From 90d86a9744883ccc120a0a955ffade72990e1505 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 14 Apr 2016 21:03:00 +0200 Subject: Bug 1088022 - Bump min version to CGI 4.09 r=dkl --- Bugzilla/Attachment.pm | 2 +- Bugzilla/CGI.pm | 75 +++++++++++------------------------------- Bugzilla/Chart.pm | 4 +-- Bugzilla/Flag.pm | 12 +++---- Bugzilla/Search/Quicksearch.pm | 2 +- Bugzilla/Search/Saved.pm | 6 ++-- Bugzilla/Template.pm | 4 +++ 7 files changed, 37 insertions(+), 68 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 78334ec18..ec318b021 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -1020,7 +1020,7 @@ sub get_content_type { # The user asked us to auto-detect the content type, so use the type # specified in the HTTP request headers. $content_type = - $cgi->uploadInfo($cgi->param('data'))->{'Content-Type'}; + $cgi->uploadInfo(scalar $cgi->param('data'))->{'Content-Type'}; $content_type || ThrowUserError("missing_content_type"); # Internet Explorer sends image/x-png for PNG images, diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 4258cd552..b341a86f1 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -18,6 +18,7 @@ use Bugzilla::Error; use Bugzilla::Util; use Bugzilla::Hook; use Bugzilla::Search::Recent; +use Bugzilla::Install::Util qw(i_am_persistent); use File::Basename; @@ -34,8 +35,7 @@ sub _init_bz_cgi_globals { # We don't precompile any functions here, that's done specially in # mod_perl code. - $invocant->_setup_symbols(qw(:no_xhtml :oldstyle_urls :private_tempfiles - :unique_headers)); + $invocant->_setup_symbols(qw(:no_xhtml :oldstyle_urls :unique_headers :utf8)); } BEGIN { __PACKAGE__->_init_bz_cgi_globals() if i_am_cgi(); } @@ -44,9 +44,7 @@ sub new { my ($invocant, @args) = @_; my $class = ref($invocant) || $invocant; - # Under mod_perl, CGI's global variables get reset on each request, - # so we need to set them up again every time. - $class->_init_bz_cgi_globals() if $ENV{MOD_PERL}; + $class->_init_bz_cgi_globals() if i_am_persistent(); my $self = $class->SUPER::new(@args); @@ -65,18 +63,11 @@ sub new { # Path-Info is of no use for Bugzilla and interacts badly with IIS. # Moreover, it causes unexpected behaviors, such as totally breaking # the rendering of pages. - if (my $path_info = $self->path_info) { + if ($self->script_name && $self->path_info) { my @whitelist = ("rest.cgi"); Bugzilla::Hook::process('path_info_whitelist', { whitelist => \@whitelist }); if (!grep($_ eq $script, @whitelist)) { - # IIS includes the full path to the script in PATH_INFO, - # so we have to extract the real PATH_INFO from it, - # else we will be redirected outside Bugzilla. - my $script_name = $self->script_name; - $path_info =~ s/^\Q$script_name\E//; - if ($script_name && $path_info) { - print $self->redirect($self->url(-path => 0, -query => 1)); - } + print $self->redirect($self->url(-path => 0, -query => 1)); } } @@ -117,7 +108,7 @@ sub canonicalise_query { # Reconstruct the URL by concatenating the sorted param=value pairs my @parameters; - foreach my $key (sort($self->param())) { + foreach my $key (sort($self->multi_param())) { # Leave this key out if it's in the exclude list next if grep { $_ eq $key } @exclude; @@ -127,7 +118,7 @@ sub canonicalise_query { my $esc_key = url_quote($key); - foreach my $value ($self->param($key)) { + foreach my $value ($self->multi_param($key)) { # Omit params with an empty value if (defined($value) && $value ne '') { my $esc_value = url_quote($value); @@ -143,7 +134,7 @@ sub canonicalise_query { sub clean_search_url { my $self = shift; # Delete any empty URL parameter. - my @cgi_params = $self->param; + my @cgi_params = $self->multi_param(); foreach my $param (@cgi_params) { if (defined $self->param($param) && $self->param($param) eq '') { @@ -252,23 +243,12 @@ sub check_etag { # Have to add the cookies in. sub multipart_start { my $self = shift; - - my %args = @_; - - # CGI.pm::multipart_start doesn't honour its own charset information, so - # we do it ourselves here - if (defined $self->charset() && defined $args{-type}) { - # Remove any existing charset specifier - $args{-type} =~ s/;.