule ^form[\.:](ipc|IPC)$ enter_bug.cgi?product=Marketing&format=ipc [QSA] +RewriteRule ^form[\.:](ipc|IPC)$ https://airtable.com/shrcMqgbj1H9gXRlp [R,L] RewriteRule ^form[\.:]nda$ enter_bug.cgi?product=Legal&format=nda [QSA] RewriteRule ^form[\.:]name[\.:]clearance$ enter_bug.cgi?product=Legal&format=name-clearance [QSA] RewriteRule ^form[\.:]shield[\.:]studies$ enter_bug.cgi?product=Shield&format=shield-studies [QSA] diff --git a/extensions/BMO/template/en/default/bug/create/comment-ipc.txt.tmpl b/extensions/BMO/template/en/default/bug/create/comment-ipc.txt.tmpl deleted file mode 100644 index b644ee469..000000000 --- a/extensions/BMO/template/en/default/bug/create/comment-ipc.txt.tmpl +++ /dev/null @@ -1,47 +0,0 @@ -[%# This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - # - # This Source Code Form is "Incompatible With Secondary Licenses", as - # defined by the Mozilla Public License, v. 2.0. - #%] - -[% USE Bugzilla %] -[% cgi = Bugzilla.cgi %] - ->> What team are you are a part of? -[%+ cgi.param("team_name") %] - ->> Will your snippet need to appear in a language other than English? -[%+ cgi.param("language").join(', ') %] - ->> Does your snippet need to be targeted to a particular country? -[%+ cgi.param("target_country") %] - ->> Insert your tagged link here. -[%+ cgi.param("tagged_link") %] - -[% IF cgi.param('start_run') %] ->> When would you like your snippet to start its run? -[%+ cgi.param("start_run") %] - -[% END %] -[% IF cgi.param('complete_run') %] ->> When would you like your snippet to complete its run? -[%+ cgi.param("complete_run") %] - -[% END %] ->> Will you be able to provide the following assets for your snippet? -[%+ cgi.param("snippet_assets").join(', ') %] - ->> Your name? -[%+ cgi.param("name") %] - ->> E-mail? -[%+ cgi.param("email") %] - ->> Anything else you would like to add? -[%+ cgi.param("else") %] - ->> Who do you think is coolest? -[%+ cgi.param("bonus") %] diff --git a/extensions/BMO/template/en/default/bug/create/create-ipc.html.tmpl b/extensions/BMO/template/en/default/bug/create/create-ipc.html.tmpl deleted file mode 100644 index e32ba62dc..000000000 --- a/extensions/BMO/template/en/default/bug/create/create-ipc.html.tmpl +++ /dev/null @@ -1,259 +0,0 @@ -[%# 1.0@bugzilla.org %] -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Mozilla Corporation. - # Portions created by Mozilla are Copyright (C) 2008 Mozilla - # Corporation. All Rights Reserved. - # - # Contributor(s): Sebastin Santy - #%] - -[% PROCESS global/variables.none.tmpl %] - -[% inline_style = BLOCK %] -#heading { - width: 98%; - font-size: 2em; - font-weight: bold; - margin: 12px; -} -.required:before { - content: "* "; - color: red; -} -.required_star { - color: red; -} -p { - max-width: 40%; -} -.row { - padding-bottom: 10px; -} -[% END %] - -[% inline_javascript = BLOCK %] -$(document).ready(function() { - $('.date_field').datetimepicker({ - format: 'Y-m-d', - datepicker: true, - timepicker: false, - scrollInput: false, - lazyInit: false, - closeOnDateSelect: true - }); - $('#langothers').on('focus', function(){ - document.getElementById("langothersradio").checked = true; - }); - $('#assetothers').on('focus', function(){ - document.getElementById("assetothersradio").checked = true; - }); - $('.date_field-img') - .click(function(event) { - var id = $(event.target).attr('id').replace(/-img$/, ''); - $('#' + id).datetimepicker('show'); - }); - $('#ipcForm').submit(function() { - $('#short_desc').val($('#short_desc').val() + ': ' + $('#team_name').val()); - }); - $('#new_email_request').on('change', function() { - if ($('#new_email_request').val() == 'Yes') { - $('#email_cadence_row').show(); - $('input[name="email_cadence"]').each(function() { - $(this).attr('required', true); - }); - } - else { - $('#email_cadence_row').hide(); - $('input[name="email_cadence"]').each(function() { - $(this).removeProp('required'); - }); - } - }); -}); -[% END %] - -[% PROCESS global/header.html.tmpl - title = "IPC Request" - generate_api_token = 1 - style_urls = [ "skins/standard/attachment.css", - "js/jquery/plugins/datetimepicker/datetimepicker.css" ] - style = inline_style - javascript = inline_javascript - javascript_urls = [ "js/field.js", "js/util.js" ] - jquery = [ "datetimepicker" ] -%] - -
IPC Requests
-
-

