From 5da9fee9963bd0e9b7323337952f304bcfa26128 Mon Sep 17 00:00:00 2001
From: Kohei Yoshino <kohei.yoshino@gmail.com>
Date: Mon, 6 Aug 2018 12:21:06 -0400
Subject: Bug 1481207 - POST /rest/bug_user_last_visit returns random number
 instead of bug ID

---
 Bugzilla/WebService/BugUserLastVisit.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/WebService/BugUserLastVisit.pm b/Bugzilla/WebService/BugUserLastVisit.pm
index 7b729c6c8..5e4c0d2ba 100644
--- a/Bugzilla/WebService/BugUserLastVisit.pm
+++ b/Bugzilla/WebService/BugUserLastVisit.pm
@@ -52,7 +52,7 @@ sub update {
         push(
             @results,
             $self->_bug_user_last_visit_to_hash(
-                $bug, $last_visit_ts, $params
+                $bug_id, $last_visit_ts, $params
             ));
     }
     $dbh->bz_commit_transaction();
-- 
cgit v1.2.3-24-g4f1b


From 5a43b27f7940be9697f312c550fa2de11a9e14d7 Mon Sep 17 00:00:00 2001
From: Kohei Yoshino <kohei.yoshino@gmail.com>
Date: Fri, 10 Aug 2018 08:56:19 -0400
Subject: Bug 602313 - Allow creation of attachments by pasting an image from
 clipboard, as well as by drag-and-dropping a file from desktop

---
 Bugzilla/CGI.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index dbcb3ef68..6236b015a 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -39,7 +39,7 @@ sub DEFAULT_CSP {
         script_src  => [ 'self', 'nonce', 'unsafe-inline', 'https://www.google-analytics.com' ],
         frame_src   => [ 'none', ],
         worker_src  => [ 'none', ],
-        img_src     => [ 'self', 'https://secure.gravatar.com' ],
+        img_src     => [ 'self', 'blob:', 'https://secure.gravatar.com' ],
         style_src   => [ 'self', 'unsafe-inline' ],
         object_src  => [ 'none' ],
         connect_src => [
-- 
cgit v1.2.3-24-g4f1b


From fd850e00db835d2b84c59014c3b1021fea2294fc Mon Sep 17 00:00:00 2001
From: Israel Madueme <purelogiq@gmail.com>
Date: Fri, 10 Aug 2018 08:57:01 -0400
Subject: Bug 1456878 - Support markdown comments

---
 Bugzilla/Bug.pm            |  8 +++--
 Bugzilla/Comment.pm        |  7 ++++
 Bugzilla/Hook.pm           |  6 ----
 Bugzilla/Template.pm       | 80 ++++++++++++++++++++++++++++++----------------
 Bugzilla/WebService/Bug.pm |  7 ++--
 5 files changed, 69 insertions(+), 39 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index ee48ed7a2..9c820eedc 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -732,7 +732,7 @@ sub _preload_referenced_bugs {
         }
         else {
             # bugs referenced in comments
-            Bugzilla::Template::quoteUrls($comment->body, undef, undef, undef,
+            Bugzilla::Template::renderComment($comment->body, undef, undef, 1,
                 sub {
                     my $bug_id = $_[0];
                     push @referenced_bug_ids, $bug_id
@@ -999,6 +999,7 @@ sub create {
 
     # We now have a bug id so we can fill this out
     $creation_comment->{'bug_id'} = $bug->id;
+    $creation_comment->{'is_markdown'} = 1;
 
     # Insert the comment. We always insert a comment on bug creation,
     # but sometimes it's blank.
@@ -2662,7 +2663,8 @@ sub set_all {
         # there are lots of things that want to check if we added a comment.
         $self->add_comment($params->{'comment'}->{'body'},
             { isprivate => $params->{'comment'}->{'is_private'},
-              work_time => $params->{'work_time'} });
+              work_time => $params->{'work_time'},
+              is_markdown => 1 });
     }
 
     if (defined $params->{comment_tags} && Bugzilla->user->can_tag_comments()) {
@@ -3143,7 +3145,7 @@ sub remove_cc {
     @$cc_users = grep { $_->id != $user->id } @$cc_users;
 }
 
-# $bug->add_comment("comment", {isprivate => 1, work_time => 10.5,
+# $bug->add_comment("comment", {isprivate => 1, work_time => 10.5, is_markdown => 1,
 #                               type => CMT_NORMAL, extra_data => $data});
 sub add_comment {
     my ($self, $comment, $params) = @_;
diff --git a/Bugzilla/Comment.pm b/Bugzilla/Comment.pm
index f9a6f7d3a..937cd1203 100644
--- a/Bugzilla/Comment.pm
+++ b/Bugzilla/Comment.pm
@@ -45,6 +45,7 @@ use constant DB_COLUMNS => qw(
     already_wrapped
     type
     extra_data
+    is_markdown
 );
 
 use constant UPDATE_COLUMNS => qw(
@@ -67,6 +68,7 @@ use constant VALIDATORS => {
     work_time   => \&_check_work_time,
     thetext     => \&_check_thetext,
     isprivate   => \&_check_isprivate,
+    is_markdown => \&Bugzilla::Object::check_boolean,
     extra_data  => \&_check_extra_data,
     type        => \&_check_type,
 };
@@ -233,6 +235,7 @@ sub body        { return $_[0]->{'thetext'};   }
 sub bug_id      { return $_[0]->{'bug_id'};    }
 sub creation_ts { return $_[0]->{'bug_when'};  }
 sub is_private  { return $_[0]->{'isprivate'}; }
+sub is_markdown { return $_[0]->{'is_markdown'}; }
 sub work_time   {
     # Work time is returned as a string (see bug 607909)
     return 0 if $_[0]->{'work_time'} + 0 == 0;
@@ -576,6 +579,10 @@ C<string> Time spent as related to this comment.
 
 C<boolean> Comment is marked as private.
 
+=item C<is_markdown>
+
+C<boolean> Whether this comment needs Markdown rendering to be applied.
+
 =item C<already_wrapped>
 
 If this comment is stored in the database word-wrapped, this will be C<1>.
diff --git a/Bugzilla/Hook.pm b/Bugzilla/Hook.pm
index bed6a53b0..d27468f55 100644
--- a/Bugzilla/Hook.pm
+++ b/Bugzilla/Hook.pm
@@ -438,12 +438,6 @@ Sometimes this is C<undef>, meaning that we are parsing text that is
 not a bug comment (but could still be some other part of a bug, like
 the summary line).
 
-=item C<user>
-
-The L<Bugzilla::User> object representing the user who will see the text.
-This is useful to determine how much confidential information can be displayed
-to the user.
-
 =back
 
 =head2 bug_start_of_update
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 299734d64..f74565302 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -130,17 +130,20 @@ sub get_format {
     };
 }
 
-# This routine quoteUrls contains inspirations from the HTML::FromText CPAN
+# This routine renderComment contains inspirations from the HTML::FromText CPAN
 # module by Gareth Rees <garethr@cre.canon.co.uk>.  It has been heavily hacked,
 # all that is really recognizable from the original is bits of the regular
 # expressions.
 # This has been rewritten to be faster, mainly by substituting 'as we go'.
 # If you want to modify this routine, read the comments carefully
+# Renamed from 'quoteUrls' to 'renderComment' after markdown support was added.
 
-sub quoteUrls {
-    my ($text, $bug, $comment, $user, $bug_link_func) = @_;
+sub renderComment {
+    my ($text, $bug, $comment, $skip_markdown, $bug_link_func) = @_;
     return $text unless $text;
-    $user ||= Bugzilla->user;
+    my $anon_user = Bugzilla::User->new;
+    # We choose to render markdown by default, unless the comment explicitly isn't.
+    $skip_markdown ||= $comment && !$comment->is_markdown;
     $bug_link_func ||= \&get_bug_link;
 
     # We use /g for speed, but uris can have other things inside them
@@ -173,7 +176,7 @@ sub quoteUrls {
     my @hook_regexes;
     Bugzilla::Hook::process('bug_format_comment',
         { text => \$text, bug => $bug, regexes => \@hook_regexes,
-          comment => $comment, user => $user });
+          comment => $comment, user => undef });
 
     foreach my $re (@hook_regexes) {
         my ($match, $replace) = @$re{qw(match replace)};
@@ -193,37 +196,47 @@ sub quoteUrls {
     # Provide tooltips for full bug links (Bug 74355)
     my $urlbase_re = '(' . quotemeta(Bugzilla->localconfig->{urlbase}) . ')';
     $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b
-              ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $user })) &&
+              ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $anon_user })) &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egox;
 
-    # non-mailto protocols
-    my $safe_protocols = SAFE_URL_REGEXP();
-    $text =~ s~\b($safe_protocols)
+
+    if ($skip_markdown) {
+        # non-mailto protocols
+        my $safe_protocols = SAFE_URL_REGEXP();
+        $text =~ s~\b($safe_protocols)
               ~($tmp = html_quote($1)) &&
                ($things[$count++] = "<a rel=\"nofollow\" href=\"$tmp\">$tmp</a>") &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egox;
 
-    # We have to quote now, otherwise the html itself is escaped
-    # THIS MEANS THAT A LITERAL ", <, >, ' MUST BE ESCAPED FOR A MATCH
+        # We have to quote now, otherwise the html itself is escaped
+        # THIS MEANS THAT A LITERAL ", <, >, ' MUST BE ESCAPED FOR A MATCH
+        $text = html_quote($text);
 
-    $text = html_quote($text);
+        # Color quoted text
+        $text =~ s~^(&gt;.+)$~<span class="quote">$1</span >~mg;
+        $text =~ s~</span >\n<span class="quote">~\n~g;
 
-    # Color quoted text
-    $text =~ s~^(&gt;.+)$~<span class="quote">$1</span >~mg;
-    $text =~ s~</span >\n<span class="quote">~\n~g;
+        # mailto:
+        # Use |<nothing> so that $1 is defined regardless
+        # &#64; is the encoded '@' character.
+        $text =~ s~\b(mailto:|)?([\w\.\-\+\=]+&\#64;[\w\-]+(?:\.[\w\-]+)+)\b
+                 ~<a href=\"mailto:$2\">$1$2</a>~igx;
+    }
+    else {
+        # We intentionally disable all html tags. Users should use markdown syntax.
+        # This prevents things like inline styles on anchor tags, which otherwise would be valid.
+        $text =~ s/([<])/&lt;/g;
 
-    # mailto:
-    # Use |<nothing> so that $1 is defined regardless
-    # &#64; is the encoded '@' character.
-    $text =~ s~\b(mailto:|)?([\w\.\-\+\=]+&\#64;[\w\-]+(?:\.[\w\-]+)+)\b
-              ~<a href=\"mailto:$2\">$1$2</a>~igx;
+        # As a preference, we opt into all new line breaks being rendered as a new line.
+        $text =~ s/(\r?\n)/  $1/g;
+    }
 
     # attachment links
     # BMO: don't make diff view the default for patches (Bug 652332)
     $text =~ s~\b(attachment$s*\#?$s*(\d+)(?:$s+\[diff\])?(?:\s+\[details\])?)
-              ~($things[$count++] = get_attachment_link($2, $1, $user)) &&
+              ~($things[$count++] = get_attachment_link($2, $1, $anon_user)) &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egmxi;
 
@@ -240,7 +253,7 @@ sub quoteUrls {
     $text =~ s~\b($bug_re(?:$s*,?$s*$comment_re)?|$comment_re)
               ~ # We have several choices. $1 here is the link, and $2-4 are set
                 # depending on which part matched
-               (defined($2) ? $bug_link_func->($2, $1, { comment_num => $3, user => $user }) :
+               (defined($2) ? $bug_link_func->($2, $1, { comment_num => $3, user => $anon_user }) :
                               "<a href=\"$current_bugurl#c$4\">$1</a>")
               ~egx;
 
@@ -249,7 +262,7 @@ sub quoteUrls {
     $text =~ s~(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )
                (\d+)
                (?=\ \*\*\*\Z)
-              ~$bug_link_func->($1, $1, { user => $user })
+              ~$bug_link_func->($1, $1, { user => $anon_user })
               ~egmx;
 
     # Now remove the encoding hacks in reverse order
@@ -257,7 +270,12 @@ sub quoteUrls {
         $text =~ s/\x{FDD2}($i)\x{FDD3}/$things[$i]/eg;
     }
 
-    return $text;
+    if ($skip_markdown) {
+        return $text;
+    }
+    else {
+        return Bugzilla->markdown_parser->render_html($text);
+    }
 }
 
 # Creates a link to an attachment, including its title.
@@ -271,11 +289,17 @@ sub get_attachment_link {
     if ($attachment) {
         my $title = "";
         my $className = "";
+        my $linkClass = "";
+
         if ($user->can_see_bug($attachment->bug_id)
             && (!$attachment->isprivate || $user->is_insider))
         {
             $title = $attachment->description;
         }
+        else{
+            $linkClass = "bz_private_link";
+        }
+
         if ($attachment->isobsolete) {
             $className = "bz_obsolete";
         }
@@ -296,7 +320,7 @@ sub get_attachment_link {
 
         # Whitespace matters here because these links are in <pre> tags.
         return qq|<span class="$className">|
-               . qq|<a href="${linkval}" name="attach_${attachid}" title="$title">$link_text</a>|
+               . qq|<a href="${linkval}" class="$linkClass" name="attach_${attachid}" title="$title">$link_text</a>|
                . qq| <a href="${linkval}&amp;action=edit" title="$title">[details]</a>|
                . qq|${patchlink}|
                . qq|</span>|;
@@ -706,11 +730,11 @@ sub create {
             # Removes control characters and trims extra whitespace.
             clean_text => \&Bugzilla::Util::clean_text ,
 
-            quoteUrls => [ sub {
-                               my ($context, $bug, $comment, $user) = @_;
+            renderComment => [ sub {
+                               my ($context, $bug, $comment, $skip_markdown) = @_;
                                return sub {
                                    my $text = shift;
-                                   return quoteUrls($text, $bug, $comment, $user);
+                                   return renderComment($text, $bug, $comment, $skip_markdown);
                                };
                            },
                            1
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index feb541c2e..d14300f6f 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -362,7 +362,7 @@ sub render_comment {
     Bugzilla->switch_to_shadow_db();
     my $bug = $params->{id} ? Bugzilla::Bug->check($params->{id}) : undef;
 
-    my $html = Bugzilla::Template::quoteUrls($params->{text}, $bug);
+    my $html = Bugzilla::Template::renderComment($params->{text}, $bug);
 
     return { html => $html };
 }
@@ -381,6 +381,7 @@ sub _translate_comment {
         time       => $self->type('dateTime', $comment->creation_ts),
         creation_time => $self->type('dateTime', $comment->creation_ts),
         is_private => $self->type('boolean', $comment->is_private),
+        is_markdown => $self->type('boolean', $comment->is_markdown),
         text       => $self->type('string', $comment->body_full),
         attachment_id => $self->type('int', $attach_id),
         count      => $self->type('int', $comment->count),
@@ -1112,9 +1113,11 @@ sub add_comment {
     if (defined $params->{private}) {
         $params->{is_private} = delete $params->{private};
     }
+
     # Append comment
     $bug->add_comment($comment, { isprivate => $params->{is_private},
-                                  work_time => $params->{work_time} });
+                                  work_time => $params->{work_time},
+                                  is_markdown => 1 });
 
     # Add comment tags
     $bug->set_all({ comment_tags => $params->{comment_tags} })
-- 
cgit v1.2.3-24-g4f1b


From ea5beeacb185309572836cc60989f95ea4705f9d Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 10 Aug 2018 15:41:53 -0400
Subject: Bug 1482475 - Add extensive testing framework

---
 Bugzilla/Config.pm               | 37 +++++++++++----------
 Bugzilla/DB/Sqlite.pm            |  2 +-
 Bugzilla/Test/MockDB.pm          | 49 +++++++++++++++++++++++++++
 Bugzilla/Test/MockLocalconfig.pm | 18 ++++++++++
 Bugzilla/Test/MockParams.pm      | 71 ++++++++++++++++++++++++++++++++++++++++
 Bugzilla/Test/Util.pm            |  2 +-
 6 files changed, 159 insertions(+), 20 deletions(-)
 create mode 100644 Bugzilla/Test/MockDB.pm
 create mode 100644 Bugzilla/Test/MockLocalconfig.pm
 create mode 100644 Bugzilla/Test/MockParams.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index d050ff9e0..85779fa6b 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -251,28 +251,11 @@ sub write_params {
     my ($param_data) = @_;
     $param_data ||= Bugzilla->params;
 
-    my $datadir    = bz_locations()->{'datadir'};
-    my $param_file = "$datadir/params";
-
     local $Data::Dumper::Sortkeys = 1;
 
-    my ($fh, $tmpname) = File::Temp::tempfile('params.XXXXX',
-                                              DIR => $datadir );
-
     my %params = %$param_data;
     $params{urlbase} = Bugzilla->localconfig->{urlbase};
-    print $fh (Data::Dumper->Dump([\%params], ['*param']))
-      || die "Can't write param file: $!";
-
-    close $fh;
-
-    rename $tmpname, $param_file
-      or die "Can't rename $tmpname to $param_file: $!";
-
-    # It's not common to edit parameters and loading
-    # Bugzilla::Install::Filesystem is slow.
-    require Bugzilla::Install::Filesystem;
-    Bugzilla::Install::Filesystem::fix_file_permissions($param_file);
+    __PACKAGE__->_write_file( Data::Dumper->Dump([\%params], ['*param']) );
 
     # And now we have to reset the params cache so that Bugzilla will re-read
     # them.
@@ -311,6 +294,24 @@ sub read_param_file {
     return \%params;
 }
 
+sub _write_file {
+    my ($class, $str) = @_;
+    my $datadir    = bz_locations()->{'datadir'};
+    my $param_file = "$datadir/params";
+    my ($fh, $tmpname) = File::Temp::tempfile('params.XXXXX',
+                                              DIR => $datadir );
+    print $fh $str || die "Can't write param file: $!";
+    close $fh || die "Can't close param file: $!";
+
+    rename $tmpname, $param_file
+      or die "Can't rename $tmpname to $param_file: $!";
+
+    # It's not common to edit parameters and loading
+    # Bugzilla::Install::Filesystem is slow.
+    require Bugzilla::Install::Filesystem;
+    Bugzilla::Install::Filesystem::fix_file_permissions($param_file);
+}
+
 1;
 
 __END__
diff --git a/Bugzilla/DB/Sqlite.pm b/Bugzilla/DB/Sqlite.pm
index 3890d0795..81ee7d888 100644
--- a/Bugzilla/DB/Sqlite.pm
+++ b/Bugzilla/DB/Sqlite.pm
@@ -73,7 +73,7 @@ sub BUILDARGS {
     my $db_name = $params->{db_name};
 
