From 6a14a3075c2286749819736cb953c42ec378c5a5 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Fri, 14 Sep 2012 22:14:35 +0200 Subject: Update POD to fix bustage in Perl 5.16.1 r=runtests.pl --- Bugzilla/DB/Mysql.pm | 2 ++ Bugzilla/DB/Schema.pm | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 06bf3d8df..fad175eac 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -941,7 +941,9 @@ sub _bz_raw_column_info { $index = name of an index Returns: An abstract index definition, always in hashref format. If the index does not exist, the function returns undef. + =cut + sub bz_index_info_real { my ($self, $table, $index) = @_; diff --git a/Bugzilla/DB/Schema.pm b/Bugzilla/DB/Schema.pm index 00ff4acc9..1e598c61e 100644 --- a/Bugzilla/DB/Schema.pm +++ b/Bugzilla/DB/Schema.pm @@ -1858,6 +1858,7 @@ C SQL statement sub get_fk_ddl { + =item C<_get_fk_ddl> =over @@ -1871,7 +1872,9 @@ Protected method. Translates the C item of a column into SQL. =over =item C<$table> - The name of the table the reference is from. + =item C<$column> - The name of the column the reference is from + =item C<$references> - The C hashref from a column. =back @@ -1972,6 +1975,7 @@ Converts a TYPE from the L format into the real SQL type. } sub get_column { + =item C Description: Public method to get the abstract definition of a column. @@ -2837,6 +2841,7 @@ sub serialize_abstract { in the same fashion as) the current version of Schema. However, it will represent the serialized data instead of ABSTRACT_SCHEMA. + =cut sub deserialize_abstract { -- cgit v1.2.3-24-g4f1b From 04313ae18ed5a139558aa7dad9f8bad23d13caa8 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Mon, 17 Sep 2012 22:22:09 +0800 Subject: Bug 761046: Don't redirect when hitting buglist.cgi directly to avoid duplicate cgi->header calls r=LpSolit, a=LpSolit --- buglist.cgi | 1 - 1 file changed, 1 deletion(-) diff --git a/buglist.cgi b/buglist.cgi index c941691e2..7439b78ee 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -64,7 +64,6 @@ my $buffer = $cgi->query_string(); my $user = Bugzilla->login(); if (length($buffer) == 0) { - print $cgi->header(-refresh=> '10; URL=query.cgi'); ThrowUserError("buglist_parameters_required"); } -- cgit v1.2.3-24-g4f1b From 268bc33484b25003db28f659d14328798e8830e4 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Sat, 29 Sep 2012 13:47:13 +0200 Subject: Bug 793893: Tabular reports crash when no format parameter is defined r=glob a=LpSolit --- report.cgi | 9 ++++----- template/en/default/filterexceptions.pl | 1 - template/en/default/reports/report.html.tmpl | 2 +- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/report.cgi b/report.cgi index 1ec3ac864..4230ade36 100755 --- a/report.cgi +++ b/report.cgi @@ -84,10 +84,12 @@ if (defined($height)) { $height <= 2000 || ThrowUserError("chart_too_large"); } +my $formatparam = $cgi->param('format') || ''; + # These shenanigans are necessary to make sure that both vertical and # horizontal 1D tables convert to the correct dimension when you ask to # display them as some sort of chart. -if (defined $cgi->param('format') && $cgi->param('format') eq "table") { +if ($formatparam eq "table") { if ($col_field && !$row_field) { # 1D *tables* should be displayed vertically (with a row_field only) $row_field = $col_field; @@ -210,7 +212,7 @@ $vars->{'row_names'} = \@row_names; $vars->{'tbl_names'} = \@tbl_names; # Below a certain width, we don't see any bars, so there needs to be a minimum. -if ($width && $cgi->param('format') eq "bar") { +if ($width && $formatparam eq "bar") { my $min_width = (scalar(@col_names) || 1) * 20; if (!$cgi->param('cumulate')) { @@ -226,8 +228,6 @@ $vars->{'height'} = $height if $height; $vars->{'query'} = $query; $vars->{'debug'} = $cgi->param('debug'); -my $formatparam = $cgi->param('format'); - if ($action eq "wrap") { # So which template are we using? If action is "wrap", we will be using # no format (it gets passed through to be the format of the actual data), @@ -236,7 +236,6 @@ if ($action eq "wrap") { # data, or images generated by calling report.cgi again with action as # "plot". $formatparam =~ s/[^a-zA-Z\-]//g; - trick_taint($formatparam); $vars->{'format'} = $formatparam; $formatparam = ''; diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 3e2a71e2c..d804ad8fa 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -106,7 +106,6 @@ 'other_format.name', 'sizeurl', 'switchbase', - 'format', 'cumulate', ], diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl index d4c9d4043..94725ae81 100644 --- a/template/en/default/reports/report.html.tmpl +++ b/template/en/default/reports/report.html.tmpl @@ -170,7 +170,7 @@ this report [% ELSE %] + [% format FILTER uri %]&format=report-graph&cumulate=[% cumulate %]"> Edit this report [% END %] -- cgit v1.2.3-24-g4f1b From f956cb59539b58585a9f6723c04b3b465a53fd51 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 3 Oct 2012 19:38:30 +0200 Subject: Bug 757935: Bugs with resolution MOVED cannot be edited r=glob a=LpSolit --- extensions/OldBugMove/Extension.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/extensions/OldBugMove/Extension.pm b/extensions/OldBugMove/Extension.pm index b12d36a9a..d1b953748 100644 --- a/extensions/OldBugMove/Extension.pm +++ b/extensions/OldBugMove/Extension.pm @@ -132,7 +132,9 @@ sub _check_bug_resolution { my $original_validator = shift; my ($invocant, $resolution) = @_; - if ($resolution eq 'MOVED' and !Bugzilla->input_params->{'oldbugmove'}) { + if ($resolution eq 'MOVED' && $invocant->resolution ne 'MOVED' + && !Bugzilla->input_params->{'oldbugmove'}) + { # MOVED has a special meaning and can only be used when # really moving bugs to another installation. ThrowUserError('oldbugmove_no_manual_move'); -- cgit v1.2.3-24-g4f1b From ddb8cd75f535c7db8e072f85e44a6b1b1d9405b6 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 4 Oct 2012 13:30:23 +0200 Subject: Bug 794389: There is no field named 'actual_time' when generating reports r=glob a=LpSolit --- report.cgi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/report.cgi b/report.cgi index 4230ade36..cc43e66e4 100755 --- a/report.cgi +++ b/report.cgi @@ -304,6 +304,10 @@ $template->process("$format->{'template'}", $vars) sub get_names { my ($names, $isnumeric, $field_name) = @_; my ($field, @sorted); + # XXX - This is a hack to handle the actual_time/work_time field, + # because it's named 'actual_time' in Search.pm but 'work_time' in Field.pm. + $_[2] = $field_name = 'work_time' if $field_name eq 'actual_time'; + # _realname fields aren't real Bugzilla::Field objects, but they are a # valid axis, so we don't vailidate them as Bugzilla::Field objects. $field = Bugzilla::Field->check($field_name) -- cgit v1.2.3-24-g4f1b From 20fd31fdbd177dcbd99425a1c20beaa062d07b8f Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 4 Oct 2012 17:48:23 +0200 Subject: Bug 788098: Queries involving group substitution crash when usevisibilitygroups is enabled r=dkl a=LpSolit --- Bugzilla/Group.pm | 4 +++- Bugzilla/Search.pm | 16 +++++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm index b7532fe09..382407748 100644 --- a/Bugzilla/Group.pm +++ b/Bugzilla/Group.pm @@ -189,7 +189,9 @@ sub check_members_are_visible { my $self = shift; my $user = Bugzilla->user; return if !Bugzilla->params->{'usevisibilitygroups'}; - my $is_visible = grep { $_->id == $_ } @{ $user->visible_groups_inherited }; + + my $group_id = $self->id; + my $is_visible = grep { $_ == $group_id } @{ $user->visible_groups_inherited }; if (!$is_visible) { ThrowUserError('group_not_visible', { group => $self }); } diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 9a5e888bc..f0e015cbc 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -2050,8 +2050,8 @@ sub _contact_pronoun { my ($self, $args) = @_; my $value = $args->{value}; my $user = $self->_user; - - if ($value =~ /^\%group/) { + + if ($value =~ /^\%group\.[^%]+%$/) { $self->_contact_exact_group($args); } elsif ($value =~ /^(%\w+%)$/) { @@ -2068,11 +2068,17 @@ sub _contact_exact_group { my $dbh = Bugzilla->dbh; my $user = $self->_user; + # We already know $value will match this regexp, else we wouldn't be here. $value =~ /\%group\.