You’ve decided to use the snippet channel to drive attention to one of your projects, awesome! The snippet channel drives hundreds of millions of impressions a month. It’s great tool to support your marketing efforts. Complete this form and we will follow up with you soon (maybe today, but definitely within 3 days). -

-

- Tell us more: -

- -
- - - - - - - - - - - [% IF user.in_group('canconfirm') %] - - [% END %] - -
-
- -
- -
- -
-
- -
- -
- -
-
- Will your snippet need to appear in a language other than English? If so, please specify. -
- -
- -
- -
- -
- -
- -
- - - -
- -
-
- -
- -
- -

- If you would like your snippet to include a link, please tag it by using the URL builder (https://bit.ly/1JOgDr1) and following the steps below: -

-

-
-
- -
- -
- -

- Please reference the Mozilla In-Product Messaging Calendar for available dates. https://bit.ly/2aZ3w9c -

- -
-
- -
- - -
- -
-
- -
- - -
- -
-
- Will you be able to provide the following assets for your snippet? Check all that apply.
- Feel free to look at our existing icon library: - https://bit.ly/2efXaFo -
- -
- -
- -
- - - -
- - - - - -
-
- -
- -
-

Bonus Question

-
-
- Who do you think is coolest? -
- -
- -
- -
- -
-
- -

Thanks for reaching out. Click submit and we will be back with you shortly.