*$//; - # and add the specified one - $args{-type} .= '; charset=' . $self->charset(); - } - - my $headers = $self->SUPER::multipart_start(%args); + # We have to explicitly pass the charset. + my $headers = $self->SUPER::multipart_start(@_, -charset => $self->charset()); # Eliminate the one extra CRLF at the end. $headers =~ s/$CGI::CRLF$//; # Add the cookies. We have to do it this way instead of - # passing them to multpart_start, because CGI.pm's multipart_start + # passing them to multipart_start, because CGI.pm's multipart_start # doesn't understand a '-cookie' argument pointing to an arrayref. foreach my $cookie (@{$self->{Bugzilla_cookie_list}}) { $headers .= "Set-Cookie: ${cookie}${CGI::CRLF}"; @@ -366,11 +346,15 @@ sub header { sub param { my $self = shift; - local $CGI::LIST_CONTEXT_WARN = 0; + + my @caller = caller(0); + if (wantarray && $caller[0] ne 'CGI') { + warn 'Illegal call to $cgi->param in list context from ' . $caller[0]; + } # When we are just requesting the value of a parameter... if (scalar(@_) == 1) { - my @result = $self->SUPER::param(@_); + my @result = $self->SUPER::multi_param(@_); # Also look at the URL parameters, after we look at the POST # parameters. This is to allow things like login-form submissions @@ -381,9 +365,6 @@ sub param { @result = $self->url_param(@_); } - # Fix UTF-8-ness of input parameters. - @result = map { _fix_utf8($_) } @result; - return wantarray ? @result : $result[0]; } # And for various other functions in CGI.pm, we need to correctly @@ -392,13 +373,13 @@ sub param { elsif (!scalar(@_) && $self->request_method && $self->request_method eq 'POST') { - my @post_params = $self->SUPER::param; + my @post_params = $self->SUPER::multi_param(); my @url_params = $self->url_param; my %params = map { $_ => 1 } (@post_params, @url_params); return keys %params; } - return $self->SUPER::param(@_); + return $self->SUPER::multi_param(@_); } sub url_param { @@ -409,13 +390,6 @@ sub url_param { return $self->SUPER::url_param(@_); } -sub _fix_utf8 { - my $input = shift; - # The is_utf8 is here in case CGI gets smart about utf8 someday. - utf8::decode($input) if defined $input && !ref $input && !utf8::is_utf8($input); - return $input; -} - sub should_set { my ($self, $param) = @_; my $set = (defined $self->param($param) @@ -609,21 +583,12 @@ sub STORE { sub FETCH { my ($self, $param) = @_; return $self if $param eq 'CGI'; # CGI.pm did this, so we do too. - my @result = $self->param($param); + my @result = $self->multi_param($param); return undef if !scalar(@result); return $result[0] if scalar(@result) == 1; return \@result; } -# For the Vars TIEHASH interface: the normal CGI.pm DELETE doesn't return -# the value deleted, but Perl's "delete" expects that value. -sub DELETE { - my ($self, $param) = @_; - my $value = $self->FETCH($param); - $self->delete($param); - return $value; -} - 1; __END__ diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index d0a1312ad..f8d34fe6b 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -57,10 +57,10 @@ sub init { # &select0=1&select3=1... # &cumulate=1&datefrom=2002-02-03&dateto=2002-04-04&ctype=html... # >=1&labelgt=Grand+Total - foreach my $param ($cgi->param()) { + foreach my $param ($cgi->multi_param()) { # Store all the lines if ($param =~ /^line(\d+)$/a) { - foreach my $series_id ($cgi->param($param)) { + foreach my $series_id ($cgi->multi_param($param)) { detaint_natural($series_id) || ThrowCodeError("invalid_series_id"); my $series = new