     # Let people specify paths intead of data/ for the DB.
-    if ($db_name and $db_name !~ m{[\\/]}) {
+    if ($db_name && $db_name ne ':memory:' && $db_name !~ m{[\\/]}) {
         # When the DB is first created, there's a chance that the
         # data directory doesn't exist at all, because the Install::Filesystem
         # code happens after DB creation. So we create the directory ourselves
diff --git a/Bugzilla/Test/MockDB.pm b/Bugzilla/Test/MockDB.pm
new file mode 100644
index 000000000..d158a73de
--- /dev/null
+++ b/Bugzilla/Test/MockDB.pm
@@ -0,0 +1,49 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+package Bugzilla::Test::MockDB;
+use 5.10.1;
+use strict;
+use warnings;
+use Try::Tiny;
+use Capture::Tiny qw(capture_merged);
+
+use Bugzilla::Test::MockLocalconfig (
+    db_driver => 'sqlite',
+    db_name => ':memory:',
+);
+use Bugzilla;
+BEGIN { Bugzilla->extensions };
+use Bugzilla::Test::MockParams;
+
+sub import {
+    require Bugzilla::Install;
+    require Bugzilla::Install::DB;
+    require Bugzilla::Field;;
+
+    state $first_time = 0;
+
+    return undef if $first_time++;
+
+    return capture_merged {
+        Bugzilla->dbh->bz_setup_database();
+
+        # Populate the tables that hold the values for the <select> fields.
+        Bugzilla->dbh->bz_populate_enum_tables();
+
+        Bugzilla::Install::DB::update_fielddefs_definition();
+        Bugzilla::Field::populate_field_definitions();
+        Bugzilla::Install::init_workflow();
+        Bugzilla::Install::DB->update_table_definitions({});
+        Bugzilla::Install::update_system_groups();
+
+        Bugzilla->set_user(Bugzilla::User->super_user);
+
+        Bugzilla::Install::update_settings();
+    };
+}
+
+1;
diff --git a/Bugzilla/Test/MockLocalconfig.pm b/Bugzilla/Test/MockLocalconfig.pm
new file mode 100644
index 000000000..a32aea0d4
--- /dev/null
+++ b/Bugzilla/Test/MockLocalconfig.pm
@@ -0,0 +1,18 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+package Bugzilla::Test::MockLocalconfig;
+use 5.10.1;
+use strict;
+use warnings;
+
+sub import {
+    my ($class, %lc) = @_;
+    $ENV{LOCALCONFIG_ENV} = 'BMO';
+    $ENV{"BMO_$_"} = $lc{$_} for keys %lc;
+}
+
+1;
diff --git a/Bugzilla/Test/MockParams.pm b/Bugzilla/Test/MockParams.pm
new file mode 100644
index 000000000..2d064c616
--- /dev/null
+++ b/Bugzilla/Test/MockParams.pm
@@ -0,0 +1,71 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+package Bugzilla::Test::MockParams;
+use 5.10.1;
+use strict;
+use warnings;
+use Try::Tiny;
+use Capture::Tiny qw(capture_merged);
+use Test2::Tools::Mock qw(mock);
+
+use Bugzilla::Config;
+use Safe;
+
+our $Params;
+BEGIN {
+    our $Mock = mock 'Bugzilla::Config' => (
+        override => [
+            'read_param_file' => sub {
+                my ($class) = @_;
+                return {} unless $Params;
+                my $s = Safe->new;
+                $s->reval($Params);
+                die "Error evaluating params: $@" if $@;
+                return { %{ $s->varglob('param') } };
+            },
+            '_write_file' => sub {
+                my ($class, $str) = @_;
+                $Params = $str;
+            },
+        ],
+    );
+}
+
+sub import {
+    my ($self, %answers) = @_;
+    state $first_time = 0;
+
+    require Bugzilla::Field;
+    require Bugzilla::Status;
+    require Bugzilla;
+    my $Bugzilla = mock 'Bugzilla' => (
+        override => [
+            installation_answers => sub { \%answers },
+        ],
+    );
+    my $BugzillaField = mock 'Bugzilla::Field' => (
+        override => [
+            get_legal_field_values => sub { [] },
+        ],
+    );
+    my $BugzillaStatus = mock 'Bugzilla::Status' => (
+        override => [
+            closed_bug_statuses => sub { die "no database" },
+        ],
+    );
+
+    if ($first_time++) {
+        capture_merged {
+            Bugzilla::Config::update_params();
+        };
+    }
+    else {
+        Bugzilla::Config::SetParam($_, $answers{$_}) for keys %answers;
+    }
+}
+
+1;
\ No newline at end of file
diff --git a/Bugzilla/Test/Util.pm b/Bugzilla/Test/Util.pm
index 4c9981e52..02c842658 100644
--- a/Bugzilla/Test/Util.pm
+++ b/Bugzilla/Test/Util.pm
@@ -24,7 +24,7 @@ sub create_user {
         cryptpassword => $password,
         disabledtext  => "",
         disable_mail  => 0,
-        extern_id     => 0,
+        extern_id     => undef,
         %extra,
     });
 }
-- 
cgit v1.2.3-24-g4f1b


From ec87e5310ad038abe4b2b329897638d866bf549a Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 14 Aug 2018 08:28:31 -0400
Subject: Revert "Bug 1456878 - Support markdown comments"

This reverts commit fd850e00db835d2b84c59014c3b1021fea2294fc.
---
 Bugzilla/Bug.pm            |  8 ++---
 Bugzilla/Comment.pm        |  7 ----
 Bugzilla/Hook.pm           |  6 ++++
 Bugzilla/Template.pm       | 80 ++++++++++++++++------------------------------
 Bugzilla/WebService/Bug.pm |  7 ++--
 5 files changed, 39 insertions(+), 69 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 9c820eedc..ee48ed7a2 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -732,7 +732,7 @@ sub _preload_referenced_bugs {
         }
         else {
             # bugs referenced in comments
-            Bugzilla::Template::renderComment($comment->body, undef, undef, 1,
+            Bugzilla::Template::quoteUrls($comment->body, undef, undef, undef,
                 sub {
                     my $bug_id = $_[0];
                     push @referenced_bug_ids, $bug_id
@@ -999,7 +999,6 @@ sub create {
 
     # We now have a bug id so we can fill this out
     $creation_comment->{'bug_id'} = $bug->id;
-    $creation_comment->{'is_markdown'} = 1;
 
     # Insert the comment. We always insert a comment on bug creation,
     # but sometimes it's blank.
@@ -2663,8 +2662,7 @@ sub set_all {
         # there are lots of things that want to check if we added a comment.
         $self->add_comment($params->{'comment'}->{'body'},
             { isprivate => $params->{'comment'}->{'is_private'},
-              work_time => $params->{'work_time'},
-              is_markdown => 1 });
+              work_time => $params->{'work_time'} });
     }
 
     if (defined $params->{comment_tags} && Bugzilla->user->can_tag_comments()) {
@@ -3145,7 +3143,7 @@ sub remove_cc {
     @$cc_users = grep { $_->id != $user->id } @$cc_users;
 }
 
-# $bug->add_comment("comment", {isprivate => 1, work_time => 10.5, is_markdown => 1,
+# $bug->add_comment("comment", {isprivate => 1, work_time => 10.5,
 #                               type => CMT_NORMAL, extra_data => $data});
 sub add_comment {
     my ($self, $comment, $params) = @_;
diff --git a/Bugzilla/Comment.pm b/Bugzilla/Comment.pm
index 937cd1203..f9a6f7d3a 100644
--- a/Bugzilla/Comment.pm
+++ b/Bugzilla/Comment.pm
@@ -45,7 +45,6 @@ use constant DB_COLUMNS => qw(
     already_wrapped
     type
     extra_data
-    is_markdown
 );
 
 use constant UPDATE_COLUMNS => qw(
@@ -68,7 +67,6 @@ use constant VALIDATORS => {
     work_time   => \&_check_work_time,
     thetext     => \&_check_thetext,
     isprivate   => \&_check_isprivate,
-    is_markdown => \&Bugzilla::Object::check_boolean,
     extra_data  => \&_check_extra_data,
     type        => \&_check_type,
 };
@@ -235,7 +233,6 @@ sub body        { return $_[0]->{'thetext'};   }
 sub bug_id      { return $_[0]->{'bug_id'};    }
 sub creation_ts { return $_[0]->{'bug_when'};  }
 sub is_private  { return $_[0]->{'isprivate'}; }
-sub is_markdown { return $_[0]->{'is_markdown'}; }
 sub work_time   {
     # Work time is returned as a string (see bug 607909)
     return 0 if $_[0]->{'work_time'} + 0 == 0;
@@ -579,10 +576,6 @@ C<string> Time spent as related to this comment.
 
 C<boolean> Comment is marked as private.
 
-=item C<is_markdown>
-
-C<boolean> Whether this comment needs Markdown rendering to be applied.
-
 =item C<already_wrapped>
 
 If this comment is stored in the database word-wrapped, this will be C<1>.
diff --git a/Bugzilla/Hook.pm b/Bugzilla/Hook.pm
index d27468f55..bed6a53b0 100644
--- a/Bugzilla/Hook.pm
+++ b/Bugzilla/Hook.pm
@@ -438,6 +438,12 @@ Sometimes this is C<undef>, meaning that we are parsing text that is
 not a bug comment (but could still be some other part of a bug, like
 the summary line).
 
+=item C<user>
+
+The L<Bugzilla::User> object representing the user who will see the text.
+This is useful to determine how much confidential information can be displayed
+to the user.
+
 =back
 
 =head2 bug_start_of_update
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index f74565302..299734d64 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -130,20 +130,17 @@ sub get_format {
     };
 }
 
-# This routine renderComment contains inspirations from the HTML::FromText CPAN
+# This routine quoteUrls contains inspirations from the HTML::FromText CPAN
 # module by Gareth Rees <garethr@cre.canon.co.uk>.  It has been heavily hacked,
 # all that is really recognizable from the original is bits of the regular
 # expressions.
 # This has been rewritten to be faster, mainly by substituting 'as we go'.
 # If you want to modify this routine, read the comments carefully
-# Renamed from 'quoteUrls' to 'renderComment' after markdown support was added.
 
-sub renderComment {
-    my ($text, $bug, $comment, $skip_markdown, $bug_link_func) = @_;
+sub quoteUrls {
+    my ($text, $bug, $comment, $user, $bug_link_func) = @_;
     return $text unless $text;
-    my $anon_user = Bugzilla::User->new;
-    # We choose to render markdown by default, unless the comment explicitly isn't.
-    $skip_markdown ||= $comment && !$comment->is_markdown;
+    $user ||= Bugzilla->user;
     $bug_link_func ||= \&get_bug_link;
 
     # We use /g for speed, but uris can have other things inside them
@@ -176,7 +173,7 @@ sub renderComment {
     my @hook_regexes;
     Bugzilla::Hook::process('bug_format_comment',
         { text => \$text, bug => $bug, regexes => \@hook_regexes,
-          comment => $comment, user => undef });
+          comment => $comment, user => $user });
 
     foreach my $re (@hook_regexes) {
         my ($match, $replace) = @$re{qw(match replace)};
@@ -196,47 +193,37 @@ sub renderComment {
     # Provide tooltips for full bug links (Bug 74355)
     my $urlbase_re = '(' . quotemeta(Bugzilla->localconfig->{urlbase}) . ')';
     $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b
-              ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $anon_user })) &&
+              ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $user })) &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egox;
 
-
-    if ($skip_markdown) {
-        # non-mailto protocols
-        my $safe_protocols = SAFE_URL_REGEXP();
-        $text =~ s~\b($safe_protocols)
+    # non-mailto protocols
+    my $safe_protocols = SAFE_URL_REGEXP();
+    $text =~ s~\b($safe_protocols)
               ~($tmp = html_quote($1)) &&
                ($things[$count++] = "<a rel=\"nofollow\" href=\"$tmp\">$tmp</a>") &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egox;
 
-        # We have to quote now, otherwise the html itself is escaped
-        # THIS MEANS THAT A LITERAL ", <, >, ' MUST BE ESCAPED FOR A MATCH
-        $text = html_quote($text);
+    # We have to quote now, otherwise the html itself is escaped
+    # THIS MEANS THAT A LITERAL ", <, >, ' MUST BE ESCAPED FOR A MATCH
 
-        # Color quoted text
-        $text =~ s~^(&gt;.+)$~<span class="quote">$1</span >~mg;
-        $text =~ s~</span >\n<span class="quote">~\n~g;
+    $text = html_quote($text);
 
-        # mailto:
-        # Use |<nothing> so that $1 is defined regardless
-        # &#64; is the encoded '@' character.
-        $text =~ s~\b(mailto:|)?([\w\.\-\+\=]+&\#64;[\w\-]+(?:\.[\w\-]+)+)\b
-                 ~<a href=\"mailto:$2\">$1$2</a>~igx;
-    }
-    else {
-        # We intentionally disable all html tags. Users should use markdown syntax.
-        # This prevents things like inline styles on anchor tags, which otherwise would be valid.
-        $text =~ s/([<])/&lt;/g;
+    # Color quoted text
+    $text =~ s~^(&gt;.+)$~<span class="quote">$1</span >~mg;
+    $text =~ s~</span >\n<span class="quote">~\n~g;
 
-        # As a preference, we opt into all new line breaks being rendered as a new line.
-        $text =~ s/(\r?\n)/  $1/g;
-    }
+    # mailto:
+    # Use |<nothing> so that $1 is defined regardless
+    # &#64; is the encoded '@' character.
+    $text =~ s~\b(mailto:|)?([\w\.\-\+\=]+&\#64;[\w\-]+(?:\.[\w\-]+)+)\b
+              ~<a href=\"mailto:$2\">$1$2</a>~igx;
 
     # attachment links
     # BMO: don't make diff view the default for patches (Bug 652332)
     $text =~ s~\b(attachment$s*\#?$s*(\d+)(?:$s+\[diff\])?(?:\s+\[details\])?)
-              ~($things[$count++] = get_attachment_link($2, $1, $anon_user)) &&
+              ~($things[$count++] = get_attachment_link($2, $1, $user)) &&
                ("\x{FDD2}" . ($count-1) . "\x{FDD3}")
               ~egmxi;
 
@@ -253,7 +240,7 @@ sub renderComment {
     $text =~ s~\b($bug_re(?:$s*,?$s*$comment_re)?|$comment_re)
               ~ # We have several choices. $1 here is the link, and $2-4 are set
                 # depending on which part matched
-               (defined($2) ? $bug_link_func->($2, $1, { comment_num => $3, user => $anon_user }) :
+               (defined($2) ? $bug_link_func->($2, $1, { comment_num => $3, user => $user }) :
                               "<a href=\"$current_bugurl#c$4\">$1</a>")
               ~egx;
 
@@ -262,7 +249,7 @@ sub renderComment {
     $text =~ s~(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )
                (\d+)
                (?=\ \*\*\*\Z)
-              ~$bug_link_func->($1, $1, { user => $anon_user })
+              ~$bug_link_func->($1, $1, { user => $user })
               ~egmx;
 
     # Now remove the encoding hacks in reverse order
@@ -270,12 +257,7 @@ sub renderComment {
         $text =~ s/\x{FDD2}($i)\x{FDD3}/$things[$i]/eg;
     }
 
-    if ($skip_markdown) {
-        return $text;
-    }
-    else {
-        return Bugzilla->markdown_parser->render_html($text);
-    }
+    return $text;
 }
 
 # Creates a link to an attachment, including its title.
@@ -289,17 +271,11 @@ sub get_attachment_link {
     if ($attachment) {
         my $title = "";
         my $className = "";
-        my $linkClass = "";
-
         if ($user->can_see_bug($attachment->bug_id)
             && (!$attachment->isprivate || $user->is_insider))
         {
             $title = $attachment->description;
         }
-        else{
-            $linkClass = "bz_private_link";
-        }
-
         if ($attachment->isobsolete) {
             $className = "bz_obsolete";
         }
@@ -320,7 +296,7 @@ sub get_attachment_link {
 
         # Whitespace matters here because these links are in <pre> tags.
         return qq|<span class="$className">|
-               . qq|<a href="${linkval}" class="$linkClass" name="attach_${attachid}" title="$title">$link_text</a>|
+               . qq|<a href="${linkval}" name="attach_${attachid}" title="$title">$link_text</a>|
                . qq| <a href="${linkval}&amp;action=edit" title="$title">[details]</a>|
                . qq|${patchlink}|
                . qq|</span>|;
@@ -730,11 +706,11 @@ sub create {
             # Removes control characters and trims extra whitespace.
             clean_text => \&Bugzilla::Util::clean_text ,
 
-            renderComment => [ sub {
-                               my ($context, $bug, $comment, $skip_markdown) = @_;
+            quoteUrls => [ sub {
+                               my ($context, $bug, $comment, $user) = @_;
                                return sub {
                                    my $text = shift;
-                                   return renderComment($text, $bug, $comment, $skip_markdown);
+                                   return quoteUrls($text, $bug, $comment, $user);
                                };
                            },
                            1
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index d14300f6f..feb541c2e 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -362,7 +362,7 @@ sub render_comment {
     Bugzilla->switch_to_shadow_db();
     my $bug = $params->{id} ? Bugzilla::Bug->check($params->{id}) : undef;
 
-    my $html = Bugzilla::Template::renderComment($params->{text}, $bug);
+    my $html = Bugzilla::Template::quoteUrls($params->{text}, $bug);
 
     return { html => $html };
 }
@@ -381,7 +381,6 @@ sub _translate_comment {
         time       => $self->type('dateTime', $comment->creation_ts),
         creation_time => $self->type('dateTime', $comment->creation_ts),
         is_private => $self->type('boolean', $comment->is_private),
-        is_markdown => $self->type('boolean', $comment->is_markdown),
         text       => $self->type('string', $comment->body_full),
         attachment_id => $self->type('int', $attach_id),
         count      => $self->type('int', $comment->count),
@@ -1113,11 +1112,9 @@ sub add_comment {
     if (defined $params->{private}) {
         $params->{is_private} = delete $params->{private};
     }
-
     # Append comment
     $bug->add_comment($comment, { isprivate => $params->{is_private},
-                                  work_time => $params->{work_time},
-                                  is_markdown => 1 });
+                                  work_time => $params->{work_time} });
 
     # Add comment tags
     $bug->set_all({ comment_tags => $params->{comment_tags} })
-- 
cgit v1.2.3-24-g4f1b


From ae9885389d3ce428f24e0352814b70b099fadb95 Mon Sep 17 00:00:00 2001
From: Mars <mfogels@gmail.com>
Date: Thu, 16 Aug 2018 17:39:19 -0400
Subject: Bug 1480878 - Monitor the health of Push connector job processing

---
 Bugzilla/Install/Localconfig.pm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm
index e1a8e0909..e524535ac 100644
--- a/Bugzilla/Install/Localconfig.pm
+++ b/Bugzilla/Install/Localconfig.pm
@@ -186,7 +186,15 @@ use constant LOCALCONFIG_VARS => (
     {
         name => 'shadowdb_pass',
         default => '',
-    }
+    },
+    {
+        name => 'datadog_host',
+        default => '',
+    },
+    {
+        name => 'datadog_port',
+        default => 8125,
+    },
 );
 
 
-- 
cgit v1.2.3-24-g4f1b


From 72f78546d35342dcf556322cd702bc32e9ed2811 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 17 Aug 2018 13:20:02 -0400
Subject: Bug 1482145 - add more type checking to phabbugz code

---
 Bugzilla/Types.pm | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 Bugzilla/Types.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Types.pm b/Bugzilla/Types.pm
new file mode 100644
index 000000000..93d699f49
--- /dev/null
+++ b/Bugzilla/Types.pm
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Types;
+
+use 5.10.1;
+use strict;
+use warnings;
+
+use Type::Library
+    -base,
+    -declare => qw( Bug User Group Attachment Comment JSONBool );
+use Type::Utils -all;
+use Types::Standard -types;
+
+class_type Bug,        { class => 'Bugzilla::Bug' };
+class_type User,       { class => 'Bugzilla::User' };
+class_type Group,      { class => 'Bugzilla::Group' };
+class_type Attachment, { class => 'Bugzilla::Attachment' };
+class_type Comment,    { class => 'Bugzilla::Comment' };
+class_type JSONBool,   { class => 'JSON::PP::Boolean' };
+
+1;
-- 
cgit v1.2.3-24-g4f1b


From ec67fc35e552accc2338e322e9128dacb13a9a91 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 20 Aug 2018 17:27:57 -0400
Subject: Bug 1482145 - Some changes required for unit tests to be written

---
 Bugzilla/Test/MockDB.pm | 73 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Test/MockDB.pm b/Bugzilla/Test/MockDB.pm
index d158a73de..fb7873ccf 100644
--- a/Bugzilla/Test/MockDB.pm
+++ b/Bugzilla/Test/MockDB.pm
@@ -17,7 +17,10 @@ use Bugzilla::Test::MockLocalconfig (
 );
 use Bugzilla;
 BEGIN { Bugzilla->extensions };
-use Bugzilla::Test::MockParams;
+use Bugzilla::Test::MockParams (
+    emailsuffix => '',
+    emailregexp => '.+',
+);
 
 sub import {
     require Bugzilla::Install;
@@ -43,6 +46,74 @@ sub import {
         Bugzilla->set_user(Bugzilla::User->super_user);
 