- - -

- [ * Required Field ] -

-
-
- -[% PROCESS global/footer.html.tmpl %] \ No newline at end of file diff --git a/extensions/BMO/web/images/ipc_form_buildscreen.png b/extensions/BMO/web/images/ipc_form_buildscreen.png deleted file mode 100644 index d98207d29..000000000 Binary files a/extensions/BMO/web/images/ipc_form_buildscreen.png and /dev/null differ -- cgit v1.2.3-24-g4f1b From 973b61c083c83927b552c8985c1d8febe6847f72 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Thu, 15 Mar 2018 17:44:47 -0400 Subject: Bug 1443058 - Backport 1087400 to bmo - CGI 4.05 throws tons of "CGI::param called in list context" warnings --- Bugzilla/CGI.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 3737b97e2..cd947841e 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -11,6 +11,7 @@ use 5.10.1; use strict; use warnings; +use Bugzilla::Logging; use CGI; use base qw(CGI); @@ -597,6 +598,19 @@ sub header { sub param { my $self = shift; + # We don't let CGI.pm warn about list context, but we do it ourselves. + local $CGI::LIST_CONTEXT_WARN = 0; + state $has_warned = {}; + + ## no critic (Freenode::Wantarray) + if ( wantarray && @_ ) { + my ( $package, $filename, $line ) = caller; + if ( $package ne 'CGI' && ! $has_warned->{"$filename:$line"}++) { + WARN("Bugzilla::CGI::param called in list context from $package $filename:$line"); + } + } + ## use critic + # When we are just requesting the value of a parameter... if (scalar(@_) == 1) { my @result = $self->SUPER::param(@_); -- cgit v1.2.3-24-g4f1b From 6353a89495e1a6e68bc9e09a771bb879531f510f Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Fri, 16 Mar 2018 12:53:01 -0400 Subject: Bug 1446156 - mkdir template_cache: Permission denied --- Bugzilla/Template.pm | 2 ++ checksetup.pl | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 7a97f6da2..ae4f9bbad 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -1074,6 +1074,8 @@ our %_templates_to_precompile; sub precompile_templates { my ($output) = @_; + return unless is_webserver_group(); + # Remove the compiled templates. my $cache_dir = bz_locations()->{'template_cache'}; my $datadir = bz_locations()->{'datadir'}; diff --git a/checksetup.pl b/checksetup.pl index 6cea8549d..d3f08e024 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -30,6 +30,7 @@ use Pod::Usage; # Bug 1270550 - Tie::Hash::NamedCapture must be loaded before Safe. use Tie::Hash::NamedCapture; use Safe; +use English qw(-no_match_vars $EUID $EGID); use Bugzilla::Constants; use Bugzilla::Install::Requirements; @@ -155,6 +156,16 @@ unless ($ENV{LOCALCONFIG_ENV}) { } my $lc_hash = Bugzilla->localconfig; +if ( $EUID == 0 && $lc_hash->{webservergroup} && !ON_WINDOWS ) { + # So checksetup was run as root, and we have a webserver group set. + # Let's assume the user wants us to make files that are writable + # by the webserver group. + + $EGID = getgrnam $lc_hash->{webservergroup}; ## no critic (Variables::RequireLocalizedPunctuationVars) + umask 002 + or die "failed to set umask 002: $!"; +} + unless ($switch{'no-database'}) { die "urlbase is not set\n" unless $lc_hash->{urlbase}; die "urlbase must end with slash\n" unless $lc_hash->{urlbase} =~ m{/$}ms; -- cgit v1.2.3-24-g4f1b From de8acf02800e292c9a43b5dfbe2b1f5c2fae2316 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Fri, 16 Mar 2018 13:02:05 -0400 Subject: bump version to 20180316.1 --- Bugzilla.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla.pm b/Bugzilla.pm index 4a3dcb114..5d394b908 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -22,7 +22,7 @@ BEGIN { } } -our $VERSION = '20180306.4'; +our $VERSION = '20180316.1'; use Bugzilla::Auth; use Bugzilla::Auth::Persist::Cookie; -- cgit v1.2.3-24-g4f1b From 085c32acdac27c99549dfb1bef50ccb8c3949294 Mon Sep 17 00:00:00 2001 From: Israel Madueme Date: Mon, 19 Mar 2018 10:57:17 -0400 Subject: Bug 1440328 - Obfuscate mentor email for users that aren't logged in --- extensions/BMO/template/en/default/pages/user_activity.html.tmpl | 1 + .../BugModal/template/en/default/bug_modal/activity_stream.html.tmpl | 2 +- .../template/en/default/hook/bug/comments-aftercomments.html.tmpl | 1 + template/en/default/bug/activity/table.html.tmpl | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/extensions/BMO/template/en/default/pages/user_activity.html.tmpl b/extensions/BMO/template/en/default/pages/user_activity.html.tmpl index 075c8edf9..5603b943f 100644 --- a/extensions/BMO/template/en/default/pages/user_activity.html.tmpl +++ b/extensions/BMO/template/en/default/pages/user_activity.html.tmpl @@ -199,6 +199,7 @@ change.fieldname == 'reporter' || change.fieldname == 'qa_contact' || change.fieldname == 'cc' || + change.fieldname == 'bug_mentor' || change.fieldname == 'flagtypes.name' %] [% display_value(change.fieldname, change_type) FILTER email FILTER html %] [% ELSE %] diff --git a/extensions/BugModal/template/en/default/bug_modal/activity_stream.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/activity_stream.html.tmpl index a8d55c137..51919ab27 100644 --- a/extensions/BugModal/template/en/default/bug_modal/activity_stream.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/activity_stream.html.tmpl @@ -365,7 +365,7 @@ ", " UNLESS loop.last; END; - CASE [ 'assigned_to', 'reporter', 'qa_contact', 'cc', 'flagtypes.name' ]; + CASE [ 'assigned_to', 'reporter', 'qa_contact', 'cc', 'bug_mentor', 'flagtypes.name' ]; value FILTER email; CASE 'reporter_accessible'; diff --git a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl index d0a3abb5b..32e6499cb 100644 --- a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl +++ b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl @@ -155,6 +155,7 @@ change.fieldname == 'reporter' || change.fieldname == 'qa_contact' || change.fieldname == 'cc' || + change.fieldname == 'bug_mentor' || change.fieldname == 'flagtypes.name' %] [% value FILTER email FILTER js %] [% ELSIF change.fieldtype == constants.FIELD_TYPE_DATETIME %] diff --git a/template/en/default/bug/activity/table.html.tmpl b/template/en/default/bug/activity/table.html.tmpl index 50193f894..101e43546 100644 --- a/template/en/default/bug/activity/table.html.tmpl +++ b/template/en/default/bug/activity/table.html.tmpl @@ -107,6 +107,7 @@ change.fieldname == 'reporter' || change.fieldname == 'qa_contact' || change.fieldname == 'cc' || + change.fieldname == 'bug_mentor' || change.fieldname == 'flagtypes.name' %] [% display_value(change.fieldname, change_type) FILTER email FILTER html %] [% ELSE %] -- cgit v1.2.3-24-g4f1b From 1121193471e2f6f6b7d4e5c27a465f476f7f100f Mon Sep 17 00:00:00 2001 From: byron jones Date: Tue, 20 Mar 2018 21:14:11 +0800 Subject: Bug 1447221 - memcache no longer returning results due to mismatched key handling in get vs. set --- Bugzilla/Memcached.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm index 85e3505e1..136f43c61 100644 --- a/Bugzilla/Memcached.pm +++ b/Bugzilla/Memcached.pm @@ -324,7 +324,7 @@ sub _get { my $enc_key = $self->_encode_key($key) or return; - my $val = $self->{memcached}->get($key); + my $val = $self->{memcached}->get($enc_key); TRACE("get $enc_key: " . (defined $val ? "HIT" : "MISS")); return $val; } -- cgit v1.2.3-24-g4f1b From 293a5bd57b3a50c5130c299b3f53b357f683a33e Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 20 Mar 2018 09:27:33 -0400 Subject: Bug 1447291 - Remove Apache2::Log from PhabBugs/Push in favor of logging framework --- extensions/PhabBugz/Extension.pm | 1 - extensions/PhabBugz/lib/Daemon.pm | 5 +-- extensions/PhabBugz/lib/Feed.pm | 80 +++++++++++++++++++-------------------- extensions/PhabBugz/lib/Logger.pm | 37 ------------------ extensions/Push/lib/Logger.pm | 52 +++++++++++-------------- 5 files changed, 63 insertions(+), 112 deletions(-) delete mode 100644 extensions/PhabBugz/lib/Logger.pm diff --git a/extensions/PhabBugz/Extension.pm b/extensions/PhabBugz/Extension.pm index b3ad44819..ee96901a2 100644 --- a/extensions/PhabBugz/Extension.pm +++ b/extensions/PhabBugz/Extension.pm @@ -15,7 +15,6 @@ use parent qw(Bugzilla::Extension); use Bugzilla::Constants; use Bugzilla::Extension::PhabBugz::Feed; -use Bugzilla::Extension::PhabBugz::Logger; our $VERSION = '0.01'; diff --git a/extensions/PhabBugz/lib/Daemon.pm b/extensions/PhabBugz/lib/Daemon.pm index c8b4f73af..ef4a00534 