([^%]+)%/; - my $group = Bugzilla::Group->check({ name => $1, _error => 'invalid_group_name' }); - $group->check_members_are_visible(); + my $group_name = $1; + my $group = Bugzilla::Group->check({ name => $group_name, _error => 'invalid_group_name' }); + # Pass $group_name instead of $group->name to the error message + # to not leak the existence of the group. $user->in_group($group) - || ThrowUserError('invalid_group_name', {name => $group->name}); + || ThrowUserError('invalid_group_name', { name => $group_name }); + # Now that we know the user belongs to this group, it's safe + # to disclose more information. + $group->check_members_are_visible(); my $group_ids = Bugzilla::Group->flatten_group_membership($group->id); my $table = "user_group_map_$chart_id"; -- cgit v1.2.3-24-g4f1b From d9ff8889f92abbaef07b0ef98da0064e8965176e Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 4 Oct 2012 17:54:47 +0200 Subject: Bug 790909: Editing dependencies from the "Change Several Bugs at Once" page does not work as expected (bug IDs are incorrectly parsed) r=dkl a=LpSolit --- process_bug.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process_bug.cgi b/process_bug.cgi index 7c6e9590c..9272dec60 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -277,7 +277,7 @@ foreach my $dep_field (qw(dependson blocked)) { if (should_set($dep_field)) { if (my $dep_action = $cgi->param("${dep_field}_action")) { $set_all_fields{$dep_field}->{$dep_action} = - [split(/\s,/, $cgi->param($dep_field))]; + [split(/[\s,]+/, $cgi->param($dep_field))]; } else { $set_all_fields{$dep_field}->{set} = $cgi->param($dep_field); -- cgit v1.2.3-24-g4f1b From ab2667128b1c9546bd0d1df63af2e19d19b94e5f Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 8 Oct 2012 13:05:25 +0200 Subject: Bug 652047: checksetup.pl fails to compile/run if the Voting extension is enabled on a fresh install r=glob a=LpSolit --- extensions/Voting/Config.pm | 33 +++++++++++++++++++++++++++++++++ extensions/Voting/Extension.pm | 1 - 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 extensions/Voting/Config.pm diff --git a/extensions/Voting/Config.pm b/extensions/Voting/Config.pm new file mode 100644 index 000000000..438f1e054 --- /dev/null +++ b/extensions/Voting/Config.pm @@ -0,0 +1,33 @@ +# -*- Mode: perl; indent-tabs-mode: nil -*- +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Bugzilla Bug Tracking System. +# +# The Initial Developer of the Original Code is Frédéric Buclin. +# Portions created by the Initial Developer is Copyright (C) 2012 the +# Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Frédéric Buclin + +package Bugzilla::Extension::Voting; +use strict; + +use constant NAME => 'Voting'; + +use constant REQUIRED_MODULES => [ +]; + +use constant OPTIONAL_MODULES => [ +]; + +__PACKAGE__->NAME; diff --git a/extensions/Voting/Extension.pm b/extensions/Voting/Extension.pm index ead81266a..a5a3bc11b 100644 --- a/extensions/Voting/Extension.pm +++ b/extensions/Voting/Extension.pm @@ -40,7 +40,6 @@ use Bugzilla::Token; use List::Util qw(min); -use constant NAME => 'Voting'; use constant VERSION => BUGZILLA_VERSION; use constant DEFAULT_VOTES_PER_BUG => 1; # These came from Bugzilla itself, so they maintain the old numbers -- cgit v1.2.3-24-g4f1b From f9e41025a332f57b3d9cabed8418e208fbd90400 Mon Sep 17 00:00:00 2001 From: Simon Green Date: Tue, 9 Oct 2012 15:23:39 +0800 Subject: Bug 753635: Allow editing local see also even if you cannot edit the other bug r=glob, a=LpSolit --- Bugzilla/Bug.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 741475a74..686828015 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2878,7 +2878,8 @@ sub add_see_also { # ref bug id for sending changes email. my $ref_bug = delete $field_values->{ref_bug}; if ($class->isa('Bugzilla::BugUrl::Bugzilla::Local') - and !$skip_recursion) + and !$skip_recursion + and $ref_bug->check_can_change_field('see_also', '', $self->id, \$privs)) { $ref_bug->add_see_also($self->id, 'skip_recursion'); push @{ $self->{_update_ref_bugs} }, $ref_bug; @@ -2910,12 +2911,15 @@ sub remove_see_also { # we need to notify changes for that bug too. $removed_bug_url = $removed_bug_url->[0]; if (!$skip_recursion and $removed_bug_url - and $removed_bug_url->isa('Bugzilla::BugUrl::Bugzilla::Local')) + and $removed_bug_url->isa('Bugzilla::BugUrl::Bugzilla::Local') + and $removed_bug_url->ref_bug_url) { my $ref_bug = Bugzilla::Bug->check($removed_bug_url->ref_bug_url->bug_id); - if (Bugzilla->user->can_edit_product($ref_bug->product_id)) { + if (Bugzilla->user->can_edit_product($ref_bug->product_id) + and $ref_bug->check_can_change_field('see_also', $self->id, '', \$privs)) + { my $self_url = $removed_bug_url->local_uri($self->id); $ref_bug->remove_see_also($self_url, 'skip_recursion'); push @{ $self->{_update_ref_bugs} }, $ref_bug; -- cgit v1.2.3-24-g4f1b