         Bugzilla::Install::update_settings();
+
+        my $dbh = Bugzilla->dbh;
+        if ( !$dbh->selectrow_array("SELECT 1 FROM priority WHERE value = 'P1'") ) {
+            $dbh->do("DELETE FROM priority");
+            my $count = 100;
+            foreach my $priority (map { "P$_" } 1..5) {
+                $dbh->do( "INSERT INTO priority (value, sortkey) VALUES (?, ?)", undef, ( $priority, $count + 100 ) );
+            }
+        }
+        my @flagtypes = (
+            {
+                name             => 'review',
+                desc             => 'The patch has passed review by a module owner or peer.',
+                is_requestable   => 1,
+                is_requesteeble  => 1,
+                is_multiplicable => 1,
+                grant_group      => '',
+                target_type      => 'a',
+                cc_list          => '',
+                inclusions       => ['']
+            },
+            {
+                name             => 'feedback',
+                desc             => 'A particular person\'s input is requested for a patch, ' .
+                                    'but that input does not amount to an official review.',
+                is_requestable   => 1,
+                is_requesteeble  => 1,
+                is_multiplicable => 1,
+                grant_group      => '',
+                target_type      => 'a',
+                cc_list          => '',
+                inclusions       => ['']
+            }
+        );
+
+        foreach my $flag (@flagtypes) {
+            next if Bugzilla::FlagType->new({ name => $flag->{name} });
+            my $grant_group_id = $flag->{grant_group}
+                                ? Bugzilla::Group->new({ name => $flag->{grant_group} })->id
+                                : undef;
+            my $request_group_id = $flag->{request_group}
+                                ? Bugzilla::Group->new({ name => $flag->{request_group} })->id
+                                : undef;
+
+            $dbh->do('INSERT INTO flagtypes (name, description, cc_list, target_type, is_requestable,
+                                            is_requesteeble, is_multiplicable, grant_group_id, request_group_id)
+                                    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)',
+                    undef, ($flag->{name}, $flag->{desc}, $flag->{cc_list}, $flag->{target_type},
+                            $flag->{is_requestable}, $flag->{is_requesteeble}, $flag->{is_multiplicable},
+                            $grant_group_id, $request_group_id));
+
+            my $type_id = $dbh->bz_last_key('flagtypes', 'id');
+
+            foreach my $inclusion (@{$flag->{inclusions}}) {
+                my ($product, $component) = split(':', $inclusion);
+                my ($prod_id, $comp_id);
+                if ($product) {
+                    my $prod_obj = Bugzilla::Product->new({ name => $product });
+                    $prod_id = $prod_obj->id;
+                    if ($component) {
+                        $comp_id = Bugzilla::Component->new({ name => $component, product => $prod_obj})->id;
+                    }
+                }
+                $dbh->do('INSERT INTO flaginclusions (type_id, product_id, component_id)
+                        VALUES (?, ?, ?)',
+                        undef, ($type_id, $prod_id, $comp_id));
+            }
+        }
     };
 }
 
-- 
cgit v1.2.3-24-g4f1b


From 4a66989c7cf4bcb1afce0c4e39a3f1c87ef0e57c Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 3 Apr 2018 23:05:04 -0400
Subject: Bug 1455495 - Replace apache with Mojolicious

---
 Bugzilla/Attachment/PatchReader.pm   |  15 +--
 Bugzilla/CGI.pm                      |  32 ++++--
 Bugzilla/DaemonControl.pm            |  26 +++--
 Bugzilla/Error.pm                    |   4 +-
 Bugzilla/Install/Filesystem.pm       | 127 +--------------------
 Bugzilla/ModPerl.pm                  | 118 -------------------
 Bugzilla/ModPerl/BasicAuth.pm        |  65 -----------
 Bugzilla/ModPerl/BlockIP.pm          |  65 -----------
 Bugzilla/ModPerl/Hostage.pm          |  71 ------------
 Bugzilla/ModPerl/StartupFix.pm       |  51 ---------
 Bugzilla/Quantum.pm                  | 214 +++++++++++++++++++++++++++++++++++
 Bugzilla/Quantum/CGI.pm              | 162 ++++++++++++++++++++++++++
 Bugzilla/Quantum/Plugin/BasicAuth.pm |  40 +++++++
 Bugzilla/Quantum/Plugin/BlockIP.pm   |  43 +++++++
 Bugzilla/Quantum/Plugin/Glue.pm      | 114 +++++++++++++++++++
 Bugzilla/Quantum/Plugin/Hostage.pm   |  80 +++++++++++++
 Bugzilla/Quantum/SES.pm              | 203 +++++++++++++++++++++++++++++++++
 Bugzilla/Quantum/Static.pm           |  30 +++++
 Bugzilla/Quantum/Stdout.pm           |  59 ++++++++++
 Bugzilla/Quantum/Template.pm         |  39 +++++++
 Bugzilla/Template.pm                 |   1 +
 Bugzilla/WebService/Server/XMLRPC.pm |   6 +-
 Bugzilla/WebService/Util.pm          |   8 +-
 23 files changed, 1035 insertions(+), 538 deletions(-)
 delete mode 100644 Bugzilla/ModPerl.pm
 delete mode 100644 Bugzilla/ModPerl/BasicAuth.pm
 delete mode 100644 Bugzilla/ModPerl/BlockIP.pm
 delete mode 100644 Bugzilla/ModPerl/Hostage.pm
 delete mode 100644 Bugzilla/ModPerl/StartupFix.pm
 create mode 100644 Bugzilla/Quantum.pm
 create mode 100644 Bugzilla/Quantum/CGI.pm
 create mode 100644 Bugzilla/Quantum/Plugin/BasicAuth.pm
 create mode 100644 Bugzilla/Quantum/Plugin/BlockIP.pm
 create mode 100644 Bugzilla/Quantum/Plugin/Glue.pm
 create mode 100644 Bugzilla/Quantum/Plugin/Hostage.pm
 create mode 100644 Bugzilla/Quantum/SES.pm
 create mode 100644 Bugzilla/Quantum/Static.pm
 create mode 100644 Bugzilla/Quantum/Stdout.pm
 create mode 100644 Bugzilla/Quantum/Template.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm
index 2cfbf2c6b..8025f5b82 100644
--- a/Bugzilla/Attachment/PatchReader.pm
+++ b/Bugzilla/Attachment/PatchReader.pm
@@ -116,18 +116,9 @@ sub process_interdiff {
     $ENV{'PATH'} = $lc->{diffpath};
 
     my ($pid, $interdiff_stdout, $interdiff_stderr);
-    if ($ENV{MOD_PERL}) {
-        require Apache2::RequestUtil;
-        require Apache2::SubProcess;
-        my $request = Apache2::RequestUtil->request;
-        (undef, $interdiff_stdout, $interdiff_stderr) = $request->spawn_proc_prog(
-            $lc->{interdiffbin}, [$old_filename, $new_filename]
-        );
-    } else {
-        $interdiff_stderr = gensym;
-        my $pid = open3(gensym, $interdiff_stdout, $interdiff_stderr,
-                        $lc->{interdiffbin}, $old_filename, $new_filename);
-    }
+    $interdiff_stderr = gensym;
+    $pid = open3(gensym, $interdiff_stdout, $interdiff_stderr,
+                    $lc->{interdiffbin}, $old_filename, $new_filename);
     binmode $interdiff_stdout;
 
     # Check for errors
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 6236b015a..4bc52d789 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -123,7 +123,7 @@ sub new {
 
     # Under mod_perl, CGI's global variables get reset on each request,
     # so we need to set them up again every time.
-    $class->_init_bz_cgi_globals() if $ENV{MOD_PERL};
+    $class->_init_bz_cgi_globals();
 
     my $self = $class->SUPER::new(@args);
 
@@ -481,11 +481,6 @@ sub _prevent_unsafe_response {
             print $self->SUPER::header(-type => 'text/html',  -status => '403 Forbidden');
             if ($content_type ne 'text/html') {
                 print "Untrusted Referer Header\n";
-                if ($ENV{MOD_PERL}) {
-                    my $r = $self->r;
-                    $r->rflush;
-                    $r->status(200);
-                }
             }
             exit;
         }
@@ -603,8 +598,25 @@ sub header {
             $headers{'-link'} .= ', <https://www.google-analytics.com>; rel="preconnect"; crossorigin';
         }
     }
-
-    return $self->SUPER::header(%headers) || "";
+    my $headers = $self->SUPER::header(%headers) || '';
+    if ($self->server_software eq 'Bugzilla::Quantum::CGI') {
+        my $c = $Bugzilla::Quantum::CGI::C;
+        $c->res->headers->parse($headers);
+        my $status = $c->res->headers->status;
+        if ($status && $status =~ /^([0-9]+)/) {
+            $c->res->code($1);
+        }
+        elsif ($c->res->headers->location) {
+            $c->res->code(302);
+        }
+        else {
+            $c->res->code(200);
+        }
+        return '';
+    }
+    else {
+        LOGDIE("Bugzilla::CGI->header() should only be called from inside Bugzilla::Quantum::CGI!");
+    }
 }
 
 sub param {
@@ -721,6 +733,7 @@ sub redirect {
     return $self->SUPER::redirect(@_);
 }
 
+use Bugzilla::Logging;
 # This helps implement Bugzilla::Search::Recent, and also shortens search
 # URLs that get POSTed to buglist.cgi.
 sub redirect_search_url {
@@ -791,9 +804,6 @@ sub redirect_to_https {
     # and do not work with 302. Our redirect really is permanent anyhow, so
     # it doesn't hurt to make it a 301.
     print $self->redirect(-location => $url, -status => 301);
-
-    # When using XML-RPC with mod_perl, we need the headers sent immediately.
-    $self->r->rflush if $ENV{MOD_PERL};
     exit;
 }
 
diff --git a/Bugzilla/DaemonControl.pm b/Bugzilla/DaemonControl.pm
index 6ff883af0..5cb32973f 100644
--- a/Bugzilla/DaemonControl.pm
+++ b/Bugzilla/DaemonControl.pm
@@ -23,7 +23,8 @@ use IO::Async::Protocol::LineStream;
 use IO::Async::Signal;
 use IO::Socket;
 use LWP::Simple qw(get);
-use POSIX qw(setsid WEXITSTATUS);
+use JSON::MaybeXS qw(encode_json);
+use POSIX qw(WEXITSTATUS);
 
 use base qw(Exporter);
 
@@ -43,8 +44,14 @@ our %EXPORT_TAGS = (
 my $BUGZILLA_DIR  = bz_locations->{cgi_path};
 my $JOBQUEUE_BIN  = catfile( $BUGZILLA_DIR, 'jobqueue.pl' );
 my $CEREAL_BIN    = catfile( $BUGZILLA_DIR, 'scripts', 'cereal.pl' );
-my $HTTPD_BIN     = '/usr/sbin/httpd';
-my $HTTPD_CONFIG  = catfile( bz_locations->{confdir}, 'httpd.conf' );
+my $BUGZILLA_BIN  = catfile( $BUGZILLA_DIR, 'bugzilla.pl' );
+my $HYPNOTOAD_BIN = catfile( $BUGZILLA_DIR, 'local', 'bin', 'hypnotoad' );
+my @PERL5LIB      = ( $BUGZILLA_DIR, catdir($BUGZILLA_DIR, 'lib'), catdir($BUGZILLA_DIR, 'local', 'lib', 'perl5') );
+
+my %HTTP_BACKENDS = (
+    hypnotoad => [ $HYPNOTOAD_BIN, $BUGZILLA_BIN, '-f' ],
+    simple    => [ $BUGZILLA_BIN, 'daemon' ],
+);
 
 sub catch_signal {
     my ($name, @done)   = @_;
@@ -98,13 +105,12 @@ sub run_httpd {
     my $exit_f = $loop->new_future;
     my $httpd  = IO::Async::Process->new(
         code => sub {
-
-            # we have to setsid() to make a new process group
-            # or else apache will kill its parent.
-            setsid();
-            my @command = ( $HTTPD_BIN, '-DFOREGROUND', '-f' => $HTTPD_CONFIG, @args );
-            exec @command
-              or die "failed to exec $command[0] $!";
+            $ENV{BUGZILLA_HTTPD_ARGS} = encode_json(\@args);
+            $ENV{PERL5LIB} = join(':', @PERL5LIB);
+            my $backend = $ENV{HTTP_BACKEND} // 'hypnotoad';
+            my $command = $HTTP_BACKENDS{ $backend };
+            exec @$command
+              or die "failed to exec $command->[0] $!";
         },
         on_finish    => on_finish($exit_f),
         on_exception => on_exception( 'httpd', $exit_f ),
diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm
index 9fcd16386..f932294b0 100644
--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -31,7 +31,7 @@ use Scalar::Util qw(blessed);
 sub _in_eval {
     my $in_eval = 0;
     for (my $stack = 1; my $sub = (caller($stack))[3]; $stack++) {
-        last if $sub =~ /^ModPerl/;
+        last if $sub =~ /^Bugzilla::Quantum::CGI::try/;
         $in_eval = 1 if $sub =~ /^\(eval\)/;
     }
     return $in_eval;
@@ -196,7 +196,7 @@ sub ThrowTemplateError {
 
     # mod_perl overrides exit to call die with this string
     # we never want to display this to the user
-    exit if $template_err =~ /\bModPerl::Util::exit\b/;
+    die $template_err if ref($template_err) eq 'ARRAY' && $template_err->[0] eq "EXIT\n";
 
     state $logger = Log::Log4perl->get_logger('Bugzilla.Error.Template');
     $logger->error($template_err);
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 003be22e4..f520d3d56 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -41,56 +41,11 @@ use English qw(-no_match_vars $OSNAME);
 use base qw(Exporter);
 our @EXPORT = qw(
     update_filesystem
-    create_htaccess
     fix_all_file_permissions
     fix_dir_permissions
     fix_file_permissions
 );
 
-use constant HT_DEFAULT_DENY => <<'EOT';
-# nothing in this directory is retrievable unless overridden by an .htaccess
-# in a subdirectory
-deny from all
-EOT
-
-use constant HT_GRAPHS_DIR => <<'EOT';
-# Allow access to .png and .gif files.
-<FilesMatch (\.gif|\.png)$>
-  Allow from all
-</FilesMatch>
-
-# And no directory listings, either.
-Deny from all
-EOT
-
-use constant HT_WEBDOT_DIR => <<'EOT';
-# Restrict access to .dot files to the public webdot server at research.att.com
-# if research.att.com ever changes their IP, or if you use a different
-# webdot server, you'll need to edit this
-<FilesMatch \.dot$>
-  Allow from 192.20.225.0/24
-  Deny from all
-</FilesMatch>
-
-# Allow access to .png files created by a local copy of 'dot'
-<FilesMatch \.png\$>
-  Allow from all
-</FilesMatch>
-
-# And no directory listings, either.
-Deny from all
-EOT
-
-use constant HT_ASSETS_DIR => <<'EOT';
-# Allow access to .css and js files
-<FilesMatch \.(css|js)$>
-  Allow from all
-</FilesMatch>
-
-# And no directory listings, either.
-Deny from all
-EOT
-
 use constant INDEX_HTML => <<'EOT';
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
@@ -230,13 +185,13 @@ sub FILESYSTEM {
         'jobqueue-worker.pl' => { perms => OWNER_EXECUTE },
         'clean-bug-user-last-visit.pl' => { perms => WS_EXECUTE },
 
+        'bugzilla.pl'    => { perms => OWNER_EXECUTE },
         'Bugzilla.pm'    => { perms => CGI_READ },
         "$localconfig*"  => { perms => CGI_READ },
         'META.*'         => { perms => CGI_READ },
         'MYMETA.*'       => { perms => CGI_READ },
         'bugzilla.dtd'   => { perms => WS_SERVE },
         'mod_perl.pl'    => { perms => WS_SERVE },
-        '.htaccess'      => { perms => WS_SERVE },
         'cvs-update.log' => { perms => WS_SERVE },
         'scripts/sendunsentbugmail.pl' => { perms => WS_EXECUTE },
         'docs/bugzilla.ent'    => { perms => OWNER_WRITE },
@@ -438,54 +393,15 @@ sub FILESYSTEM {
         'index.html' => { perms => WS_SERVE, contents => INDEX_HTML }
     );
 
-    # Because checksetup controls the .htaccess creation separately
-    # by a localconfig variable, these go in a separate variable from
-    # %create_files.
-    #
-    # Note that these get WS_SERVE as their permission
-    # because they're *read* by the webserver, even though they're not
-    # actually, themselves, served.
-    my %htaccess = (
-        "$attachdir/.htaccess"       => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$libdir/Bugzilla/.htaccess" => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$extlib/.htaccess"          => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$templatedir/.htaccess"     => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        'contrib/.htaccess'          => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        'scripts/.htaccess'          => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        't/.htaccess'                => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        'xt/.htaccess'               => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        '.circleci/.htaccess'        => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$confdir/.htaccess"         => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$datadir/.htaccess"         => { perms    => WS_SERVE,
-                                          contents => HT_DEFAULT_DENY },
-        "$graphsdir/.htaccess"       => { perms => WS_SERVE,
-                                          contents => HT_GRAPHS_DIR },
-        "$webdotdir/.htaccess"       => { perms => WS_SERVE,
-                                          contents => HT_WEBDOT_DIR },
-        "$assetsdir/.htaccess"       => { perms => WS_SERVE,
-                                          contents => HT_ASSETS_DIR },
-    );
-
     Bugzilla::Hook::process('install_filesystem', {
         files            => \%files,
         create_dirs      => \%create_dirs,
         non_recurse_dirs => \%non_recurse_dirs,
         recurse_dirs     => \%recurse_dirs,
         create_files     => \%create_files,
-        htaccess         => \%htaccess,
     });
 
-    my %all_files = (%create_files, %htaccess, %index_html, %files);
+    my %all_files = (%create_files, %index_html, %files);
     my %all_dirs  = (%create_dirs, %non_recurse_dirs);
 
     return {
@@ -494,7 +410,6 @@ sub FILESYSTEM {
         all_dirs     => \%all_dirs,
 
         create_files => \%create_files,
-        htaccess     => \%htaccess,
         index_html   => \%index_html,
         all_files    => \%all_files,
     };
@@ -542,13 +457,6 @@ sub update_filesystem {
         _rename_file($oldparamsfile, "$datadir/$oldparamsfile");
     }
 
-    # Remove old assets htaccess file to force recreation with correct values.
-    if (-e "$assetsdir/.htaccess") {
-        if (read_file("$assetsdir/.htaccess") =~ /<FilesMatch \\\.css\$>/) {
-            unlink("$assetsdir/.htaccess");
-        }
-    }
-
     _create_files(%files);
     if ($params->{index_html}) {
         _create_files(%{$fs->{index_html}});
@@ -653,27 +561,6 @@ sub _convert_single_file_skins {
     }
 }
 
-sub create_htaccess {
-    _create_files(%{FILESYSTEM()->{htaccess}});
-
-    # Repair old .htaccess files
-
-    my $webdot_dir = bz_locations()->{'webdotdir'};
-    # The public webdot IP address changed.
-    my $webdot = new IO::File("$webdot_dir/.htaccess", 'r')
-        || die "$webdot_dir/.htaccess: $!";
-    my $webdot_data;
-    { local $/; $webdot_data = <$webdot>; }
-    $webdot->close;
-    if ($webdot_data =~ /192\.20\.225\.10/) {
-        print "Repairing $webdot_dir/.htaccess...\n";
-        $webdot_data =~ s/192\.20\.225\.10/192.20.225.0\/24/g;
-        $webdot = new IO::File("$webdot_dir/.htaccess", 'w') || die $!;
-        print $webdot $webdot_data;
-        $webdot->close;
-    }
-}
-
 sub _rename_file {
     my ($from, $to) = @_;
     print install_string('file_rename', { from => $from, to => $to }), "\n";
@@ -984,16 +871,6 @@ Params:      C<index_html> - Whether or not we should create
 
 Returns:     nothing
 
-=item C<create_htaccess()>
-
-Description: Creates all of the .htaccess files for Apache,
-             in the various Bugzilla directories. Also updates
-             the .htaccess files if they need updating.
-
-Params:      none
-
-Returns:     nothing
-
 =item C<fix_all_file_permissions($output)>
 