100644 --- a/extensions/PhabBugz/lib/Daemon.pm +++ b/extensions/PhabBugz/lib/Daemon.pm @@ -13,7 +13,6 @@ use warnings; use Bugzilla::Constants; use Bugzilla::Extension::PhabBugz::Feed; -use Bugzilla::Extension::PhabBugz::Logger; use Carp qw(confess); use Daemon::Generic; @@ -89,11 +88,9 @@ sub gd_setup_signals { sub gd_run { my $self = shift; - $::SIG{__DIE__} = \&Carp::confess if $self->{debug}; + $SIG{__DIE__} = \&Carp::confess if $self->{debug}; my $phabbugz = Bugzilla::Extension::PhabBugz::Feed->new(); $phabbugz->is_daemon(1); - $phabbugz->logger( - Bugzilla::Extension::PhabBugz::Logger->new(debugging => $self->{debug})); $phabbugz->start(); } diff --git a/extensions/PhabBugz/lib/Feed.pm b/extensions/PhabBugz/lib/Feed.pm index 9904d5090..323681ebc 100644 --- a/extensions/PhabBugz/lib/Feed.pm +++ b/extensions/PhabBugz/lib/Feed.pm @@ -13,6 +13,7 @@ use List::Util qw(first); use List::MoreUtils qw(any); use Moo; +use Bugzilla::Logging; use Bugzilla::Constants; use Bugzilla::Search; use Bugzilla::Util qw(diff_arrays with_writable_database with_readonly_database); @@ -36,7 +37,6 @@ use Bugzilla::Extension::PhabBugz::Util qw( ); has 'is_daemon' => ( is => 'rw', default => 0 ); -has 'logger' => ( is => 'rw' ); sub start { my ($self) = @_; @@ -48,7 +48,7 @@ sub start { } 1; }; - $self->logger->error( $@ // "unknown exception" ) unless $ok; + ERROR( $@ // "unknown exception" ) unless $ok; sleep(PHAB_POLL_SECONDS); } } @@ -59,19 +59,19 @@ sub feed_query { # Ensure Phabricator syncing is enabled if (!Bugzilla->params->{phabricator_enabled}) { - $self->logger->info("PHABRICATOR SYNC DISABLED"); + INFO("PHABRICATOR SYNC DISABLED"); return; } # PROCESS NEW FEED TRANSACTIONS - $self->logger->info("FEED: Fetching new transactions"); + INFO("FEED: Fetching new transactions"); my $story_last_id = $self->get_last_id('feed'); # Check for new transctions (stories) my $new_stories = $self->new_stories($story_last_id); - $self->logger->info("FEED: No new stories") unless @$new_stories; + INFO("FEED: No new stories") unless @$new_stories; # Process each story foreach my $story_data (@$new_stories) { @@ -81,15 +81,15 @@ sub feed_query { my $object_phid = $story_data->{objectPHID}; my $story_text = $story_data->{text}; - $self->logger->debug("STORY ID: $story_id"); - $self->logger->debug("STORY PHID: $story_phid"); - $self->logger->debug("AUTHOR PHID: $author_phid"); - $self->logger->debug("OBJECT PHID: $object_phid"); - $self->logger->info("STORY TEXT: $story_text"); + DEBUG("STORY ID: $story_id"); + DEBUG("STORY PHID: $story_phid"); + DEBUG("AUTHOR PHID: $author_phid"); + DEBUG("OBJECT PHID: $object_phid"); + INFO("STORY TEXT: $story_text"); # Only interested in changes to revisions for now. if ($object_phid !~ /^PHID-DREV/) { - $self->logger->debug("SKIPPING: Not a revision change"); + DEBUG("SKIPPING: Not a revision change"); $self->save_last_id($story_id, 'feed'); next; } @@ -99,7 +99,7 @@ sub feed_query { if (@$phab_users) { my $user = Bugzilla::User->new({ id => $phab_users->[0]->{id}, cache => 1 }); if ($user->login eq PHAB_AUTOMATION_USER) { - $self->logger->debug("SKIPPING: Change made by phabricator user"); + DEBUG("SKIPPING: Change made by phabricator user"); $self->save_last_id($story_id, 'feed'); next; } @@ -113,13 +113,13 @@ sub feed_query { # PROCESS NEW USERS - $self->logger->info("FEED: Fetching new users"); + INFO("FEED: Fetching new users"); my $user_last_id = $self->get_last_id('user'); # Check for new users my $new_users = $self->new_users($user_last_id); - $self->logger->info("FEED: No new users") unless @$new_users; + INFO("FEED: No new users") unless @$new_users; # Process each new user foreach my $user_data (@$new_users) { @@ -128,10 +128,10 @@ sub feed_query { my $user_realname = $user_data->{fields}{realName}; my $object_phid = $user_data->{phid}; - $self->logger->debug("USER ID: $user_id"); - $self->logger->debug("USER LOGIN: $user_login"); - $self->logger->debug("USER REALNAME: $user_realname"); - $self->logger->debug("OBJECT PHID: $object_phid"); + DEBUG("USER ID: $user_id"); + DEBUG("USER LOGIN: $user_login"); + DEBUG("USER REALNAME: $user_realname"); + DEBUG("OBJECT PHID: $object_phid"); with_readonly_database { $self->process_new_user($user_data); @@ -151,15 +151,15 @@ sub process_revision_change { if (!