From ee119fdcac682c80ac056ab74cf3db0264a5ed5b Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Thu, 27 Oct 2016 03:18:12 +0000
Subject: Bug 1306637 - add checkbox to page.cgi?id=query_database.html to dump
 results as csv instead of rendering html table

---
 extensions/BMO/Extension.pm                        | 18 +++++++++++-
 .../hook/global/code-error-errors.html.tmpl        | 13 +++++++++
 .../en/default/pages/query_database.csv.tmpl       | 34 ++++++++++++++++++++++
 .../en/default/pages/query_database.html.tmpl      |  9 +++---
 4 files changed, 69 insertions(+), 5 deletions(-)
 create mode 100644 extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl
 create mode 100644 extensions/BMO/template/en/default/pages/query_database.csv.tmpl

diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index 8d7301f8b..34af43892 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -2258,9 +2258,11 @@ sub forced_format {
 
 sub query_database {
     my ($vars) = @_;
+    my $cgi      = Bugzilla->cgi;
+    my $user     = Bugzilla->user;
+    my $template = Bugzilla->template;
 
     # validate group membership
-    my $user = Bugzilla->user;
     $user->in_group('query_database')
         || ThrowUserError('auth_failure', { group  => 'query_database',
                                             action => 'access',
@@ -2272,6 +2274,12 @@ sub query_database {
     $vars->{query} = $query;
 
     if ($query) {
+        # Only allow POST requests
+        if ($cgi->request_method ne 'POST') {
+            ThrowCodeError('illegal_request_method',
+                           { method => $cgi->request_method, accepted => ['POST'] });
+        }
+
         check_hash_token($input->{token}, ['query_database']);
         trick_taint($query);
         $vars->{executed} = 1;
@@ -2308,6 +2316,14 @@ sub query_database {
         # return results
         $vars->{columns} = $columns;
         $vars->{rows} = $rows;
+
+        if ($input->{csv}) {
+            print $cgi->header(-type=> 'text/csv',
+                               -content_disposition=> "attachment; filename=\"query_database.csv\"");
+            $template->process("pages/query_database.csv.tmpl", $vars)
+                || ThrowTemplateError($template->error());
+            exit;
+        }
     }
 }
 
diff --git a/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl b/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl
new file mode 100644
index 000000000..b9d8c31fe
--- /dev/null
+++ b/extensions/BMO/template/en/default/hook/global/code-error-errors.html.tmpl
@@ -0,0 +1,13 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+[% IF error == "illegal_request_method" %]
+  [% title = "Illegal Request Method" %]
+  The request method '[% method FILTER html %]' is not allowed.
+  Legal methods are '[% accepted.join(', ') FILTER html %]'.
+[% END %]
diff --git a/extensions/BMO/template/en/default/pages/query_database.csv.tmpl b/extensions/BMO/template/en/default/pages/query_database.csv.tmpl
new file mode 100644
index 000000000..81ba86556
--- /dev/null
+++ b/extensions/BMO/template/en/default/pages/query_database.csv.tmpl
@@ -0,0 +1,34 @@
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Netscape Communications
+  # Corporation. Portions created by Netscape are
+  # Copyright (C) 1998 Netscape Communications Corporation. All
+  # Rights Reserved.
+  #
+  # Contributor(s): Myk Melez <myk@mozilla.org>
+  #                 Gervase Markham <gerv@gerv.net>
+  #                 miketosh
+  #%]
+
+[% colsepchar = user.settings.csv_colsepchar.value %]
+
+[% FOREACH column = columns %]
+  [% column FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %]
+[% END %]
+
+[% FOREACH row = rows %]
+  [% FOREACH value = row %]
+    [% value FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %]
+  [% END %]
+
+[% END %]
diff --git a/extensions/BMO/template/en/default/pages/query_database.html.tmpl b/extensions/BMO/template/en/default/pages/query_database.html.tmpl
index 79c5be1d8..bc625b07c 100644
--- a/extensions/BMO/template/en/default/pages/query_database.html.tmpl
+++ b/extensions/BMO/template/en/default/pages/query_database.html.tmpl
@@ -12,10 +12,11 @@
 %]
 
 <form method="post" action="page.cgi">
-<input type="hidden" name="id" value="query_database.html">
-<textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br>
-<input type="submit" value="Execute">
-<input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]">
+  <input type="hidden" name="id" value="query_database.html">
+  <textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br>
+  <input type="checkbox" id="csv" name="csv" value="1"><label for="csv">Ouput as CSV</label><br><br>
+  <input type="submit" value="Execute">
+  <input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]">
 </form>
 
 [% IF executed %]
-- 
cgit v1.2.3-24-g4f1b