 Description: Sets all the file permissions on all of Bugzilla's files
diff --git a/Bugzilla/ModPerl.pm b/Bugzilla/ModPerl.pm
deleted file mode 100644
index 19cd1128f..000000000
--- a/Bugzilla/ModPerl.pm
+++ /dev/null
@@ -1,118 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-package Bugzilla::ModPerl;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use File::Find ();
-use Cwd ();
-use Carp ();
-
-# We don't need (or want) to use Bugzilla's template subclass.
-# it is easier to reason with the code without all the extra things Bugzilla::Template adds
-# (and there might be side-effects, since this code is loaded very early in the httpd startup)
-use Template ();
-
-use Bugzilla::ModPerl::BlockIP;
-use Bugzilla::ModPerl::Hostage;
-
-sub apache_config {
-    my ($class, $cgi_path) = @_;
-
-    Carp::croak "\$cgi_path is required" unless $cgi_path;
-
-    my %htaccess;
-    $cgi_path = Cwd::realpath($cgi_path);
-    my $wanted = sub {
-        package File::Find;
-        our ($name, $dir);
-
-        if ($name =~ m#/\.htaccess$#) {
-            open my $fh, '<', $name or die "cannot open $name $!";
-            my $contents = do {
-                local $/ = undef;
-                <$fh>;
-            };
-            close $fh;
-            $htaccess{$dir} = { file => $name, contents => $contents, dir => $dir };
-        }
-    };
-
-    File::Find::find( { wanted => $wanted, no_chdir => 1 }, $cgi_path );
-    my $template = Template->new;
-    my $conf;
-    my %vars = (
-        root_htaccess  => delete $htaccess{$cgi_path},
-        htaccess_files => [ map { $htaccess{$_} } sort { length $a <=> length $b } keys %htaccess ],
-        cgi_path       => $cgi_path,
-    );
-    $template->process(\*DATA, \%vars, \$conf);
-    my $apache_version = Apache2::ServerUtil::get_server_version();
-    if ($apache_version =~ m!Apache/(\d+)\.(\d+)\.(\d+)!) {
-        my ($major, $minor, $patch) = ($1, $2, $3);
-        if ($major > 2 || $major == 2 && $minor >= 4) {
-            $conf =~ s{^\s+deny\s+from\s+all.*$}{Require all denied}gmi;
-            $conf =~ s{^\s+allow\s+from\s+all.*$}{Require all granted}gmi;
-            $conf =~ s{^\s+allow\s+from\s+(\S+).*$}{Require host $1}gmi;
-        }
-    }
-
-    return $conf;
-}
-
-1;
-
-__DATA__
-# Make sure each httpd child receives a different random seed (bug 476622).
-# Bugzilla::RNG has one srand that needs to be called for
-# every process, and Perl has another. (Various Perl modules still use
-# the built-in rand(), even though we never use it in Bugzilla itself,
-# so we need to srand() both of them.)
-PerlChildInitHandler "sub { Bugzilla::RNG::srand(); srand(); eval { Bugzilla->dbh->ping } }"
-PerlInitHandler Bugzilla::ModPerl::Hostage
-PerlAccessHandler Bugzilla::ModPerl::BlockIP
-
-# It is important to specify ErrorDocuments outside of all directories.
-# These used to be in .htaccess, but then things like "AllowEncodedSlashes no"
-# mean that urls containing %2f are unstyled.
-ErrorDocument 401 /errors/401.html
-ErrorDocument 403 /errors/403.html
-ErrorDocument 404 /errors/404.html
-ErrorDocument 500 /errors/500.html
-
-<Directory "[% cgi_path %]">
-    AddHandler perl-script .cgi
-    # No need to PerlModule these because they're already defined in mod_perl.pl
-    PerlResponseHandler Bugzilla::ModPerl::ResponseHandler
-    PerlCleanupHandler Bugzilla::ModPerl::CleanupHandler Apache2::SizeLimit
-    PerlOptions +ParseHeaders
-    Options +ExecCGI +FollowSymLinks
-    DirectoryIndex index.cgi index.html
-    AllowOverride none
-    # from [% root_htaccess.file %]
-    [% root_htaccess.contents FILTER indent %]
-</Directory>
-
-# AWS SES endpoint for handling mail bounces/complaints
-<Location "/ses">
-    PerlSetEnv AUTH_VAR_NAME ses_username
-    PerlSetEnv AUTH_VAR_PASS ses_password
-    PerlAuthenHandler Bugzilla::ModPerl::BasicAuth
-    AuthName SES
-    AuthType Basic
-    require valid-user
-</Location>
-
-# directory rules for all the other places we have .htaccess files
-[% FOREACH htaccess IN htaccess_files %]
-# from [% htaccess.file %]
-<Directory "[% htaccess.dir %]">
-    [% htaccess.contents FILTER indent %]
-</Directory>
-[% END %]
diff --git a/Bugzilla/ModPerl/BasicAuth.pm b/Bugzilla/ModPerl/BasicAuth.pm
deleted file mode 100644
index 7248a19f3..000000000
--- a/Bugzilla/ModPerl/BasicAuth.pm
+++ /dev/null
@@ -1,65 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-package Bugzilla::ModPerl::BasicAuth;
-use 5.10.1;
-use strict;
-use warnings;
-
-# Protects a mod_perl <Location> with Basic HTTP authentication.
-#
-# Example use:
-#
-# <Location "/ses">
-#   PerlAuthenHandler Bugzilla::ModPerl::BasicAuth
-#   PerlSetEnv AUTH_VAR_NAME ses_username
-#   PerlSetEnv AUTH_VAR_PASS ses_password
-#   AuthName SES
-#   AuthType Basic
-#   require valid-user
-# </Location>
-#
-# AUTH_VAR_NAME and AUTH_VAR_PASS are the names of variables defined in
-# `localconfig` which hold the authentication credentials.
-
-use Apache2::Const -compile => qw(OK HTTP_UNAUTHORIZED); ## no critic (Freenode::ModPerl)
-use Bugzilla::Logging;
-use Bugzilla ();
-
-sub handler {
-    my $r = shift;
-    my ($status, $password) = $r->get_basic_auth_pw;
-    if ($status != Apache2::Const::OK) {
-        WARN("Got non-OK status: $status when trying to get password");
-        return $status
-    }
-
-    my $auth_var_name = $ENV{AUTH_VAR_NAME};
-    my $auth_var_pass = $ENV{AUTH_VAR_PASS};
-    unless ($auth_var_name && $auth_var_pass) {
-        ERROR('AUTH_VAR_NAME and AUTH_VAR_PASS environmental vars not set');
-        $r->note_basic_auth_failure;
-        return Apache2::Const::HTTP_UNAUTHORIZED;
-    }
-
-    my $auth_user = Bugzilla->localconfig->{$auth_var_name};
-    my $auth_pass = Bugzilla->localconfig->{$auth_var_pass};
-    unless ($auth_user && $auth_pass) {
-        ERROR("$auth_var_name and $auth_var_pass not configured");
-        $r->note_basic_auth_failure;
-        return Apache2::Const::HTTP_UNAUTHORIZED;
-    }
-
-    unless ($r->user eq $auth_user && $password eq $auth_pass) {
-        $r->note_basic_auth_failure;
-        WARN('username and password do not match');
-        return Apache2::Const::HTTP_UNAUTHORIZED;
-    }
-
-    return Apache2::Const::OK;
-}
-
-1;
diff --git a/Bugzilla/ModPerl/BlockIP.pm b/Bugzilla/ModPerl/BlockIP.pm
deleted file mode 100644
index 4e9a4be5c..000000000
--- a/Bugzilla/ModPerl/BlockIP.pm
+++ /dev/null
@@ -1,65 +0,0 @@
-package Bugzilla::ModPerl::BlockIP;
-use 5.10.1;
-use strict;
-use warnings;
-
-use Apache2::RequestRec ();
-use Apache2::Connection ();
-
-use Apache2::Const -compile => qw(OK);
-use Cache::Memcached::Fast;
-
-use constant BLOCK_TIMEOUT => 60*60;
-
-my $MEMCACHED = Bugzilla::Memcached->_new()->{memcached};
-my $STATIC_URI = qr{
-    ^/
-     (?: extensions/[^/]+/web
-       | robots\.txt
-       | __heartbeat__
-       | __lbheartbeat__
-       | __version__
-       | images
-       | skins
-       | js
-       | errors
-     )
-}xms;
-
-sub block_ip {
-    my ($class, $ip) = @_;
-    $MEMCACHED->set("block_ip:$ip" => 1, BLOCK_TIMEOUT) if $MEMCACHED;
-}
-
-sub unblock_ip {
-    my ($class, $ip) = @_;
-    $MEMCACHED->delete("block_ip:$ip") if $MEMCACHED;
-}
-
-sub handler {
-    my $r = shift;
-    return Apache2::Const::OK if $r->uri =~ $STATIC_URI;
-
-    my $ip = $r->headers_in->{'X-Forwarded-For'};
-    if ($ip) {
-        $ip = (split(/\s*,\s*/ms, $ip))[-1];
-    }
-    else {
-        $ip = $r->connection->remote_ip;
-    }
-
-    if ($MEMCACHED && $MEMCACHED->get("block_ip:$ip")) {
-        __PACKAGE__->block_ip($ip);
-        $r->status_line("429 Too Many Requests");
-        # 500 is used here because apache 2.2 doesn't understand 429.
-        # the above line and the return value together mean we produce 429.
-        # Any other variation doesn't work.
-        $r->custom_response(500, "Too Many Requests");
-        return 429;
-    }
-    else {
-        return Apache2::Const::OK;
-    }
-}
-
-1;
diff --git a/Bugzilla/ModPerl/Hostage.pm b/Bugzilla/ModPerl/Hostage.pm
deleted file mode 100644
index a3bdfac58..000000000
--- a/Bugzilla/ModPerl/Hostage.pm
+++ /dev/null
@@ -1,71 +0,0 @@
-package Bugzilla::ModPerl::Hostage;
-use 5.10.1;
-use strict;
-use warnings;
-
-use Apache2::Const qw(:common); ## no critic (Freenode::ModPerl)
-
-sub _attachment_root {
-    my ($base) = @_;
-    return undef unless $base;
-    return $base =~ m{^https?://(?:bug)?\%bugid\%\.([a-zA-Z\.-]+)}
-        ? $1
-        : undef;
-}
-
-sub _attachment_host_regex {
-    my ($base) = @_;
-    return undef unless $base;
-    my $val   = $base;
-    $val =~ s{^https?://}{}s;
-    $val =~ s{/$}{}s;
-    my $regex = quotemeta $val;
-    $regex =~ s/\\\%bugid\\\%/\\d+/g;
-    return qr/^$regex$/s;
-}
-
-sub handler {
-    my $r = shift;
-    state $urlbase               = Bugzilla->localconfig->{urlbase};
-    state $urlbase_uri           = URI->new($urlbase);
-    state $urlbase_host          = $urlbase_uri->host;
-    state $urlbase_host_regex    = qr/^bug(\d+)\.\Q$urlbase_host\E$/;
-    state $attachment_base       = Bugzilla->localconfig->{attachment_base};
-    state $attachment_root       = _attachment_root($attachment_base);
-    state $attachment_host_regex = _attachment_host_regex($attachment_base);
-
-    my $hostname  = $r->hostname;
-    return OK if $hostname eq $urlbase_host;
-
-    my $path = $r->uri;
-    return OK if $path eq '/__lbheartbeat__';
-
-    if ($attachment_base && $hostname eq $attachment_root) {
-        $r->headers_out->set(Location => $urlbase);
-        return REDIRECT;
-    }
-    elsif ($attachment_base && $hostname =~ $attachment_host_regex) {
-        if ($path =~ m{^/attachment\.cgi}s) {
-            return OK;
-        } else {
-            my $new_uri = URI->new($r->unparsed_uri);
-            $new_uri->scheme($urlbase_uri->scheme);
-            $new_uri->host($urlbase_host);
-            $r->headers_out->set(Location => $new_uri);
-            return REDIRECT;
-        }
-    }
-    elsif (my ($id) = $hostname =~ $urlbase_host_regex) {
-        my $new_uri = $urlbase_uri->clone;
-        $new_uri->path('/show_bug.cgi');
-        $new_uri->query_form(id => $id);
-        $r->headers_out->set(Location => $new_uri);
-        return REDIRECT;
-    }
-    else {
-        $r->headers_out->set(Location => $urlbase);
-        return REDIRECT;
-    }
-}
-
-1;
\ No newline at end of file
diff --git a/Bugzilla/ModPerl/StartupFix.pm b/Bugzilla/ModPerl/StartupFix.pm
deleted file mode 100644
index bcc467e9f..000000000
--- a/Bugzilla/ModPerl/StartupFix.pm
+++ /dev/null
@@ -1,51 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-package Bugzilla::ModPerl::StartupFix;
-use 5.10.1;
-use strict;
-use warnings;
-
-use Filter::Util::Call;
-use Apache2::ServerUtil ();
-
-# This module is a source filter that removes every subsequent line
-# if this is the first time apache has started,
-# as reported by Apache2::ServerUtil::restart_count(), which is 1
-# on the first start.
-
-my $FIRST_STARTUP = <<'CODE';
-warn "Bugzilla::ModPerl::StartupFix: Skipping first startup using source filter\n";
-1;
-CODE
-
-sub import {
-    my ($class) = @_;
-    my ($ref)  = {};
-    filter_add( bless $ref, $class );
-}
-
-# this will be called for each line.
-# For the first line replaced, we insert $FIRST_STARTUP.
-# Every subsequent line is replaced with an empty string.
-sub filter {
-    my ($self) = @_;
-    my ($status);
-    if ($status = filter_read() > 0) {
-        if (Apache2::ServerUtil::restart_count() < 2) {
-            if (!$self->{did_it}) {
-                $self->{did_it} = 1;
-                $_ = $FIRST_STARTUP;
-            }
-            else {
-                $_ = "";
-            }
-        }
-    }
-    return $status;
-}
-
-1;
\ No newline at end of file
diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
new file mode 100644
index 000000000..e4c75726c
--- /dev/null
+++ b/Bugzilla/Quantum.pm
@@ -0,0 +1,214 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum;
+use Mojo::Base 'Mojolicious';
+
+use CGI::Compile; # Needed for its exit() overload
+use Bugzilla::Logging;
+use Bugzilla::Quantum::Template;
+use Bugzilla::Quantum::CGI;
+use Bugzilla::Quantum::SES;
+use Bugzilla::Quantum::Static;
+
+use Bugzilla ();
+use Bugzilla::Constants qw(bz_locations);
+use Bugzilla::BugMail ();
+use Bugzilla::CGI ();
+use Bugzilla::Extension ();
+use Bugzilla::Install::Requirements ();
+use Bugzilla::Util ();
+use Cwd qw(realpath);
+
+use MojoX::Log::Log4perl::Tiny;
+
+has 'static' => sub { Bugzilla::Quantum::Static->new };
+
+sub startup {
+    my ($self) = @_;
+
+    DEBUG("Starting up");
+    $self->plugin('Bugzilla::Quantum::Plugin::Glue');
+    $self->plugin('Bugzilla::Quantum::Plugin::Hostage');
+    $self->plugin('Bugzilla::Quantum::Plugin::BlockIP');
+    $self->plugin('Bugzilla::Quantum::Plugin::BasicAuth');
+
+    if ( $self->mode ne 'development' ) {
+        $self->hook(
+            after_static => sub {
+                my ($c) = @_;
+                $c->res->headers->cache_control('public, max-age=31536000');
+            }
+        );
+    }
+
+    my $r = $self->routes;
+    Bugzilla::Quantum::CGI->load_all($r);
+    Bugzilla::Quantum::CGI->load_one('bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi');
+
+    $r->any('/')->to('CGI#index_cgi');
+    $r->any('/rest')->to('CGI#rest_cgi');
+    $r->any('/rest.cgi/*PATH_INFP')->to('CGI#rest_cgi' => { PATH_INFO => '' });
+    $r->any('/rest/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' });
+    $r->any('/bug/:id')->to('CGI#show_bug_cgi');
+    $r->any('/extensions/BzAPI/bin/rest.cgi/*PATH_INFO')->to('CGI#bzapi_cgi');
+
+    $r->get(
+        '/__lbheartbeat__' => sub {
+            my $c = shift;
+            $c->reply->file( $c->app->home->child('__lbheartbeat__') );
+        },
+    );
+
+    $r->get('/__heartbeat__')->to( 'CGI#heartbeat_cgi');
+    $r->get('/robots.txt')->to( 'CGI#robots_cgi' );
+
+    $r->any('/review')->to( 'CGI#page_cgi' => {'id' => 'splinter.html'});
+    $r->any('/user_profile')->to( 'CGI#page_cgi' => {'id' => 'user_profile.html'});
+    $r->any('/userprofile')->to( 'CGI#page_cgi' => {'id' => 'user_profile.html'});
+    $r->any('/request_defer')->to( 'CGI#page_cgi' => {'id' => 'request_defer.html'});
+    $r->any('/login')->to( 'CGI#index_cgi' => { 'GoAheadAndLogIn' => '1' });
+
+    $r->any('/:new_bug' => [new_bug => qr{new[-_]bug}])->to( 'CGI#new_bug_cgi');
+
+    my $ses_auth = $r->under(
+        '/ses' => sub {
+            my ($c) = @_;
+            my $lc = Bugzilla->localconfig;
+
+            return $c->basic_auth( 'SES', $lc->{ses_username}, $lc->{ses_password} );
+        }
+    );
+    $ses_auth->any('/index.cgi')->to('SES#main');
+
+    $r->any('/:REWRITE_itrequest' => [REWRITE_itrequest => qr{form[\.:]itrequest}])->to(
+        'CGI#enter_bug_cgi' => { 'product' => 'Infrastructure & Operations', 'format' => 'itrequest' }
+    );
+    $r->any('/:REWRITE_mozlist' => [REWRITE_mozlist => qr{form[\.:]mozlist}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'mozlist'}
+    );
+    $r->any('/:REWRITE_poweredby' => [REWRITE_poweredby => qr{form[\.:]poweredby}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'poweredby'}
+    );
+    $r->any('/:REWRITE_presentation' => [REWRITE_presentation => qr{form[\.:]presentation}])->to(
+        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'presentation'}
+    );
+    $r->any('/:REWRITE_trademark' => [REWRITE_trademark => qr{form[\.:]trademark}])->to(
+        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'trademark'}
+    );
+    $r->any('/:REWRITE_recoverykey' => [REWRITE_recoverykey => qr{form[\.:]recoverykey}])->to(
+        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'recoverykey'}
+    );
+    $r->any('/:REWRITE_legal' => [REWRITE_legal => qr{form[\.:]legal}])->to(
+        'CGI#enter_bug_cgi' => { 'product' => 'Legal', 'format' => 'legal' },
+    );
+    $r->any('/:REWRITE_recruiting' => [REWRITE_recruiting => qr{form[\.:]recruiting}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Recruiting', 'format' => 'recruiting'}
+    );
+    $r->any('/:REWRITE_intern' => [REWRITE_intern => qr{form[\.:]intern}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Recruiting', 'format' => 'intern'}
+    );
+    $r->any('/:REWRITE_mozpr' => [REWRITE_mozpr => qr{form[\.:]mozpr}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Mozilla PR', 'format' => 'mozpr' },
+    );
+    $r->any('/:REWRITE_reps_mentorship' => [REWRITE_reps_mentorship => qr{form[\.:]reps[\.:]mentorship}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'mozreps' },
+    );
+    $r->any('/:REWRITE_reps_budget' => [REWRITE_reps_budget => qr{form[\.:]reps[\.:]budget}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-budget'}
+    );
+    $r->any('/:REWRITE_reps_swag' => [REWRITE_reps_swag => qr{form[\.:]reps[\.:]swag}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-swag'}
+    );
+    $r->any('/:REWRITE_reps_it' => [REWRITE_reps_it => qr{form[\.:]reps[\.:]it}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-it'}
+    );
+    $r->any('/:REWRITE_reps_payment' => [REWRITE_reps_payment => qr{form[\.:]reps[\.:]payment}])->to(
+        'CGI#page_cgi' => {'id' => 'remo-form-payment.html'}
+    );
+    $r->any('/:REWRITE_csa_discourse' => [REWRITE_csa_discourse => qr{form[\.:]csa[\.:]discourse}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Infrastructure & Operations', 'format' => 'csa-discourse'}
+    );
+    $r->any('/:REWRITE_employee_incident' => [REWRITE_employee_incident => qr{form[\.:]employee[\.\-:]incident}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'employee-incident'}
+    );
+    $r->any('/:REWRITE_brownbag' => [REWRITE_brownbag => qr{form[\.:]brownbag}])->to(
+        'CGI#https_air_mozilla_org_requests' => {}
+    );
+    $r->any('/:REWRITE_finance' => [REWRITE_finance => qr{form[\.:]finance}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Finance','format' => 'finance'}
+    );
+    $r->any('/:REWRITE_moz_project_review' => [REWRITE_moz_project_review => qr{form[\.:]moz[\.\-:]project[\.\-:]review}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org','format' => 'moz-project-review'}
+    );
+    $r->any('/:REWRITE_docs' => [REWRITE_docs => qr{form[\.:]docs?}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Developer Documentation','format' => 'doc'}
+    );
+    $r->any('/:REWRITE_mdn' => [REWRITE_mdn => qr{form[\.:]mdn?}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'mdn','product' => 'developer.mozilla.org'}
+    );
+    $r->any('/:REWRITE_swag_gear' => [REWRITE_swag_gear => qr{form[\.:](swag|gear)}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'swag','product' => 'Marketing'}
+    );
+    $r->any('/:REWRITE_costume' => [REWRITE_costume => qr{form[\.:]costume}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Marketing','format' => 'costume'}
+    );
+    $r->any('/:REWRITE_ipp' => [REWRITE_ipp => qr{form[\.:]ipp}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Internet Public Policy','format' => 'ipp'}
+    );
+    $r->any('/:REWRITE_creative' => [REWRITE_creative => qr{form[\.:]creative}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'creative','product' => 'Marketing'}
+    );
+    $r->any('/:REWRITE_user_engagement' => [REWRITE_user_engagement => qr{form[\.:]user[\.\-:]engagement}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'user-engagement','product' => 'Marketing'}
+    );
+    $r->any('/:REWRITE_dev_engagement_event' => [REWRITE_dev_engagement_event => qr{form[\.:]dev[\.\-:]engagement[\.\-\:]event}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Developer Engagement','format' => 'dev-engagement-event'}
+    );
+    $r->any('/:REWRITE_mobile_compat' => [REWRITE_mobile_compat => qr{form[\.:]mobile[\.\-:]compat}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Tech Evangelism','format' => 'mobile-compat'}
+    );
+    $r->any('/:REWRITE_web_bounty' => [REWRITE_web_bounty => qr{form[\.:]web[\.:]bounty}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'web-bounty','product' => 'mozilla.org'}
+    );
+    $r->any('/:REWRITE_automative' => [REWRITE_automative => qr{form[\.:]automative}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Testing','format' => 'automative'}
+    );
+    $r->any('/:REWRITE_comm_newsletter' => [REWRITE_comm_newsletter => qr{form[\.:]comm[\.:]newsletter}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'comm-newsletter','product' => 'Marketing'}
+    );
+    $r->any('/:REWRITE_screen_share_whitelist' => [REWRITE_screen_share_whitelist => qr{form[\.:]screen[\.:]share[\.:]whitelist}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'screen-share-whitelist','product' => 'Firefox'}
+    );
+    $r->any('/:REWRITE_data_compliance' => [REWRITE_data_compliance => qr{form[\.:]data[\.\-:]compliance}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Data Compliance','format' => 'data-compliance'}
+    );
+    $r->any('/:REWRITE_fsa_budget' => [REWRITE_fsa_budget => qr{form[\.:]fsa[\.:]budget}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'FSA','format' => 'fsa-budget'}
+    );
+    $r->any('/:REWRITE_triage_request' => [REWRITE_triage_request => qr{form[\.:]triage[\.\-]request}])->to(
+        'CGI#page_cgi' => {'id' => 'triage_request.html'}
+    );
+    $r->any('/:REWRITE_crm_CRM' => [REWRITE_crm_CRM => qr{form[\.:](crm|CRM)}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'crm','product' => 'Marketing'}
+    );
+    $r->any('/:REWRITE_nda' => [REWRITE_nda => qr{form[\.:]nda}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Legal','format' => 'nda'}
+    );
+    $r->any('/:REWRITE_name_clearance' => [REWRITE_name_clearance => qr{form[\.:]name[\.:]clearance}])->to(
+        'CGI#enter_bug_cgi' => {'format' => 'name-clearance','product' => 'Legal'}
+    );
+    $r->any('/:REWRITE_shield_studies' => [REWRITE_shield_studies => qr{form[\.:]shield[\.:]studies}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Shield','format' => 'shield-studies'}
+    );
+    $r->any('/:REWRITE_client_bounty' => [REWRITE_client_bounty => qr{form[\.:]client[\.:]bounty}])->to(
+        'CGI#enter_bug_cgi' => {'product' => 'Firefox','format' => 'client-bounty'}
+    );
+
+}
+
+1;
diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
new file mode 100644
index 000000000..85f14cf83
--- /dev/null
+++ b/Bugzilla/Quantum/CGI.pm
@@ -0,0 +1,162 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum::CGI;
+use Mojo::Base 'Mojolicious::Controller';
+
+use CGI::Compile;
+use Bugzilla::Constants qw(bz_locations);