$revision->bug_id) { if ($story_text =~ /\s+created\s+D\d+/) { # If new revision and bug id was omitted, make revision public - $self->logger->debug("No bug associated with new revision. Marking public."); + DEBUG("No bug associated with new revision. Marking public."); $revision->set_policy('view', 'public'); $revision->set_policy('edit', 'users'); $revision->update(); - $self->logger->info("SUCCESS"); + INFO("SUCCESS"); return; } else { - $self->logger->debug("SKIPPING: No bug associated with revision change"); + DEBUG("SKIPPING: No bug associated with revision change"); return; } } @@ -170,7 +170,7 @@ sub process_revision_change { $revision->title, $revision->bug_id, $story_text); - $self->logger->info($log_message); + INFO($log_message); # Pre setup before making changes my $old_user = set_phab_user(); @@ -180,7 +180,7 @@ sub process_revision_change { # If bug is public then remove privacy policy if (!@{ $bug->groups_in }) { - $self->logger->debug('Bug is public so setting view/edit public'); + DEBUG('Bug is public so setting view/edit public'); $revision->set_policy('view', 'public'); $revision->set_policy('edit', 'users'); my $secure_project_phid = get_project_phid('secure-revision'); @@ -193,7 +193,7 @@ sub process_revision_change { # If bug privacy groups do not have any matching synchronized groups, # then leave revision private and it will have be dealt with manually. if (!@set_groups) { - $self->logger->debug('No matching groups. Adding comments to bug and revision'); + DEBUG('No matching groups. Adding comments to bug and revision'); add_security_sync_comments([$revision], $bug); } # Otherwise, we create a new custom policy containing the project @@ -205,23 +205,23 @@ sub process_revision_change { # we leave the current policy alone. my $current_policy; if ($revision->view_policy =~ /^PHID-PLCY/) { - $self->logger->debug("Loading current policy: " . $revision->view_policy); + DEBUG("Loading current policy: " . $revision->view_policy); $current_policy = Bugzilla::Extension::PhabBugz::Policy->new_from_query({ phids => [ $revision->view_policy ]}); my $current_projects = $current_policy->rule_projects; - $self->logger->debug("Current policy projects: " . join(", ", @$current_projects)); + DEBUG("Current policy projects: " . join(", ", @$current_projects)); my ($added, $removed) = diff_arrays($current_projects, \@set_projects); if (@$added || @$removed) { - $self->logger->debug('Project groups do not match. Need new custom policy'); + DEBUG('Project groups do not match. Need new custom policy'); $current_policy= undef; } else { - $self->logger->debug('Project groups match. Leaving current policy as-is'); + DEBUG('Project groups match. Leaving current policy as-is'); } } if (!$current_policy) { - $self->logger->debug("Creating new custom policy: " . join(", ", @set_projects)); + DEBUG("Creating new custom policy: " . join(", ", @set_projects)); my $new_policy = Bugzilla::Extension::PhabBugz::Policy->create(\@set_projects); $revision->set_policy('view', $new_policy->phid); $revision->set_policy('edit', $new_policy->phid); @@ -250,11 +250,11 @@ sub process_revision_change { next if $attach_revision_id != $revision->id; my $make_obsolete = $revision->status eq 'abandoned' ? 1 : 0; - $self->logger->debug('Updating obsolete status on attachmment ' . $attachment->id); + DEBUG('Updating obsolete status on attachmment ' . $attachment->id); $attachment->set_is_obsolete($make_obsolete); if ($revision->title ne $attachment->description) { - $self->logger->debug('Updating description on attachment ' . $attachment->id); + DEBUG('Updating description on attachment ' . $attachment->id); $attachment->set_description($revision->title); } @@ -270,7 +270,7 @@ sub process_revision_change { }); foreach my $attachment (@$other_attachments) { $other_bugs{$attachment->bug_id}++; - $self->logger->debug('Updating obsolete status on attachment ' . + DEBUG('Updating obsolete status on attachment ' . $attachment->id . " for bug " . $attachment->bug_id); $attachment->set_is_obsolete(1); $attachment->update($timestamp); @@ -362,7 +362,7 @@ sub process_revision_change { Bugzilla->set_user($old_user); - $self->logger->info('SUCCESS: Revision D' . $revision->id . ' processed'); + INFO('SUCCESS: Revision D' . $revision->id . ' processed'); } sub process_new_user { @@ -372,7 +372,7 @@ sub process_new_user { my $phab_user = Bugzilla::Extension::PhabBugz::User->new($user_data); if (!