Bugzilla::Series($series_id); diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 3d9540a94..6c8dab377 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -843,11 +843,11 @@ sub extract_flags_from_cgi { } # Extract a list of flag type IDs from field names. - my @flagtype_ids = map(/^flag_type-(\d+)$/a ? $1 : (), $cgi->param()); + my @flagtype_ids = map { /^flag_type-(\d+)$/a ? $1 : () } $cgi->multi_param(); @flagtype_ids = grep($cgi->param("flag_type-$_") ne 'X', @flagtype_ids); # Extract a list of existing flag IDs. - my @flag_ids = map(/^flag-(\d+)$/a ? $1 : (), $cgi->param()); + my @flag_ids = map { /^flag-(\d+)$/a ? $1 : () } $cgi->multi_param(); return ([], []) unless (scalar(@flagtype_ids) || scalar(@flag_ids)); @@ -863,7 +863,7 @@ sub extract_flags_from_cgi { # (i.e. they want more than one person to set the flag) we can reuse # the existing flag for the first person (who may well be the existing # requestee), but we have to create new flags for each additional requestee. - my @requestees = $cgi->param("requestee-$flag_id"); + my @requestees = $cgi->multi_param("requestee-$flag_id"); my $requestee_email; if ($status eq "?" && scalar(@requestees) > 1 @@ -935,7 +935,7 @@ sub extract_flags_from_cgi { my $status = $cgi->param("flag_type-$type_id"); trick_taint($status); - my @logins = $cgi->param("requestee_type-$type_id"); + my @logins = $cgi->multi_param("requestee_type-$type_id"); if ($status eq "?" && scalar(@logins)) { foreach my $login (@logins) { push (@new_flags, { type_id => $type_id, @@ -986,7 +986,7 @@ sub multi_extract_flags_from_cgi { } # Extract a list of flag type IDs from field names. - my @flagtype_ids = map(/^flag_type-(\d+)$/a ? $1 : (), $cgi->param()); + my @flagtype_ids = map { /^flag_type-(\d+)$/a ? $1 : () } $cgi->multi_param(); my (@new_flags, @flags); @@ -1027,7 +1027,7 @@ sub multi_extract_flags_from_cgi { my $status = $cgi->param("flag_type-$type_id"); trick_taint($status); - my @logins = $cgi->param("requestee_type-$type_id"); + my @logins = $cgi->multi_param("requestee_type-$type_id"); if ($status eq "?" && scalar(@logins)) { foreach my $login (@logins) { if ($update) { diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm index 8e188161c..249748062 100644 --- a/Bugzilla/Search/Quicksearch.pm +++ b/Bugzilla/Search/Quicksearch.pm @@ -248,7 +248,7 @@ sub quicksearch { } # Make sure we have some query terms left - scalar($cgi->param())>0 || ThrowUserError("buglist_parameters_required"); + scalar $cgi->multi_param() or ThrowUserError("buglist_parameters_required"); } # List of quicksearch-specific CGI parameters to get rid of. diff --git a/Bugzilla/Search/Saved.pm b/Bugzilla/Search/Saved.pm index 9f6addffe..27a2e38ca 100644 --- a/Bugzilla/Search/Saved.pm +++ b/Bugzilla/Search/Saved.pm @@ -220,10 +220,10 @@ sub edit_link { my ($self) = @_; return $self->{edit_link} if defined $self->{edit_link}; my $cgi = new Bugzilla::CGI($self->url); - if (!$cgi->param('query_type') - || !IsValidQueryType($cgi->param('query_type'))) + if (!$cgi->param('query_format') + || !IsValidQueryType(scalar $cgi->param('query_format'))) { - $cgi->param('query_type', 'advanced'); + $cgi->param('query_format', 'advanced'); } $self->{edit_link} = $cgi->canonicalise_query; return $self->{edit_link}; diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 48899cd78..95a89b560 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -1013,6 +1013,10 @@ sub create { # If an sudo session is in progress, this is the user we're faking 'user' => sub { return Bugzilla->user; }, + # TT directives are evaluated in list context, conflicting + # with CGI checks about using $cgi->param() in list context. + 'cgi_param' => sub { return scalar Bugzilla->cgi->param($_[0]) }, + # Currenly active language 'current_language' => sub { return Bugzilla->current_language; }, -- cgit v1.2.3-24-g4f1b