+use Bugzilla::Quantum::Stdout;
+use File::Slurper qw(read_text);
+use File::Spec::Functions qw(catfile);
+use Sub::Name;
+use Sub::Quote 2.005000;
+use Try::Tiny;
+use Taint::Util qw(untaint);
+use Socket qw(AF_INET inet_aton);
+use Sys::Hostname;
+use English qw(-no_match_vars);
+
+our $C;
+my %SEEN;
+
+sub load_all {
+    my ($class, $r) = @_;
+
+    foreach my $file (glob '*.cgi') {
+        my $name   = _file_to_method($file);
+        $class->load_one($name, $file);
+        $r->any("/$file")->to("CGI#$name");
+    }
+}
+
+sub load_one {
+    my ($class, $name, $file) = @_;
+    my $package    = __PACKAGE__ . "::$name",
+    my $inner_name = "_$name";
+    my $content    = read_text( catfile( bz_locations->{cgi_path}, $file ) );
+    $content = "package $package; $content";
+    untaint($content);
+    my %options = (
+        package => $package,
+        file    => $file,
+        line    => 1,
+        no_defer => 1,
+    );
+    die "Tried to load $file more than once" if $SEEN{$file}++;
+    my $inner = quote_sub $inner_name, $content, {}, \%options;
+    my $wrapper = sub {
+        my ($c) = @_;
+        my $stdin  = $c->_STDIN;
+        my $stdout = '';
+        local $C = $c;
+        local %ENV = $c->_ENV($file);
+        local *STDIN;  ## no critic (local)
+        local $CGI::Compile::USE_REAL_EXIT = 0;
+        local $PROGRAM_NAME = $file;
+        open STDIN, '<', $stdin->path or die "STDIN @{[$stdin->path]}: $!" if -s $stdin->path;
+        tie *STDOUT, 'Bugzilla::Quantum::Stdout', controller => $c; ## no critic (tie)
+        try {
+            Bugzilla->init_page();
+            $inner->();
+        }
+        catch {
+            die $_ unless ref $_ eq 'ARRAY' && $_->[0] eq "EXIT\n";
+        }
+        finally {
+            untie *STDOUT;
+            $c->finish;
+            Bugzilla->_cleanup;    ## no critic (private)
+            CGI::initialize_globals();
+        };
+    };
+
+    no strict 'refs'; ## no critic (strict)
+    *{$name} = subname($name, $wrapper);
+    return 1;
+}
+
+sub _ENV {
+    my ($c, $script_name) = @_;
+    my $tx      = $c->tx;
+    my $req     = $tx->req;
+    my $headers = $req->headers;
+    my $content_length = $req->content->is_multipart ? $req->body_size : $headers->content_length;
+    my %env_headers = ( HTTP_COOKIE => '', HTTP_REFERER => '' );
+
+    for my $name ( @{ $headers->names } ) {
+        my $key = uc "http_$name";
+        $key =~ s!\W!_!g;
+        $env_headers{$key} = $headers->header($name);
+    }
+
+    my $remote_user;
+    if ( my $userinfo = $c->req->url->to_abs->userinfo ) {
+        $remote_user = $userinfo =~ /([^:]+)/ ? $1 : '';
+    }
+    elsif ( my $authenticate = $headers->authorization ) {
+        $remote_user = $authenticate =~ /Basic\s+(.*)/ ? b64_decode $1 : '';
+        $remote_user = $remote_user =~ /([^:]+)/       ? $1            : '';
+    }
+    my $path_info = $c->param('PATH_INFO');
+    my %captures = %{ $c->stash->{'mojo.captures'} // {} };
+    foreach my $key (keys %captures) {
+        if ($key eq 'controller' || $key eq 'action' || $key eq 'PATH_INFO' || $key =~ /^REWRITE_/) {
+            delete $captures{$key};
+        }
+    }
+    my $cgi_query = Mojo::Parameters->new(%captures);
+    $cgi_query->append($req->url->query);
+    my $prefix = $c->stash->{bmo_prefix} ? '/bmo/' : '/';
+
+    return (
+        %ENV,
+        CONTENT_LENGTH => $content_length        || 0,
+        CONTENT_TYPE   => $headers->content_type || '',
+        GATEWAY_INTERFACE => 'CGI/1.1',
+        HTTPS             => $req->is_secure ? 'YES' : 'NO',
+        %env_headers,
+        QUERY_STRING => $cgi_query->to_string,
+        PATH_INFO   => $path_info ? "/$path_info" : '',
+        REMOTE_ADDR => $tx->original_remote_address,
+        REMOTE_HOST => $tx->original_remote_address,
+        REMOTE_PORT => $tx->remote_port,
+        REMOTE_USER => $remote_user || '',
+        REQUEST_METHOD  => $req->method,
+        SCRIPT_NAME     => "$prefix$script_name",
+        SERVER_NAME     => hostname,
+        SERVER_PORT     => $tx->local_port,
+        SERVER_PROTOCOL => $req->is_secure ? 'HTTPS' : 'HTTP', # TODO: Version is missing
+        SERVER_SOFTWARE => __PACKAGE__,
+    );
+}
+
+sub _STDIN {
+    my $c = shift;
+    my $stdin;
+
+    if ( $c->req->content->is_multipart ) {
+        $stdin = Mojo::Asset::File->new;
+        $stdin->add_chunk( $c->req->build_body );
+    }
+    else {
+        $stdin = $c->req->content->asset;
+    }
+
+    return $stdin if $stdin->isa('Mojo::Asset::File');
+    return Mojo::Asset::File->new->add_chunk( $stdin->slurp );
+}
+
+sub _file_to_method {
+    my ($name) = @_;
+    $name =~ s/\./_/s;
+    $name =~ s/\W+/_/gs;
+    return $name;
+}
+
+
+1;
diff --git a/Bugzilla/Quantum/Plugin/BasicAuth.pm b/Bugzilla/Quantum/Plugin/BasicAuth.pm
new file mode 100644
index 000000000..bc79c89ef
--- /dev/null
+++ b/Bugzilla/Quantum/Plugin/BasicAuth.pm
@@ -0,0 +1,40 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+package Bugzilla::Quantum::Plugin::BasicAuth;
+use 5.10.1;
+use Mojo::Base qw(Mojolicious::Plugin);
+
+use Bugzilla::Logging;
+use Carp;
+
+sub register {
+    my ( $self, $app, $conf ) = @_;
+
+    $app->renderer->add_helper(
+        basic_auth => sub {
+            my ($c, $realm, $auth_user, $auth_pass) = @_;
+            my $req = $c->req;
+            my ($user, $password) = $req->url->to_abs->userinfo =~ /^([^:]+):(.*)/;
+
+            unless ($realm && $auth_user && $auth_pass) {
+                croak 'basic_auth() called with missing parameters.';
+            }
+
+            unless ($user eq $auth_user && $password eq $auth_pass) {
+                WARN('username and password do not match');
+                $c->res->headers->www_authenticate("Basic realm=\"$realm\"");
+                $c->res->code(401);
+                $c->rendered;
+                return 0;
+            }
+
+            return 1;
+        }
+    );
+}
+
+1;
diff --git a/Bugzilla/Quantum/Plugin/BlockIP.pm b/Bugzilla/Quantum/Plugin/BlockIP.pm
new file mode 100644
index 000000000..fbfffad66
--- /dev/null
+++ b/Bugzilla/Quantum/Plugin/BlockIP.pm
@@ -0,0 +1,43 @@
+package Bugzilla::Quantum::Plugin::BlockIP;
+use 5.10.1;
+use Mojo::Base 'Mojolicious::Plugin';
+
+use Bugzilla::Memcached;
+
+use constant BLOCK_TIMEOUT => 60*60;
+
+my $MEMCACHED = Bugzilla::Memcached->_new()->{memcached};
+
+sub register {
+    my ( $self, $app, $conf ) = @_;
+
+    $app->hook(before_routes => \&_before_routes);
+    $app->helper(block_ip    => \&_block_ip);
+    $app->helper(unblock_ip  => \&_unblock_ip);
+}
+
+sub _block_ip {
+    my ($class, $ip) = @_;
+    $MEMCACHED->set("block_ip:$ip" => 1, BLOCK_TIMEOUT) if $MEMCACHED;
+}
+
+sub _unblock_ip {
+    my ($class, $ip) = @_;
+    $MEMCACHED->delete("block_ip:$ip") if $MEMCACHED;
+}
+
+sub _before_routes {
+    my ( $c ) = @_;
+    return if $c->stash->{'mojo.static'};
+
+    my $ip = $c->tx->remote_address;
+    if ($MEMCACHED && $MEMCACHED->get("block_ip:$ip")) {
+        $c->block_ip($ip);
+        $c->res->code(429);
+        $c->res->message("Too Many Requests");
+        $c->res->body("Too Many Requests");
+        $c->finish;
+    }
+}
+
+1;
diff --git a/Bugzilla/Quantum/Plugin/Glue.pm b/Bugzilla/Quantum/Plugin/Glue.pm
new file mode 100644
index 000000000..4261d6729
--- /dev/null
+++ b/Bugzilla/Quantum/Plugin/Glue.pm
@@ -0,0 +1,114 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum::Plugin::Glue;
+use 5.10.1;
+use Mojo::Base 'Mojolicious::Plugin';
+
+use Try::Tiny;
+use Bugzilla::Constants;
+use Bugzilla::Quantum::Template;
+use Bugzilla::Logging;
+use Bugzilla::RNG ();
+use JSON::MaybeXS qw(decode_json);
+
+sub register {
+    my ( $self, $app, $conf ) = @_;
+
+    my %D;
+    if ($ENV{BUGZILLA_HTTPD_ARGS}) {
+        my $args = decode_json($ENV{BUGZILLA_HTTPD_ARGS});
+        foreach my $arg (@$args) {
+            if ($arg =~ /^-D(\w+)$/) {
+                $D{$1} = 1;
+            }
+            else {
+                die "Unknown httpd arg: $arg";
+            }
+        }
+    }
+
+    # hypnotoad is weird and doesn't look for MOJO_LISTEN itself.
+    $app->config(
+        hypnotoad => {
+            listen => [ $ENV{MOJO_LISTEN} ],
+        },
+    );
+
+    # Make sure each httpd child receives a different random seed (bug 476622).
+    # Bugzilla::RNG has one srand that needs to be called for
+    # every process, and Perl has another. (Various Perl modules still use
+    # the built-in rand(), even though we never use it in Bugzilla itself,
+    # so we need to srand() both of them.)
+    # Also, ping the dbh to force a reconnection.
+    Mojo::IOLoop->next_tick(
+        sub {
+            Bugzilla::RNG::srand();
+            srand();
+            eval { Bugzilla->dbh->ping };
+        }
+    );
+
+    $app->hook(
+        before_dispatch => sub {
+            my ($c) = @_;
+            if ($D{HTTPD_IN_SUBDIR}) {
+                my $path = $c->req->url->path;
+                if ($path =~ s{^/bmo}{}s) {
+                    $c->stash->{bmo_prefix} = 1;
+                    $c->req->url->path($path);
+                }
+            }
+            Log::Log4perl::MDC->put(request_id => $c->req->request_id);
+        }
+    );
+
+    Bugzilla::Extension->load_all();
+    if ($app->mode ne 'development') {
+        Bugzilla->preload_features();
+        DEBUG("preloading templates");
+        Bugzilla->preload_templates();
+        DEBUG("done preloading templates");
+    }
+    $app->secrets([Bugzilla->localconfig->{side_wide_secret}]);
+
+    $app->renderer->add_handler(
+        'bugzilla' => sub {
+            my ( $renderer, $c, $output, $options ) = @_;
+            my $vars = delete $c->stash->{vars};
+
+            # Helpers
+            my %helper;
+            foreach my $method ( grep {m/^\w+\z/} keys %{ $renderer->helpers } ) {
+                my $sub = $renderer->helpers->{$method};
+                $helper{$method} = sub { $c->$sub(@_) };
+            }
+            $vars->{helper} = \%helper;
+
+            # The controller
+            $vars->{c} = $c;
+            my $name = $options->{template};
+            unless ($name =~ /\./) {
+                $name = sprintf '%s.%s.tmpl', $options->{template}, $options->{format};
+            }
+            my $template = Bugzilla->template;
+            $template->process( $name, $vars, $output )
+                or die $template->error;
+        }
+    );
+
+    $app->log(
+        MojoX::Log::Log4perl::Tiny->new(
+            logger => Log::Log4perl->get_logger(ref $app)
+        )
+    );
+}
+
+
+
+
+1;
diff --git a/Bugzilla/Quantum/Plugin/Hostage.pm b/Bugzilla/Quantum/Plugin/Hostage.pm
new file mode 100644
index 000000000..42a05a910
--- /dev/null
+++ b/Bugzilla/Quantum/Plugin/Hostage.pm
@@ -0,0 +1,80 @@
+package Bugzilla::Quantum::Plugin::Hostage;
+use 5.10.1;
+use Mojo::Base 'Mojolicious::Plugin';
+
+sub _attachment_root {
+    my ($base) = @_;
+    return undef unless $base;
+    return $base =~ m{^https?://(?:bug)?\%bugid\%\.([a-zA-Z\.-]+)}
+        ? $1
+        : undef;
+}
+
+sub _attachment_host_regex {
+    my ($base) = @_;
+    return undef unless $base;
+    my $val   = $base;
+    $val =~ s{^https?://}{}s;
+    $val =~ s{/$}{}s;
+    my $regex = quotemeta $val;
+    $regex =~ s/\\\%bugid\\\%/\\d+/g;
+    return qr/^$regex$/s;
+}
+
+sub register {
+    my ( $self, $app, $conf ) = @_;
+
+    $app->hook(before_routes => \&_before_routes);
+}
+
+sub _before_routes {
+    my ( $c ) = @_;
+    state $urlbase               = Bugzilla->localconfig->{urlbase};
+    state $urlbase_uri           = URI->new($urlbase);
+    state $urlbase_host          = $urlbase_uri->host;
+    state $urlbase_host_regex    = qr/^bug(\d+)\.\Q$urlbase_host\E$/;
+    state $attachment_base       = Bugzilla->localconfig->{attachment_base};
+    state $attachment_root       = _attachment_root($attachment_base);
+    state $attachment_host_regex = _attachment_host_regex($attachment_base);
+
+    my $stash = $c->stash;
+    my $req   = $c->req;
+    my $url   = $req->url->to_abs;
+
+    return if $stash->{'mojo.static'};
+
+    my $hostname  = $url->host;
+    return if $hostname eq $urlbase_host;
+
+    my $path = $url->path;
+    return if $path eq '/__lbheartbeat__';
+
+    if ($attachment_base && $hostname eq $attachment_root) {
+        $c->redirect_to($urlbase);
+        return;
+    }
+    elsif ($attachment_base && $hostname =~ $attachment_host_regex) {
+        if ($path =~ m{^/attachment\.cgi}s) {
+            return;
+        } else {
+            my $new_uri = $url->clone;
+            $new_uri->scheme($urlbase_uri->scheme);
+            $new_uri->host($urlbase_host);
+            $c->redirect_to($new_uri);
+            return;
+        }
+    }
+    elsif (my ($id) = $hostname =~ $urlbase_host_regex) {
+        my $new_uri = $urlbase_uri->clone;
+        $new_uri->path('/show_bug.cgi');
+        $new_uri->query_form(id => $id);
+        $c->redirect_to($new_uri);
+        return;
+    }
+    else {
+        $c->redirect_to($urlbase);
+        return;
+    }
+}
+
+1;
\ No newline at end of file
diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
new file mode 100644
index 000000000..47c591fb5
--- /dev/null
+++ b/Bugzilla/Quantum/SES.pm
@@ -0,0 +1,203 @@
+package Bugzilla::Quantum::SES;
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use 5.10.1;
+use Mojo::Base qw( Mojolicious::Controller );
+
+use Bugzilla::Constants qw(ERROR_MODE_DIE);
+use Bugzilla::Logging;
+use Bugzilla::Mailer qw(MessageToMTA);
+use Bugzilla::User ();
+use Bugzilla::Util qw(html_quote remote_ip);
+use JSON::MaybeXS qw(decode_json);
+use LWP::UserAgent ();
+use Try::Tiny qw(catch try);
+
+sub main {
+    my ($self) = @_;
+    Bugzilla->error_mode(ERROR_MODE_DIE);
+    my $message = $self->_decode_json_wrapper( $self->req->body ) // return;
+    my $message_type = $self->req->headers->header('X-Amz-SNS-Message-Type') // '(missing)';
+
+    if ( $message_type eq 'SubscriptionConfirmation' ) {
+        $self->_confirm_subscription($message);
+    }
+
+    elsif ( $message_type eq 'Notification' ) {
+        my $notification = $self->_decode_json_wrapper( $message->{Message} ) // return;
+        unless (
+            # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/event-publishing-retrieving-sns-contents.html
+            $self->_handle_notification( $notification, 'eventType' )
+
+            # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/notification-contents.html
+            || $self->_handle_notification( $notification, 'notificationType' )
+            )
+        {
+            WARN('Failed to find notification type');
+            $self->_respond( 400 => 'Bad Request' );
+        }
+    }
+
+    else {
+        WARN("Unsupported message-type: $message_type");
+        $self->_respond( 200 => 'OK' );
+    }
+}
+
+sub _confirm_subscription {
+    my ($self, $message) = @_;
+
+    my $subscribe_url = $message->{SubscribeURL};
+    if ( !$subscribe_url ) {
+        WARN('Bad SubscriptionConfirmation request: missing SubscribeURL');
+        $self->_respond( 400 => 'Bad Request' );
+        return;
+    }
+
+    my $ua  = ua();
+    my $res = $ua->get( $message->{SubscribeURL} );
+    if ( !$res->is_success ) {
+        WARN( 'Bad response from SubscribeURL: ' . $res->status_line );
+        $self->_respond( 400 => 'Bad Request' );
+        return;
+    }
+
+    $self->_respond( 200 => 'OK' );
+}
+
+sub _handle_notification {
+    my ( $self, $notification, $type_field ) = @_;
+
+    if ( !exists $notification->{$type_field} ) {
+        return 0;
+    }
+    my $type = $notification->{$type_field};
+
+    if ( $type eq 'Bounce' ) {
+        $self->_process_bounce($notification);
+    }
+    elsif ( $type eq 'Complaint' ) {
+        $self->_process_complaint($notification);
+    }
+    else {
+        WARN("Unsupported notification-type: $type");
+        $self->_respond( 200 => 'OK' );
+    }
+    return 1;
+}
+
+sub _process_bounce {
+    my ($self, $notification) = @_;
+
+    # disable each account that is bouncing
+    foreach my $recipient ( @{ $notification->{bounce}->{bouncedRecipients} } ) {
+        my $address = $recipient->{emailAddress};
+        my $reason = sprintf '(%s) %s', $recipient->{action} // 'error', $recipient->{diagnosticCode} // 'unknown';
+
+        my $user = Bugzilla::User->new( { name => $address, cache => 1 } );
+        if ($user) {
+
+            # never auto-disable admin accounts
+            if ( $user->in_group('admin') ) {
+                Bugzilla->audit("ignoring bounce for admin <$address>: $reason");
+            }
+
+            else {
+                my $template = Bugzilla->template_inner();
+                my $vars     = {
+                    mta => $notification->{bounce}->{reportingMTA} // 'unknown',
+                    reason => $reason,
+                };
+                my $disable_text;
+                $template->process( 'admin/users/bounce-disabled.txt.tmpl', $vars, \$disable_text )
+                    || die $template->error();
+
+                $user->set_disabledtext($disable_text);
+                $user->set_disable_mail(1);
+                $user->update();
+                Bugzilla->audit( "bounce for <$address> disabled userid-" . $user->id . ": $reason" );
+            }
+        }
+
+        else {
+            Bugzilla->audit("bounce for <$address> has no user: $reason");
+        }
+    }
+
+    $self->_respond( 200 => 'OK' );
+}
+
+sub _process_complaint {
+    my ($self) = @_;
+
+    # email notification to bugzilla admin
+    my ($notification) = @_;
+    my $template       = Bugzilla->template_inner();
+    my $json           = JSON::MaybeXS->new(
+        pretty    => 1,
+        utf8      => 1,
+        canonical => 1,
+    );
+
+    foreach my $recipient ( @{ $notification->{complaint}->{complainedRecipients} } ) {
+        my $reason = $notification->{complaint}->{complaintFeedbackType} // 'unknown';
+        my $address = $recipient->{emailAddress};
+        Bugzilla->audit("complaint for <$address> for '$reason'");
+        my $vars = {
+            email        => $address,
+            user         => Bugzilla::User->new( { name => $address, cache => 1 } ),
+            reason       => $reason,
+            notification => $json->encode($notification),
+        };
+        my $message;
+        $template->process( 'email/ses-complaint.txt.tmpl', $vars, \$message )
+            || die $template->error();
+        MessageToMTA($message);
+    }
+
+    $self->_respond( 200 => 'OK' );
+}
+
+sub _respond {
+    my ( $self, $code, $message ) = @_;
+    $self->render(text => "$message\n", status => $code);
+}
+
+sub _decode_json_wrapper {
+    my ($self, $json) = @_;
+    my $result;
+    if ( !defined $json ) {
+        WARN( 'Missing JSON from ' . $self->tx->remote_address );
+        $self->_respond( 400 => 'Bad Request' );
+        return undef;
+    }
+    my $ok = try {
+        $result = decode_json($json);
+    }
+    catch {
+        WARN( 'Malformed JSON from ' . $self->tx->remote_address );
+        $self->_respond( 400 => 'Bad Request' );
+        return undef;
+    };
+    return $ok ? $result : undef;
+}
+
+sub ua {
+    my $ua = LWP::UserAgent->new();
+    $ua->timeout(10);
+    $ua->protocols_allowed( [ 'http', 'https' ] );
+    if ( my $proxy_url = Bugzilla->params->{'proxy_url'} ) {
+        $ua->proxy( [ 'http', 'https' ], $proxy_url );
+    }
+    else {
+        $ua->env_proxy;
+    }
+    return $ua;
+}
+
+1;
\ No newline at end of file
diff --git a/Bugzilla/Quantum/Static.pm b/Bugzilla/Quantum/Static.pm
new file mode 100644
index 000000000..2bb54990e
--- /dev/null
+++ b/Bugzilla/Quantum/Static.pm
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum::Static;
+use Mojo::Base 'Mojolicious::Static';
+use Bugzilla::Constants qw(bz_locations);
+
+my $LEGACY_RE = qr{
+    ^ (?:static/v[0-9]+\.[0-9]+/) ?
+    ( (?:extensions/[^/]+/web|(?:image|skin|j)s)/.+)
+    $
+}xs;
+
+sub file {
+    my ($self, $rel) = @_;
+
+    if (my ($legacy_rel) = $rel =~ $LEGACY_RE) {
+        local $self->{paths} = [ bz_locations->{cgi_path} ];
+        return $self->SUPER::file($legacy_rel);
+    }
+    else {
+        return $self->SUPER::file($rel);
+    }
+}
+
+1;
diff --git a/Bugzilla/Quantum/Stdout.pm b/Bugzilla/Quantum/Stdout.pm
new file mode 100644
index 000000000..2cdba9160
--- /dev/null
+++ b/Bugzilla/Quantum/Stdout.pm
@@ -0,0 +1,59 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum::Stdout;
+use 5.10.1;
+use Moo;
+
+use Bugzilla::Logging;
+use Encode;
+
+has 'controller' => (
+    is       => 'ro',
+    required => 1,
+);
+
+has '_encoding' => (
+    is      => 'rw',
+    default => '',
+);
+
+sub TIEHANDLE { ## no critic (unpack)
+    my $class = shift;
+
+    return $class->new(@_);
+}
+
+sub PRINTF { ## no critic (unpack)
+    my $self = shift;
+    $self->PRINT(sprintf @_);
+}
+
+sub PRINT { ## no critic (unpack)
+    my $self = shift;
+    my $c = $self->controller;
+    my $bytes = join '', @_;
+    return unless $bytes;
+    if ($self->_encoding) {
+        $bytes = encode($self->_encoding, $bytes);
+    }
+    $c->write($bytes);
+}
+
+sub BINMODE {
+    my ($self, $mode) = @_;
+    if ($mode) {
+        if ($mode eq ':bytes' or $mode eq ':raw') {
+            $self->_encoding('');
+        }
+        elsif ($mode eq ':utf8') {
+            $self->_encoding('utf8');
+        }
+    }
+}
+
+1;
diff --git a/Bugzilla/Quantum/Template.pm b/Bugzilla/Quantum/Template.pm
new file mode 100644
index 000000000..2442f1134
--- /dev/null
+++ b/Bugzilla/Quantum/Template.pm
@@ -0,0 +1,39 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::Quantum::Template;
+use 5.10.1;
+use Moo;
+
+has 'controller' => (
+    is       => 'ro',
+    required => 1,
+);
+
+has 'template' => (
+    is       => 'ro',
+    required => 1,
+    handles  => ['error', 'get_format'],
+);
+
+sub process {
+    my ($self, $file, $vars, $output) = @_;
+
+    if (@_ < 4) {
+        $self->controller->stash->{vars} = $vars;
+        $self->controller->render(template => $file, handler => 'bugzilla');
+        return 1;
+    }
+    elsif (@_ == 4) {
+        return $self->template->process($file, $vars, $output);
+    }
+    else {
+        die __PACKAGE__ . '->process() called with too many arguments';
+    }
+}
+
+1;
\ No newline at end of file
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 299734d64..39272a538 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -12,6 +12,7 @@ use 5.10.1;
 use strict;
 use warnings;
 