$phab_user->bugzilla_id) { - $self->logger->debug("SKIPPING: No bugzilla id associated with user"); + DEBUG("SKIPPING: No bugzilla id associated with user"); return; } @@ -425,7 +425,7 @@ sub process_new_user { my @bug_ids = map { shift @$_ } @$data; foreach my $bug_id (@bug_ids) { - $self->logger->debug("Processing bug $bug_id"); + DEBUG("Processing bug $bug_id"); my $bug = Bugzilla::Bug->new({ id => $bug_id, cache => 1 }); @@ -434,7 +434,7 @@ sub process_new_user { foreach my $attachment (@attachments) { my ($revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); - $self->logger->debug("Processing revision D$revision_id"); + DEBUG("Processing revision D$revision_id"); my $revision = Bugzilla::Extension::PhabBugz::Revision->new_from_query( { ids => [ int($revision_id) ] }); @@ -442,13 +442,13 @@ sub process_new_user { $revision->add_subscriber($phab_user->phid); $revision->update(); - $self->logger->debug("Revision $revision_id updated"); + DEBUG("Revision $revision_id updated"); } } Bugzilla->set_user($old_user); - $self->logger->info('SUCCESS: User ' . $phab_user->id . ' processed'); + INFO('SUCCESS: User ' . $phab_user->id . ' processed'); } ################## @@ -496,7 +496,7 @@ sub get_last_id { my $last_id = Bugzilla->dbh->selectrow_array( " SELECT value FROM phabbugz WHERE name = ?", undef, $type_full ); $last_id ||= 0; - $self->logger->debug( "QUERY " . uc($type_full) . ": $last_id" ); + DEBUG( "QUERY " . uc($type_full) . ": $last_id" ); return $last_id; } @@ -505,7 +505,7 @@ sub save_last_id { # Store the largest last key so we can start from there in the next session my $type_full = $type . "_last_id"; - $self->logger->debug( "UPDATING " . uc($type_full) . ": $last_id" ); + DEBUG( "UPDATING " . uc($type_full) . ": $last_id" ); Bugzilla->dbh->do( "REPLACE INTO phabbugz (name, value) VALUES (?, ?)", undef, $type_full, $last_id ); } diff --git a/extensions/PhabBugz/lib/Logger.pm b/extensions/PhabBugz/lib/Logger.pm deleted file mode 100644 index 3127b66db..000000000 --- a/extensions/PhabBugz/lib/Logger.pm +++ /dev/null @@ -1,37 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::PhabBugz::Logger; - -use 5.10.1; - -use Moo; - -use Bugzilla::Extension::PhabBugz::Constants; - -has 'debugging' => ( is => 'ro' ); - -sub info { shift->_log_it('INFO', @_) } -sub error { shift->_log_it('ERROR', @_) } -sub debug { shift->_log_it('DEBUG', @_) } - -sub _log_it { - my ($self, $method, $message) = @_; - - return if $method eq 'DEBUG' && !$self->debugging; - chomp $message; - if ($ENV{MOD_PERL}) { - require Apache2::Log; - Apache2::ServerRec::warn("FEED $method: $message"); - } elsif ($ENV{SCRIPT_FILENAME}) { - print STDERR "FEED $method: $message\n"; - } else { - print STDERR '[' . localtime(time) ."] $method: $message\n"; - } -} - -1; diff --git a/extensions/Push/lib/Logger.pm b/extensions/Push/lib/Logger.pm index 833cb3b19..5d92010ee 100644 --- a/extensions/Push/lib/Logger.pm +++ b/extensions/Push/lib/Logger.pm @@ -8,53 +8,43 @@ package Bugzilla::Extension::Push::Logger; use 5.10.1; -use strict; -use warnings; +use Moo; +use Bugzilla::Logging; +use Log::Log4perl; use Bugzilla::Extension::Push::Constants; use Bugzilla::Extension::Push::LogEntry; -sub new { - my ($class) = @_; - my $self = {}; - bless($self, $class); - return $self; -} +# If Log4perl then finds that it's being called from a registered wrapper, it +# will automatically step up to the next call frame. +Log::Log4perl->wrapper_register(__PACKAGE__); -sub info { shift->_log_it('INFO', @_) } -sub error { shift->_log_it('ERROR', @_) } -sub debug { shift->_log_it('DEBUG', @_) } +sub info { + my ($this, $message) = @_; + INFO($message); +} -sub debugging { - my ($self) = @_; - return $self->{debug}; +sub error { + my ($this, $message) = @_; + ERROR($message); } -sub _log_it { - require Apache2::Log; - my ($self, $method, $message) = @_; - return if $method eq 'DEBUG' && !