+use Bugzilla::Logging;
 use Bugzilla::Template::PreloadProvider;
 use Bugzilla::Bug;
 use Bugzilla::Constants;
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 6bb73af01..5ad50e91c 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -14,11 +14,7 @@ use warnings;
 use Bugzilla::Logging;
 use XMLRPC::Transport::HTTP;
 use Bugzilla::WebService::Server;
-if ($ENV{MOD_PERL}) {
-    our @ISA = qw(XMLRPC::Transport::HTTP::Apache Bugzilla::WebService::Server);
-} else {
-    our @ISA = qw(XMLRPC::Transport::HTTP::CGI Bugzilla::WebService::Server);
-}
+our @ISA = qw(XMLRPC::Transport::HTTP::CGI Bugzilla::WebService::Server);
 
 use Bugzilla::WebService::Constants;
 use Bugzilla::Error;
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 29ff05448..d462c884a 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -23,7 +23,7 @@ use base qw(Exporter);
 
 # We have to "require", not "use" this, because otherwise it tries to
 # use features of Test::More during import().
-require Test::Taint;
+require Test::Taint if ${^TAINT};
 
 our @EXPORT_OK = qw(
     extract_flags
@@ -193,8 +193,10 @@ sub taint_data {
     # Though this is a private function, it hasn't changed since 2004 and
     # should be safe to use, and prevents us from having to write it ourselves
     # or require another module to do it.
-    Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params);
-    Test::Taint::taint_deeply(\@params);
+    if (${^TAINT}) {
+        Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params);
+        Test::Taint::taint_deeply(\@params);
+    }
 }
 
 sub _delete_bad_keys {
-- 
cgit v1.2.3-24-g4f1b


From 482953b67c0c348c4fc8df77609bb6aaf6ceb326 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 19 Jul 2018 11:22:00 -0400
Subject: fix lint errors

---
 Bugzilla/Quantum/CGI.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
index 85f14cf83..0e09d795e 100644
--- a/Bugzilla/Quantum/CGI.pm
+++ b/Bugzilla/Quantum/CGI.pm
@@ -90,12 +90,12 @@ sub _ENV {
 
     for my $name ( @{ $headers->names } ) {
         my $key = uc "http_$name";
-        $key =~ s!\W!_!g;
+        $key =~ s/\W/_/g;
         $env_headers{$key} = $headers->header($name);
     }
 
     my $remote_user;
-    if ( my $userinfo = $c->req->url->to_abs->userinfo ) {
+    if ( my $userinfo = $req->url->to_abs->userinfo ) {
         $remote_user = $userinfo =~ /([^:]+)/ ? $1 : '';
     }
     elsif ( my $authenticate = $headers->authorization ) {
-- 
cgit v1.2.3-24-g4f1b


From a46ca861f527d75fe28f784794207f50e8ec7f2b Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 19 Jul 2018 12:18:47 -0400
Subject: fix errors from group review

---
 Bugzilla/Quantum.pm     | 2 +-
 Bugzilla/Quantum/CGI.pm | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index e4c75726c..b5ee83d8e 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -52,7 +52,7 @@ sub startup {
 
     $r->any('/')->to('CGI#index_cgi');
     $r->any('/rest')->to('CGI#rest_cgi');
-    $r->any('/rest.cgi/*PATH_INFP')->to('CGI#rest_cgi' => { PATH_INFO => '' });
+    $r->any('/rest.cgi/*PATH_INFO')->to('CGI#rest_cgi' => { PATH_INFO => '' });
     $r->any('/rest/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' });
     $r->any('/bug/:id')->to('CGI#show_bug_cgi');
     $r->any('/extensions/BzAPI/bin/rest.cgi/*PATH_INFO')->to('CGI#bzapi_cgi');
diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
index 0e09d795e..ba09dded6 100644
--- a/Bugzilla/Quantum/CGI.pm
+++ b/Bugzilla/Quantum/CGI.pm
@@ -52,7 +52,6 @@ sub load_one {
     my $wrapper = sub {
         my ($c) = @_;
         my $stdin  = $c->_STDIN;
-        my $stdout = '';
         local $C = $c;
         local %ENV = $c->_ENV($file);
         local *STDIN;  ## no critic (local)
@@ -102,7 +101,7 @@ sub _ENV {
         $remote_user = $authenticate =~ /Basic\s+(.*)/ ? b64_decode $1 : '';
         $remote_user = $remote_user =~ /([^:]+)/       ? $1            : '';
     }
-    my $path_info = $c->param('PATH_INFO');
+    my $path_info = $c->stash->{'mojo.captures'}{'PATH_INFO'};
     my %captures = %{ $c->stash->{'mojo.captures'} // {} };
     foreach my $key (keys %captures) {
         if ($key eq 'controller' || $key eq 'action' || $key eq 'PATH_INFO' || $key =~ /^REWRITE_/) {
-- 
cgit v1.2.3-24-g4f1b


From e84956b1f37a7248ebc5d43bd64e6360c257ad0f Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 23 Jul 2018 11:16:47 -0400
Subject: some cleanups

---
 Bugzilla/Quantum.pm     | 169 +++++++-----------------------------------------
 Bugzilla/Quantum/CGI.pm |  71 ++++++++++----------
 2 files changed, 58 insertions(+), 182 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index b5ee83d8e..1f6dce8da 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -8,22 +8,22 @@
 package Bugzilla::Quantum;
 use Mojo::Base 'Mojolicious';
 
-use CGI::Compile; # Needed for its exit() overload
+# Needed for its exit() overload, must happen early in execution.
+use CGI::Compile;
+
+use Bugzilla          ();
+use Bugzilla::BugMail ();
+use Bugzilla::CGI     ();
+use Bugzilla::Constants qw(bz_locations);
+use Bugzilla::Extension             ();
+use Bugzilla::Install::Requirements ();
 use Bugzilla::Logging;
-use Bugzilla::Quantum::Template;
 use Bugzilla::Quantum::CGI;
 use Bugzilla::Quantum::SES;
 use Bugzilla::Quantum::Static;
-
-use Bugzilla ();
-use Bugzilla::Constants qw(bz_locations);
-use Bugzilla::BugMail ();
-use Bugzilla::CGI ();
-use Bugzilla::Extension ();
-use Bugzilla::Install::Requirements ();
+use Bugzilla::Quantum::Template;
 use Bugzilla::Util ();
 use Cwd qw(realpath);
-
 use MojoX::Log::Log4perl::Tiny;
 
 has 'static' => sub { Bugzilla::Quantum::Static->new };
@@ -31,7 +31,7 @@ has 'static' => sub { Bugzilla::Quantum::Static->new };
 sub startup {
     my ($self) = @_;
 
-    DEBUG("Starting up");
+    DEBUG('Starting up');
     $self->plugin('Bugzilla::Quantum::Plugin::Glue');
     $self->plugin('Bugzilla::Quantum::Plugin::Hostage');
     $self->plugin('Bugzilla::Quantum::Plugin::BlockIP');
@@ -48,12 +48,12 @@ sub startup {
 
     my $r = $self->routes;
     Bugzilla::Quantum::CGI->load_all($r);
-    Bugzilla::Quantum::CGI->load_one('bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi');
+    Bugzilla::Quantum::CGI->load_one( 'bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi' );
 
     $r->any('/')->to('CGI#index_cgi');
     $r->any('/rest')->to('CGI#rest_cgi');
-    $r->any('/rest.cgi/*PATH_INFO')->to('CGI#rest_cgi' => { PATH_INFO => '' });
-    $r->any('/rest/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' });
+    $r->any('/rest.cgi/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
+    $r->any('/rest/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
     $r->any('/bug/:id')->to('CGI#show_bug_cgi');
     $r->any('/extensions/BzAPI/bin/rest.cgi/*PATH_INFO')->to('CGI#bzapi_cgi');
 
@@ -64,16 +64,16 @@ sub startup {
         },
     );
 
-    $r->get('/__heartbeat__')->to( 'CGI#heartbeat_cgi');
-    $r->get('/robots.txt')->to( 'CGI#robots_cgi' );
+    $r->get('/__heartbeat__')->to('CGI#heartbeat_cgi');
+    $r->get('/robots.txt')->to('CGI#robots_cgi');
 
-    $r->any('/review')->to( 'CGI#page_cgi' => {'id' => 'splinter.html'});
-    $r->any('/user_profile')->to( 'CGI#page_cgi' => {'id' => 'user_profile.html'});
-    $r->any('/userprofile')->to( 'CGI#page_cgi' => {'id' => 'user_profile.html'});
-    $r->any('/request_defer')->to( 'CGI#page_cgi' => {'id' => 'request_defer.html'});
-    $r->any('/login')->to( 'CGI#index_cgi' => { 'GoAheadAndLogIn' => '1' });
+    $r->any('/review')->to( 'CGI#page_cgi' => { 'id' => 'splinter.html' } );
+    $r->any('/user_profile')->to( 'CGI#page_cgi' => { 'id' => 'user_profile.html' } );
+    $r->any('/userprofile')->to( 'CGI#page_cgi' => { 'id' => 'user_profile.html' } );
+    $r->any('/request_defer')->to( 'CGI#page_cgi' => { 'id' => 'request_defer.html' } );
+    $r->any('/login')->to( 'CGI#index_cgi' => { 'GoAheadAndLogIn' => '1' } );
 
-    $r->any('/:new_bug' => [new_bug => qr{new[-_]bug}])->to( 'CGI#new_bug_cgi');
+    $r->any( '/:new_bug' => [ new_bug => qr{new[-_]bug} ] )->to('CGI#new_bug_cgi');
 
     my $ses_auth = $r->under(
         '/ses' => sub {
@@ -85,130 +85,7 @@ sub startup {
     );
     $ses_auth->any('/index.cgi')->to('SES#main');
 
-    $r->any('/:REWRITE_itrequest' => [REWRITE_itrequest => qr{form[\.:]itrequest}])->to(
-        'CGI#enter_bug_cgi' => { 'product' => 'Infrastructure & Operations', 'format' => 'itrequest' }
-    );
-    $r->any('/:REWRITE_mozlist' => [REWRITE_mozlist => qr{form[\.:]mozlist}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'mozlist'}
-    );
-    $r->any('/:REWRITE_poweredby' => [REWRITE_poweredby => qr{form[\.:]poweredby}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'poweredby'}
-    );
-    $r->any('/:REWRITE_presentation' => [REWRITE_presentation => qr{form[\.:]presentation}])->to(
-        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'presentation'}
-    );
-    $r->any('/:REWRITE_trademark' => [REWRITE_trademark => qr{form[\.:]trademark}])->to(
-        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'trademark'}
-    );
-    $r->any('/:REWRITE_recoverykey' => [REWRITE_recoverykey => qr{form[\.:]recoverykey}])->to(
-        'cgi#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'recoverykey'}
-    );
-    $r->any('/:REWRITE_legal' => [REWRITE_legal => qr{form[\.:]legal}])->to(
-        'CGI#enter_bug_cgi' => { 'product' => 'Legal', 'format' => 'legal' },
-    );
-    $r->any('/:REWRITE_recruiting' => [REWRITE_recruiting => qr{form[\.:]recruiting}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Recruiting', 'format' => 'recruiting'}
-    );
-    $r->any('/:REWRITE_intern' => [REWRITE_intern => qr{form[\.:]intern}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Recruiting', 'format' => 'intern'}
-    );
-    $r->any('/:REWRITE_mozpr' => [REWRITE_mozpr => qr{form[\.:]mozpr}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Mozilla PR', 'format' => 'mozpr' },
-    );
-    $r->any('/:REWRITE_reps_mentorship' => [REWRITE_reps_mentorship => qr{form[\.:]reps[\.:]mentorship}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'mozreps' },
-    );
-    $r->any('/:REWRITE_reps_budget' => [REWRITE_reps_budget => qr{form[\.:]reps[\.:]budget}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-budget'}
-    );
-    $r->any('/:REWRITE_reps_swag' => [REWRITE_reps_swag => qr{form[\.:]reps[\.:]swag}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-swag'}
-    );
-    $r->any('/:REWRITE_reps_it' => [REWRITE_reps_it => qr{form[\.:]reps[\.:]it}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Mozilla Reps','format' => 'remo-it'}
-    );
-    $r->any('/:REWRITE_reps_payment' => [REWRITE_reps_payment => qr{form[\.:]reps[\.:]payment}])->to(
-        'CGI#page_cgi' => {'id' => 'remo-form-payment.html'}
-    );
-    $r->any('/:REWRITE_csa_discourse' => [REWRITE_csa_discourse => qr{form[\.:]csa[\.:]discourse}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Infrastructure & Operations', 'format' => 'csa-discourse'}
-    );
-    $r->any('/:REWRITE_employee_incident' => [REWRITE_employee_incident => qr{form[\.:]employee[\.\-:]incident}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org', 'format' => 'employee-incident'}
-    );
-    $r->any('/:REWRITE_brownbag' => [REWRITE_brownbag => qr{form[\.:]brownbag}])->to(
-        'CGI#https_air_mozilla_org_requests' => {}
-    );
-    $r->any('/:REWRITE_finance' => [REWRITE_finance => qr{form[\.:]finance}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Finance','format' => 'finance'}
-    );
-    $r->any('/:REWRITE_moz_project_review' => [REWRITE_moz_project_review => qr{form[\.:]moz[\.\-:]project[\.\-:]review}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'mozilla.org','format' => 'moz-project-review'}
-    );
-    $r->any('/:REWRITE_docs' => [REWRITE_docs => qr{form[\.:]docs?}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Developer Documentation','format' => 'doc'}
-    );
-    $r->any('/:REWRITE_mdn' => [REWRITE_mdn => qr{form[\.:]mdn?}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'mdn','product' => 'developer.mozilla.org'}
-    );
-    $r->any('/:REWRITE_swag_gear' => [REWRITE_swag_gear => qr{form[\.:](swag|gear)}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'swag','product' => 'Marketing'}
-    );
-    $r->any('/:REWRITE_costume' => [REWRITE_costume => qr{form[\.:]costume}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Marketing','format' => 'costume'}
-    );
-    $r->any('/:REWRITE_ipp' => [REWRITE_ipp => qr{form[\.:]ipp}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Internet Public Policy','format' => 'ipp'}
-    );
-    $r->any('/:REWRITE_creative' => [REWRITE_creative => qr{form[\.:]creative}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'creative','product' => 'Marketing'}
-    );
-    $r->any('/:REWRITE_user_engagement' => [REWRITE_user_engagement => qr{form[\.:]user[\.\-:]engagement}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'user-engagement','product' => 'Marketing'}
-    );
-    $r->any('/:REWRITE_dev_engagement_event' => [REWRITE_dev_engagement_event => qr{form[\.:]dev[\.\-:]engagement[\.\-\:]event}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Developer Engagement','format' => 'dev-engagement-event'}
-    );
-    $r->any('/:REWRITE_mobile_compat' => [REWRITE_mobile_compat => qr{form[\.:]mobile[\.\-:]compat}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Tech Evangelism','format' => 'mobile-compat'}
-    );
-    $r->any('/:REWRITE_web_bounty' => [REWRITE_web_bounty => qr{form[\.:]web[\.:]bounty}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'web-bounty','product' => 'mozilla.org'}
-    );
-    $r->any('/:REWRITE_automative' => [REWRITE_automative => qr{form[\.:]automative}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Testing','format' => 'automative'}
-    );
-    $r->any('/:REWRITE_comm_newsletter' => [REWRITE_comm_newsletter => qr{form[\.:]comm[\.:]newsletter}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'comm-newsletter','product' => 'Marketing'}
-    );
-    $r->any('/:REWRITE_screen_share_whitelist' => [REWRITE_screen_share_whitelist => qr{form[\.:]screen[\.:]share[\.:]whitelist}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'screen-share-whitelist','product' => 'Firefox'}
-    );
-    $r->any('/:REWRITE_data_compliance' => [REWRITE_data_compliance => qr{form[\.:]data[\.\-:]compliance}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Data Compliance','format' => 'data-compliance'}
-    );
-    $r->any('/:REWRITE_fsa_budget' => [REWRITE_fsa_budget => qr{form[\.:]fsa[\.:]budget}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'FSA','format' => 'fsa-budget'}
-    );
-    $r->any('/:REWRITE_triage_request' => [REWRITE_triage_request => qr{form[\.:]triage[\.\-]request}])->to(
-        'CGI#page_cgi' => {'id' => 'triage_request.html'}
-    );
-    $r->any('/:REWRITE_crm_CRM' => [REWRITE_crm_CRM => qr{form[\.:](crm|CRM)}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'crm','product' => 'Marketing'}
-    );
-    $r->any('/:REWRITE_nda' => [REWRITE_nda => qr{form[\.:]nda}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Legal','format' => 'nda'}
-    );
-    $r->any('/:REWRITE_name_clearance' => [REWRITE_name_clearance => qr{form[\.:]name[\.:]clearance}])->to(
-        'CGI#enter_bug_cgi' => {'format' => 'name-clearance','product' => 'Legal'}
-    );
-    $r->any('/:REWRITE_shield_studies' => [REWRITE_shield_studies => qr{form[\.:]shield[\.:]studies}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Shield','format' => 'shield-studies'}
-    );
-    $r->any('/:REWRITE_client_bounty' => [REWRITE_client_bounty => qr{form[\.:]client[\.:]bounty}])->to(
-        'CGI#enter_bug_cgi' => {'product' => 'Firefox','format' => 'client-bounty'}
-    );
-
+    Bugzilla::Hook::process( 'app_startup', { app => $self } );
 }
 
 1;
diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
index ba09dded6..ab092140c 100644
--- a/Bugzilla/Quantum/CGI.pm
+++ b/Bugzilla/Quantum/CGI.pm
@@ -25,40 +25,39 @@ our $C;
 my %SEEN;
 
 sub load_all {
-    my ($class, $r) = @_;
+    my ( $class, $r ) = @_;
 
-    foreach my $file (glob '*.cgi') {
-        my $name   = _file_to_method($file);
-        $class->load_one($name, $file);
+    foreach my $file ( glob '*.cgi' ) {
+        my $name = _file_to_method($file);
+        $class->load_one( $name, $file );
         $r->any("/$file")->to("CGI#$name");
     }
 }
 
 sub load_one {
-    my ($class, $name, $file) = @_;
-    my $package    = __PACKAGE__ . "::$name",
-    my $inner_name = "_$name";
-    my $content    = read_text( catfile( bz_locations->{cgi_path}, $file ) );
+    my ( $class, $name, $file ) = @_;
+    my $package = __PACKAGE__ . "::$name", my $inner_name = "_$name";
+    my $content = read_text( catfile( bz_locations->{cgi_path}, $file ) );
     $content = "package $package; $content";
     untaint($content);
     my %options = (
-        package => $package,
-        file    => $file,
-        line    => 1,
+        package  => $package,
+        file     => $file,
+        line     => 1,
         no_defer => 1,
     );
     die "Tried to load $file more than once" if $SEEN{$file}++;
     my $inner = quote_sub $inner_name, $content, {}, \%options;
     my $wrapper = sub {
         my ($c) = @_;
-        my $stdin  = $c->_STDIN;
-        local $C = $c;
-        local %ENV = $c->_ENV($file);
-        local *STDIN;  ## no critic (local)
+        my $stdin = $c->_STDIN;
+        local $C                           = $c;
+        local %ENV                         = $c->_ENV($file);
         local $CGI::Compile::USE_REAL_EXIT = 0;
-        local $PROGRAM_NAME = $file;
+        local $PROGRAM_NAME                = $file;
+        local *STDIN;    ## no critic (local)
         open STDIN, '<', $stdin->path or die "STDIN @{[$stdin->path]}: $!" if -s $stdin->path;
-        tie *STDOUT, 'Bugzilla::Quantum::Stdout', controller => $c; ## no critic (tie)
+        tie *STDOUT, 'Bugzilla::Quantum::Stdout', controller => $c;    ## no critic (tie)
         try {
             Bugzilla->init_page();
             $inner->();
@@ -69,23 +68,24 @@ sub load_one {
         finally {
             untie *STDOUT;
             $c->finish;
-            Bugzilla->_cleanup;    ## no critic (private)
+            Bugzilla->cleanup;
             CGI::initialize_globals();
         };
     };
 
-    no strict 'refs'; ## no critic (strict)
-    *{$name} = subname($name, $wrapper);
+    no strict 'refs';    ## no critic (strict)
+    *{$name} = subname( $name, $wrapper );
     return 1;
 }
 
+
 sub _ENV {
-    my ($c, $script_name) = @_;
-    my $tx      = $c->tx;
-    my $req     = $tx->req;
-    my $headers = $req->headers;
+    my ( $c, $script_name ) = @_;
+    my $tx             = $c->tx;
+    my $req            = $tx->req;
+    my $headers        = $req->headers;
     my $content_length = $req->content->is_multipart ? $req->body_size : $headers->content_length;
-    my %env_headers = ( HTTP_COOKIE => '', HTTP_REFERER => '' );
+    my %env_headers    = ( HTTP_COOKIE => '', HTTP_REFERER => '' );
 
     for my $name ( @{ $headers->names } ) {
         my $key = uc "http_$name";
@@ -103,13 +103,13 @@ sub _ENV {
     }
     my $path_info = $c->stash->{'mojo.captures'}{'PATH_INFO'};
     my %captures = %{ $c->stash->{'mojo.captures'} // {} };
-    foreach my $key (keys %captures) {
-        if ($key eq 'controller' || $key eq 'action' || $key eq 'PATH_INFO' || $key =~ /^REWRITE_/) {
+    foreach my $key ( keys %captures ) {
+        if ( $key eq 'controller' || $key eq 'action' || $key eq 'PATH_INFO' || $key =~ /^REWRITE_/ ) {
             delete $captures{$key};
         }
     }
     my $cgi_query = Mojo::Parameters->new(%captures);
-    $cgi_query->append($req->url->query);
+    $cgi_query->append( $req->url->query );
     my $prefix = $c->stash->{bmo_prefix} ? '/bmo/' : '/';
 
     return (
@@ -119,17 +119,17 @@ sub _ENV {
         GATEWAY_INTERFACE => 'CGI/1.1',
         HTTPS             => $req->is_secure ? 'YES' : 'NO',
         %env_headers,
-        QUERY_STRING => $cgi_query->to_string,
-        PATH_INFO   => $path_info ? "/$path_info" : '',
-        REMOTE_ADDR => $tx->original_remote_address,
-        REMOTE_HOST => $tx->original_remote_address,
-        REMOTE_PORT => $tx->remote_port,
-        REMOTE_USER => $remote_user || '',
+        QUERY_STRING    => $cgi_query->to_string,
+        PATH_INFO       => $path_info ? "/$path_info" : '',
+        REMOTE_ADDR     => $tx->original_remote_address,
+        REMOTE_HOST     => $tx->original_remote_address,
+        REMOTE_PORT     => $tx->remote_port,
+        REMOTE_USER     => $remote_user || '',
         REQUEST_METHOD  => $req->method,
         SCRIPT_NAME     => "$prefix$script_name",
         SERVER_NAME     => hostname,
         SERVER_PORT     => $tx->local_port,
-        SERVER_PROTOCOL => $req->is_secure ? 'HTTPS' : 'HTTP', # TODO: Version is missing
+        SERVER_PROTOCOL => $req->is_secure ? 'HTTPS' : 'HTTP',    # TODO: Version is missing
         SERVER_SOFTWARE => __PACKAGE__,
     );
 }
@@ -157,5 +157,4 @@ sub _file_to_method {
     return $name;
 }
 
-
 1;
-- 
cgit v1.2.3-24-g4f1b


From 0108df4cc381df0b013addaed565595b8bb23299 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 23 Jul 2018 11:20:47 -0400
Subject: more tidy

---
 Bugzilla/Quantum.pm             |  1 -
 Bugzilla/Quantum/Plugin/Glue.pm | 30 +++++++++++-------------------
 Bugzilla/Quantum/Static.pm      |  4 ++--
 Bugzilla/Quantum/Stdout.pm      | 22 +++++++++++-----------
 Bugzilla/Quantum/Template.pm    | 39 ---------------------------------------
 5 files changed, 24 insertions(+), 72 deletions(-)
 delete mode 100644 Bugzilla/Quantum/Template.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 1f6dce8da..083dcaf55 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -21,7 +21,6 @@ use Bugzilla::Logging;
 use Bugzilla::Quantum::CGI;
 use Bugzilla::Quantum::SES;
 use Bugzilla::Quantum::Static;
-use Bugzilla::Quantum::Template;
 use Bugzilla::Util ();
 use Cwd qw(realpath);
 use MojoX::Log::Log4perl::Tiny;
diff --git a/Bugzilla/Quantum/Plugin/Glue.pm b/Bugzilla/Quantum/Plugin/Glue.pm
index 4261d6729..f99026690 100644
--- a/Bugzilla/Quantum/Plugin/Glue.pm
+++ b/Bugzilla/Quantum/Plugin/Glue.pm
@@ -11,7 +11,6 @@ use Mojo::Base 'Mojolicious::Plugin';
 
 use Try::Tiny;
 use Bugzilla::Constants;
-use Bugzilla::Quantum::Template;
 use Bugzilla::Logging;
 use Bugzilla::RNG ();
 use JSON::MaybeXS qw(decode_json);
@@ -20,10 +19,10 @@ sub register {
     my ( $self, $app, $conf ) = @_;
 
     my %D;
-    if ($ENV{BUGZILLA_HTTPD_ARGS}) {
-        my $args = decode_json($ENV{BUGZILLA_HTTPD_ARGS});
+    if ( $ENV{BUGZILLA_HTTPD_ARGS} ) {
+        my $args = decode_json( $ENV{BUGZILLA_HTTPD_ARGS} );
         foreach my $arg (@$args) {
-            if ($arg =~ /^-D(\w+)$/) {
+            if ( $arg =~ /^-D(\w+)$/ ) {
                 $D{$1} = 1;
             }
             else {
@@ -56,25 +55,25 @@ sub register {
     $app->hook(
         before_dispatch => sub {
             my ($c) = @_;
-            if ($D{HTTPD_IN_SUBDIR}) {
+            if ( $D{HTTPD_IN_SUBDIR} ) {
                 my $path = $c->req->url->path;
-                if ($path =~ s{^/bmo}{}s) {
+                if ( $path =~ s{^/bmo}{}s ) {
                     $c->stash->{bmo_prefix} = 1;
                     $c->req->url->path($path);
                 }
             }
-            Log::Log4perl::MDC->put(request_id => $c->req->request_id);
+            Log::Log4perl::MDC->put( request_id => $c->req->request_id );
         }
     );
 
     Bugzilla::Extension->load_all();
-    if ($app->mode ne 'development') {
+    if ( $app->mode ne 'development' ) {
         Bugzilla->preload_features();
         DEBUG("preloading templates");
         Bugzilla->preload_templates();
         DEBUG("done preloading templates");
     }
-    $app->secrets([Bugzilla->localconfig->{side_wide_secret}]);
+    $app->secrets( [ Bugzilla->localconfig->{side_wide_secret} ] );
 
     $app->renderer->add_handler(
         'bugzilla' => sub {
@@ -92,23 +91,16 @@ sub register {
             # The controller
             $vars->{c} = $c;
             my $name = $options->{template};
-            unless ($name =~ /\./) {
+            unless ( $name =~ /\./ ) {
                 $name = sprintf '%s.%s.tmpl', $options->{template}, $options->{format};
             }
             my $template = Bugzilla->template;
             $template->process( $name, $vars, $output )
-                or die $template->error;
+              or die $template->error;
         }
     );
 
-    $app->log(
-        MojoX::Log::Log4perl::Tiny->new(
-            logger => Log::Log4perl->get_logger(ref $app)
-        )
-    );
+    $app->log( MojoX::Log::Log4perl::Tiny->new( logger => Log::Log4perl->get_logger( ref $app ) ) );
 }
 
-
-
-
 1;
diff --git a/Bugzilla/Quantum/Static.pm b/Bugzilla/Quantum/Static.pm
index 2bb54990e..d687873ab 100644
--- a/Bugzilla/Quantum/Static.pm
+++ b/Bugzilla/Quantum/Static.pm
@@ -16,9 +16,9 @@ my $LEGACY_RE = qr{
 }xs;
 
 sub file {
-    my ($self, $rel) = @_;
+    my ( $self, $rel ) = @_;
 
-    if (my ($legacy_rel) = $rel =~ $LEGACY_RE) {
+    if ( my ($legacy_rel) = $rel =~ $LEGACY_RE ) {
         local $self->{paths} = [ bz_locations->{cgi_path} ];
         return $self->SUPER::file($legacy_rel);
     }
diff --git a/Bugzilla/Quantum/Stdout.pm b/Bugzilla/Quantum/Stdout.pm
index 2cdba9160..699ec164a 100644
--- a/Bugzilla/Quantum/Stdout.pm
+++ b/Bugzilla/Quantum/Stdout.pm
@@ -22,35 +22,35 @@ has '_encoding' => (
     default => '',
 );
 
-sub TIEHANDLE { ## no critic (unpack)
+sub TIEHANDLE {    ## no critic (unpack)
     my $class = shift;
 
     return $class->new(@_);
 }
 
-sub PRINTF { ## no critic (unpack)
+sub PRINTF {       ## no critic (unpack)
     my $self = shift;
-    $self->PRINT(sprintf @_);
+    $self->PRINT( sprintf @_ );
 }
 
-sub PRINT { ## no critic (unpack)
-    my $self = shift;
-    my $c = $self->controller;
+sub PRINT {        ## no critic (unpack)
+    my $self  = shift;
+    my $c     = $self->controller;
     my $bytes = join '', @_;
     return unless $bytes;
-    if ($self->_encoding) {
-        $bytes = encode($self->_encoding, $bytes);
+    if ( $self->_encoding ) {
+        $bytes = encode( $self->_encoding, $bytes );
     }
     $c->write($bytes);
 }
 
 sub BINMODE {
-    my ($self, $mode) = @_;
+    my ( $self, $mode ) = @_;
     if ($mode) {
-        if ($mode eq ':bytes' or $mode eq ':raw') {
+        if ( $mode eq ':bytes' or $mode eq ':raw' ) {
             $self->_encoding('');
         }
-        elsif ($mode eq ':utf8') {
+        elsif ( $mode eq ':utf8' ) {
             $self->_encoding('utf8');
         }
     }
diff --git a/Bugzilla/Quantum/Template.pm b/Bugzilla/Quantum/Template.pm
deleted file mode 100644
index 2442f1134..000000000
--- a/Bugzilla/Quantum/Template.pm
+++ /dev/null
@@ -1,39 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Quantum::Template;
-use 5.10.1;
-use Moo;
-
-has 'controller' => (
-    is       => 'ro',
-    required => 1,
-);
-
-has 'template' => (
-    is       => 'ro',
-    required => 1,
-    handles  => ['error', 'get_format'],
-);
-
-sub process {
-    my ($self, $file, $vars, $output) = @_;
-
-    if (@_ < 4) {
-        $self->controller->stash->{vars} = $vars;
-        $self->controller->render(template => $file, handler => 'bugzilla');
-        return 1;
-    }
-    elsif (@_ == 4) {
-        return $self->template->process($file, $vars, $output);
-    }
-    else {
-        die __PACKAGE__ . '->process() called with too many arguments';
-    }
-}
-
-1;
\ No newline at end of file
-- 
cgit v1.2.3-24-g4f1b


From 8d59839660e4aa848c32295c1851bb0180f90116 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 23 Jul 2018 11:24:13 -0400
Subject: more tidy

---
 Bugzilla/Memcached.pm                |  2 ++
 Bugzilla/Quantum/Plugin/BasicAuth.pm | 10 +++++-----
 Bugzilla/Quantum/Plugin/BlockIP.pm   | 20 ++++++++++----------
 Bugzilla/Quantum/Plugin/Hostage.pm   | 29 +++++++++++++++--------------
 4 files changed, 32 insertions(+), 29 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 40755aa29..6bbef080a 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -25,6 +25,8 @@ use Sys::Syslog qw(:DEFAULT);
 use constant MAX_KEY_LENGTH => 250;
 use constant RATE_LIMIT_PREFIX => "rate:";
 
+*new = \&_new;
+
 sub _new {
     my $invocant = shift;
     my $class = ref($invocant) || $invocant;
diff --git a/Bugzilla/Quantum/Plugin/BasicAuth.pm b/Bugzilla/Quantum/Plugin/BasicAuth.pm
index bc79c89ef..e17273404 100644
--- a/Bugzilla/Quantum/Plugin/BasicAuth.pm
+++ b/Bugzilla/Quantum/Plugin/BasicAuth.pm
@@ -16,15 +16,15 @@ sub register {
 
     $app->renderer->add_helper(
         basic_auth => sub {
-            my ($c, $realm, $auth_user, $auth_pass) = @_;
+            my ( $c, $realm, $auth_user, $auth_pass ) = @_;
             my $req = $c->req;
-            my ($user, $password) = $req->url->to_abs->userinfo =~ /^([^:]+):(.*)/;
+            my ( $user, $password ) = $req->url->to_abs->userinfo =~ /^([^:]+):(.*)/;
 