$self->debugging; - chomp $message; - if ($ENV{MOD_PERL}) { - Apache2::ServerRec::warn("Push $method: $message"); - } elsif ($ENV{SCRIPT_FILENAME}) { - print STDERR "Push $method: $message\n"; - } else { - print STDERR '[' . localtime(time) ."] $method: $message\n"; - } +sub debug { + my ($this, $message) = @_; + DEBUG($message); } sub result { my ($self, $connector, $message, $result, $data) = @_; $data ||= ''; - $self->info(sprintf( - "%s: Message #%s: %s %s", + my $log_msg = sprintf + '%s: Message #%s: %s %s', $connector->name, $message->message_id, push_result_to_string($result), - $data - )); + $data; + $self->info($log_msg); Bugzilla::Extension::Push::LogEntry->create({ message_id => $message->message_id, @@ -68,4 +58,6 @@ sub result { }); } +sub _build_logger { Log::Log4perl->get_logger(__PACKAGE__); } + 1; -- cgit v1.2.3-24-g4f1b From 78c733acf22b2e038e1bb3fcdc561caa70ea1fab Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 20 Mar 2018 09:44:34 -0400 Subject: Bug 1447289 - heartbeat check should not check for enabled features --- heartbeat.cgi | 1 - 1 file changed, 1 deletion(-) diff --git a/heartbeat.cgi b/heartbeat.cgi index bb1c9dd46..0597f1e3a 100755 --- a/heartbeat.cgi +++ b/heartbeat.cgi @@ -30,7 +30,6 @@ my $ok = eval { die "database not available" unless $database_ok; die "memcached server(s) not available" unless $memcached_ok; die "mod_perl not configured?" unless $ENV{MOD_PERL}; - die "missing bmo feature dependencies" unless Bugzilla->has_feature('bmo'); 1; }; FATAL("heartbeat error: $@") if !$ok && $@; -- cgit v1.2.3-24-g4f1b From 4cd99a91ff6a92a5e10449463b12a312060d01ba Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 20 Mar 2018 09:46:08 -0400 Subject: bump version to 20180320.1 --- Bugzilla.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla.pm b/Bugzilla.pm index 5d394b908..39877fbfe 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -22,7 +22,7 @@ BEGIN { } } -our $VERSION = '20180316.1'; +our $VERSION = '20180320.1'; use Bugzilla::Auth; use Bugzilla::Auth::Persist::Cookie; -- cgit v1.2.3-24-g4f1b From 40023c4a9f7d949f623b3b6fa90c9cbf5dfc2351 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 20 Mar 2018 10:06:20 -0400 Subject: Bug 1444008 - Form action injection in Bugzilla /user_profile (leads to XSS/single-factor credential leakage) --- .htaccess | 6 +++--- .../UserProfile/template/en/default/pages/user_profile.html.tmpl | 2 +- template/en/default/account/auth/login.html.tmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.htaccess b/.htaccess index 36195da50..745c57536 100644 --- a/.htaccess +++ b/.htaccess @@ -37,9 +37,9 @@ RewriteRule ^new[-_]bug$ new_bug.cgi [L,QSA] RewriteRule ^template_cache/ - [F,L,NC] RewriteRule ^template_cache.deleteme/ - [F,L,NC] -RewriteRule ^review(.*) page.cgi?id=splinter.html$1 [QSA] -RewriteRule ^user_?profile(.*) page.cgi?id=user_profile.html$1 [QSA] -RewriteRule ^request_defer(.*) page.cgi?id=request_defer.html$1 [QSA] +RewriteRule ^review$ page.cgi?id=splinter.html$1 [QSA] +RewriteRule ^user_?profile$ page.cgi?id=user_profile.html$1 [QSA] +RewriteRule ^request_defer$ page.cgi?id=request_defer.html$1 [QSA] RewriteRule ^favicon\.ico$ extensions/BMO/web/images/favicon.ico RewriteRule ^form[\.:]itrequest$ enter_bug.cgi?product=Infrastructure+\%26+Operations&format=itrequest [QSA] RewriteRule ^form[\.:](mozlist|poweredby|presentation|trademark|recoverykey)$ enter_bug.cgi?product=mozilla.org&format=$1 [QSA] diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl index 27cb825ed..fd72091dc 100644 --- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl +++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl @@ -27,7 +27,7 @@   Search -
+ [% INCLUDE global/userselect.html.tmpl id => "login" name => "login" diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index 160fad43b..c11a6afc1 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -42,7 +42,7 @@