-            unless ($realm && $auth_user && $auth_pass) {
+            unless ( $realm && $auth_user && $auth_pass ) {
                 croak 'basic_auth() called with missing parameters.';
             }
 
-            unless ($user eq $auth_user && $password eq $auth_pass) {
+            unless ( $user eq $auth_user && $password eq $auth_pass ) {
                 WARN('username and password do not match');
                 $c->res->headers->www_authenticate("Basic realm=\"$realm\"");
                 $c->res->code(401);
@@ -37,4 +37,4 @@ sub register {
     );
 }
 
-1;
+1;
\ No newline at end of file
diff --git a/Bugzilla/Quantum/Plugin/BlockIP.pm b/Bugzilla/Quantum/Plugin/BlockIP.pm
index fbfffad66..ebeb2a4aa 100644
--- a/Bugzilla/Quantum/Plugin/BlockIP.pm
+++ b/Bugzilla/Quantum/Plugin/BlockIP.pm
@@ -4,34 +4,34 @@ use Mojo::Base 'Mojolicious::Plugin';
 
 use Bugzilla::Memcached;
 
-use constant BLOCK_TIMEOUT => 60*60;
+use constant BLOCK_TIMEOUT => 60 * 60;
 
-my $MEMCACHED = Bugzilla::Memcached->_new()->{memcached};
+my $MEMCACHED = Bugzilla::Memcached->new()->{memcached};
 
 sub register {
     my ( $self, $app, $conf ) = @_;
 
-    $app->hook(before_routes => \&_before_routes);
-    $app->helper(block_ip    => \&_block_ip);
-    $app->helper(unblock_ip  => \&_unblock_ip);
+    $app->hook( before_routes => \&_before_routes );
+    $app->helper( block_ip   => \&_block_ip );
+    $app->helper( unblock_ip => \&_unblock_ip );
 }
 
 sub _block_ip {
-    my ($class, $ip) = @_;
-    $MEMCACHED->set("block_ip:$ip" => 1, BLOCK_TIMEOUT) if $MEMCACHED;
+    my ( $class, $ip ) = @_;
+    $MEMCACHED->set( "block_ip:$ip" => 1, BLOCK_TIMEOUT ) if $MEMCACHED;
 }
 
 sub _unblock_ip {
-    my ($class, $ip) = @_;
+    my ( $class, $ip ) = @_;
     $MEMCACHED->delete("block_ip:$ip") if $MEMCACHED;
 }
 
 sub _before_routes {
-    my ( $c ) = @_;
+    my ($c) = @_;
     return if $c->stash->{'mojo.static'};
 
     my $ip = $c->tx->remote_address;
-    if ($MEMCACHED && $MEMCACHED->get("block_ip:$ip")) {
+    if ( $MEMCACHED && $MEMCACHED->get("block_ip:$ip") ) {
         $c->block_ip($ip);
         $c->res->code(429);
         $c->res->message("Too Many Requests");
diff --git a/Bugzilla/Quantum/Plugin/Hostage.pm b/Bugzilla/Quantum/Plugin/Hostage.pm
index 42a05a910..19c77995e 100644
--- a/Bugzilla/Quantum/Plugin/Hostage.pm
+++ b/Bugzilla/Quantum/Plugin/Hostage.pm
@@ -6,14 +6,14 @@ sub _attachment_root {
     my ($base) = @_;
     return undef unless $base;
     return $base =~ m{^https?://(?:bug)?\%bugid\%\.([a-zA-Z\.-]+)}
-        ? $1
-        : undef;
+      ? $1
+      : undef;
 }
 
 sub _attachment_host_regex {
     my ($base) = @_;
     return undef unless $base;
-    my $val   = $base;
+    my $val = $base;
     $val =~ s{^https?://}{}s;
     $val =~ s{/$}{}s;
     my $regex = quotemeta $val;
@@ -24,11 +24,11 @@ sub _attachment_host_regex {
 sub register {
     my ( $self, $app, $conf ) = @_;
 
-    $app->hook(before_routes => \&_before_routes);
+    $app->hook( before_routes => \&_before_routes );
 }
 
 sub _before_routes {
-    my ( $c ) = @_;
+    my ($c) = @_;
     state $urlbase               = Bugzilla->localconfig->{urlbase};
     state $urlbase_uri           = URI->new($urlbase);
     state $urlbase_host          = $urlbase_uri->host;
@@ -43,31 +43,32 @@ sub _before_routes {
 
     return if $stash->{'mojo.static'};
 
-    my $hostname  = $url->host;
+    my $hostname = $url->host;
     return if $hostname eq $urlbase_host;
 
     my $path = $url->path;
     return if $path eq '/__lbheartbeat__';
 
-    if ($attachment_base && $hostname eq $attachment_root) {
+    if ( $attachment_base && $hostname eq $attachment_root ) {
         $c->redirect_to($urlbase);
         return;
     }
-    elsif ($attachment_base && $hostname =~ $attachment_host_regex) {
-        if ($path =~ m{^/attachment\.cgi}s) {
+    elsif ( $attachment_base && $hostname =~ $attachment_host_regex ) {
+        if ( $path =~ m{^/attachment\.cgi}s ) {
             return;
-        } else {
+        }
+        else {
             my $new_uri = $url->clone;
-            $new_uri->scheme($urlbase_uri->scheme);
+            $new_uri->scheme( $urlbase_uri->scheme );
             $new_uri->host($urlbase_host);
             $c->redirect_to($new_uri);
             return;
         }
     }
-    elsif (my ($id) = $hostname =~ $urlbase_host_regex) {
+    elsif ( my ($id) = $hostname =~ $urlbase_host_regex ) {
         my $new_uri = $urlbase_uri->clone;
         $new_uri->path('/show_bug.cgi');
-        $new_uri->query_form(id => $id);
+        $new_uri->query_form( id => $id );
         $c->redirect_to($new_uri);
         return;
     }
@@ -77,4 +78,4 @@ sub _before_routes {
     }
 }
 
-1;
\ No newline at end of file
+1;
-- 
cgit v1.2.3-24-g4f1b


From 7361facceb4b2bf96a72ff0ab3a06f125a5ebe7e Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 23 Jul 2018 11:41:14 -0400
Subject: more tidy

---
 Bugzilla/Quantum/CGI.pm            | 14 +++++++-------
 Bugzilla/Quantum/Plugin/BlockIP.pm |  4 ++--
 Bugzilla/Quantum/Plugin/Glue.pm    |  6 +++---
 3 files changed, 12 insertions(+), 12 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
index ab092140c..7585d888a 100644
--- a/Bugzilla/Quantum/CGI.pm
+++ b/Bugzilla/Quantum/CGI.pm
@@ -9,17 +9,17 @@ package Bugzilla::Quantum::CGI;
 use Mojo::Base 'Mojolicious::Controller';
 
 use CGI::Compile;
-use Bugzilla::Constants qw(bz_locations);
-use Bugzilla::Quantum::Stdout;
-use File::Slurper qw(read_text);
-use File::Spec::Functions qw(catfile);
-use Sub::Name;
-use Sub::Quote 2.005000;
 use Try::Tiny;
 use Taint::Util qw(untaint);
-use Socket qw(AF_INET inet_aton);
 use Sys::Hostname;
+use Sub::Quote 2.005000;
+use Sub::Name;
+use Socket qw(AF_INET inet_aton);
+use File::Spec::Functions qw(catfile);
+use File::Slurper qw(read_text);
 use English qw(-no_match_vars);
+use Bugzilla::Quantum::Stdout;
+use Bugzilla::Constants qw(bz_locations);
 
 our $C;
 my %SEEN;
diff --git a/Bugzilla/Quantum/Plugin/BlockIP.pm b/Bugzilla/Quantum/Plugin/BlockIP.pm
index ebeb2a4aa..058ecbf64 100644
--- a/Bugzilla/Quantum/Plugin/BlockIP.pm
+++ b/Bugzilla/Quantum/Plugin/BlockIP.pm
@@ -34,8 +34,8 @@ sub _before_routes {
     if ( $MEMCACHED && $MEMCACHED->get("block_ip:$ip") ) {
         $c->block_ip($ip);
         $c->res->code(429);
-        $c->res->message("Too Many Requests");
-        $c->res->body("Too Many Requests");
+        $c->res->message('Too Many Requests');
+        $c->res->body('Too Many Requests');
         $c->finish;
     }
 }
diff --git a/Bugzilla/Quantum/Plugin/Glue.pm b/Bugzilla/Quantum/Plugin/Glue.pm
index f99026690..02514a0f8 100644
--- a/Bugzilla/Quantum/Plugin/Glue.pm
+++ b/Bugzilla/Quantum/Plugin/Glue.pm
@@ -48,7 +48,7 @@ sub register {
         sub {
             Bugzilla::RNG::srand();
             srand();
-            eval { Bugzilla->dbh->ping };
+            try { Bugzilla->dbh->ping };
         }
     );
 
@@ -69,9 +69,9 @@ sub register {
     Bugzilla::Extension->load_all();
     if ( $app->mode ne 'development' ) {
         Bugzilla->preload_features();
-        DEBUG("preloading templates");
+        DEBUG('preloading templates');
         Bugzilla->preload_templates();
-        DEBUG("done preloading templates");
+        DEBUG('done preloading templates');
     }
     $app->secrets( [ Bugzilla->localconfig->{side_wide_secret} ] );
 
-- 
cgit v1.2.3-24-g4f1b


From 67ed2721c8824db40092c2a1a4b301ff6c7bd509 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 31 Jul 2018 13:06:08 -0400
Subject: review nits

---
 Bugzilla/Config/General.pm | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Config/General.pm b/Bugzilla/Config/General.pm
index 15688dfd3..c870c7376 100644
--- a/Bugzilla/Config/General.pm
+++ b/Bugzilla/Config/General.pm
@@ -39,12 +39,6 @@ use constant get_param_list => (
         checker => \&check_utf8
     },
 
-    {
-        name    => 'shutdownhtml',
-        type    => 'l',
-        default => ''
-    },
-
     {
         name    => 'announcehtml',
         type    => 'l',
-- 
cgit v1.2.3-24-g4f1b


From 2112e905d869d7e7d204eca5c1aeca2a4762775b Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 31 Jul 2018 17:12:20 -0400
Subject: hypnotoad should always expect a proxy

---
 Bugzilla/Quantum/Plugin/Glue.pm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/Plugin/Glue.pm b/Bugzilla/Quantum/Plugin/Glue.pm
index 02514a0f8..ea21429bd 100644
--- a/Bugzilla/Quantum/Plugin/Glue.pm
+++ b/Bugzilla/Quantum/Plugin/Glue.pm
@@ -34,6 +34,7 @@ sub register {
     # hypnotoad is weird and doesn't look for MOJO_LISTEN itself.
     $app->config(
         hypnotoad => {
+            proxy => 1,
             listen => [ $ENV{MOJO_LISTEN} ],
         },
     );
-- 
cgit v1.2.3-24-g4f1b


From f9088d8cfaccf32674909db948be7d1400993acd Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 31 Jul 2018 21:37:33 -0400
Subject: add version

---
 Bugzilla/Quantum.pm        | 14 ++++++++++++++
 Bugzilla/Quantum/Stdout.pm |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 083dcaf55..135ff94a9 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -63,6 +63,20 @@ sub startup {
         },
     );
 
+    $r->get(
+        '/__version__' => sub {
+            my $c = shift;
+            $c->reply->file( $c->app->home->child('version.json') );
+        },
+    );
+
+    $r->get(
+        '/version.json' => sub {
+            my $c = shift;
+            $c->reply->file( $c->app->home->child('version.json') );
+        },
+    );
+
     $r->get('/__heartbeat__')->to('CGI#heartbeat_cgi');
     $r->get('/robots.txt')->to('CGI#robots_cgi');
 
diff --git a/Bugzilla/Quantum/Stdout.pm b/Bugzilla/Quantum/Stdout.pm
index 699ec164a..be7b546ea 100644
--- a/Bugzilla/Quantum/Stdout.pm
+++ b/Bugzilla/Quantum/Stdout.pm
@@ -41,7 +41,7 @@ sub PRINT {        ## no critic (unpack)
     if ( $self->_encoding ) {
         $bytes = encode( $self->_encoding, $bytes );
     }
-    $c->write($bytes);
+    $c->write($bytes.$\);
 }
 
 sub BINMODE {
-- 
cgit v1.2.3-24-g4f1b


From 8dda66ee78df54d38d86c7e7ed0c8695fec78e40 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 31 Jul 2018 23:49:38 -0400
Subject: add more debugging but also probably fix redirect problem

---
 Bugzilla/CGI.pm                    | 4 ++++
 Bugzilla/Quantum/CGI.pm            | 2 +-
 Bugzilla/Quantum/Plugin/Hostage.pm | 5 +++++
 Bugzilla/Util.pm                   | 3 ++-
 4 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 4bc52d789..2cbb02e3e 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -141,6 +141,7 @@ sub new {
             # apache collapses // to / in $ENV{PATH_INFO} but not in $self->path_info.
             # url() requires the full path in ENV in order to generate the correct url.
             $ENV{PATH_INFO} = $path;
+            DEBUG("redirecting because we see PATH_INFO and don't like it");
             print $self->redirect($self->url(-path => 0, -query => 1));
             exit;
         }
@@ -151,6 +152,7 @@ sub new {
 
     # Redirect to urlbase if we are not viewing an attachment.
     if ($self->url_is_attachment_base and $script ne 'attachment.cgi') {
+        DEBUG("Redirecting to urlbase because the url is in the attachment base and not attachment.cgi");
         $self->redirect_to_urlbase();
     }
 
@@ -782,6 +784,7 @@ sub redirect_search_url {
     # are only redirected if they're under the CGI_URI_LIMIT though.
     my $self_url = $self->self_url();
     if ($self->request_method() ne 'POST' or length($self_url) < CGI_URI_LIMIT) {
+        DEBUG("Redirecting search url");
         print $self->redirect(-url => $self_url);
         exit;
     }
@@ -803,6 +806,7 @@ sub redirect_to_https {
     # XML-RPC clients (SOAP::Lite at least) require a 301 to redirect properly
     # and do not work with 302. Our redirect really is permanent anyhow, so
     # it doesn't hurt to make it a 301.
+    DEBUG("Redirecting to https");
     print $self->redirect(-location => $url, -status => 301);
     exit;
 }
diff --git a/Bugzilla/Quantum/CGI.pm b/Bugzilla/Quantum/CGI.pm
index 7585d888a..0a74f1ee5 100644
--- a/Bugzilla/Quantum/CGI.pm
+++ b/Bugzilla/Quantum/CGI.pm
@@ -117,7 +117,7 @@ sub _ENV {
         CONTENT_LENGTH => $content_length        || 0,
         CONTENT_TYPE   => $headers->content_type || '',
         GATEWAY_INTERFACE => 'CGI/1.1',
-        HTTPS             => $req->is_secure ? 'YES' : 'NO',
+        HTTPS             => $req->is_secure ? 'on' : 'off',
         %env_headers,
         QUERY_STRING    => $cgi_query->to_string,
         PATH_INFO       => $path_info ? "/$path_info" : '',
diff --git a/Bugzilla/Quantum/Plugin/Hostage.pm b/Bugzilla/Quantum/Plugin/Hostage.pm
index 19c77995e..cbde7b5ee 100644
--- a/Bugzilla/Quantum/Plugin/Hostage.pm
+++ b/Bugzilla/Quantum/Plugin/Hostage.pm
@@ -1,6 +1,7 @@
 package Bugzilla::Quantum::Plugin::Hostage;
 use 5.10.1;
 use Mojo::Base 'Mojolicious::Plugin';
+use Bugzilla::Logging;
 
 sub _attachment_root {
     my ($base) = @_;
@@ -50,6 +51,7 @@ sub _before_routes {
     return if $path eq '/__lbheartbeat__';
 
     if ( $attachment_base && $hostname eq $attachment_root ) {
+        DEBUG("redirecting to $urlbase because $hostname is $attachment_root");
         $c->redirect_to($urlbase);
         return;
     }
@@ -61,6 +63,7 @@ sub _before_routes {
             my $new_uri = $url->clone;
             $new_uri->scheme( $urlbase_uri->scheme );
             $new_uri->host($urlbase_host);
+            DEBUG("redirecting to $new_uri because $hostname matches attachment regex");
             $c->redirect_to($new_uri);
             return;
         }
@@ -69,10 +72,12 @@ sub _before_routes {
         my $new_uri = $urlbase_uri->clone;
         $new_uri->path('/show_bug.cgi');
         $new_uri->query_form( id => $id );
+        DEBUG("redirecting to $new_uri because $hostname includes bug id");
         $c->redirect_to($new_uri);
         return;
     }
     else {
+        DEBUG("redirecting to $urlbase because $hostname doesn't make sense");
         $c->redirect_to($urlbase);
         return;
     }
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index a8477a62d..aa524b263 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -29,7 +29,7 @@ use base qw(Exporter);
                              get_text template_var disable_utf8
                              enable_utf8 detect_encoding email_filter
                              round extract_nicks);
-
+use Bugzilla::Logging;
 use Bugzilla::Constants;
 use Bugzilla::RNG qw(irand);
 
@@ -317,6 +317,7 @@ sub do_ssl_redirect_if_required {
 
     # If we're already running under SSL, never redirect.
     return if $ENV{HTTPS} && $ENV{HTTPS} eq 'on';
+    DEBUG("Redirect to HTTPS because \$ENV{HTTPS}=$ENV{HTTPS}");
     Bugzilla->cgi->redirect_to_https();
 }
 
-- 
cgit v1.2.3-24-g4f1b


From ef2ec2c8682d51a9a4d21c4f431ce0f9f1ae0d88 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 31 Jul 2018 23:49:38 -0400
Subject: Fix a module loading problem

---
 Bugzilla/Quantum.pm             | 11 +++++++++++
 Bugzilla/Quantum/Plugin/Glue.pm |  8 +-------
 2 files changed, 12 insertions(+), 7 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 135ff94a9..8d46833c4 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -21,6 +21,8 @@ use Bugzilla::Logging;
 use Bugzilla::Quantum::CGI;
 use Bugzilla::Quantum::SES;
 use Bugzilla::Quantum::Static;
+use Mojo::Loader qw( find_modules );
+use Module::Runtime qw( require_module );
 use Bugzilla::Util ();
 use Cwd qw(realpath);
 use MojoX::Log::Log4perl::Tiny;
@@ -36,7 +38,14 @@ sub startup {
     $self->plugin('Bugzilla::Quantum::Plugin::BlockIP');
     $self->plugin('Bugzilla::Quantum::Plugin::BasicAuth');
 
+    Bugzilla::Extension->load_all();
     if ( $self->mode ne 'development' ) {
+        Bugzilla->preload_features();
+        DEBUG('preloading templates');
+        Bugzilla->preload_templates();
+        DEBUG('done preloading templates');
+        require_module($_) for find_modules('Bugzilla::User::Setting');
+
         $self->hook(
             after_static => sub {
                 my ($c) = @_;
@@ -49,6 +58,8 @@ sub startup {
     Bugzilla::Quantum::CGI->load_all($r);
     Bugzilla::Quantum::CGI->load_one( 'bzapi_cgi', 'extensions/BzAPI/bin/rest.cgi' );
 
+    Bugzilla::WebService::Server::REST->preload;
+
     $r->any('/')->to('CGI#index_cgi');
     $r->any('/rest')->to('CGI#rest_cgi');
     $r->any('/rest.cgi/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
diff --git a/Bugzilla/Quantum/Plugin/Glue.pm b/Bugzilla/Quantum/Plugin/Glue.pm
index ea21429bd..ded4daf15 100644
--- a/Bugzilla/Quantum/Plugin/Glue.pm
+++ b/Bugzilla/Quantum/Plugin/Glue.pm
@@ -67,13 +67,7 @@ sub register {
         }
     );
 
-    Bugzilla::Extension->load_all();
-    if ( $app->mode ne 'development' ) {
-        Bugzilla->preload_features();
-        DEBUG('preloading templates');
-        Bugzilla->preload_templates();
-        DEBUG('done preloading templates');
-    }
+
     $app->secrets( [ Bugzilla->localconfig->{side_wide_secret} ] );
 
     $app->renderer->add_handler(
-- 
cgit v1.2.3-24-g4f1b


From ae07e0f8f8f328c44ec0febc39d30ea639005f12 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 6 Aug 2018 14:14:49 -0400
Subject: handle bare bugs

---
 Bugzilla/Quantum.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 8d46833c4..01cbb8927 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -61,10 +61,12 @@ sub startup {
     Bugzilla::WebService::Server::REST->preload;
 
     $r->any('/')->to('CGI#index_cgi');
+    $r->any('/bug/:id')->to('CGI#show_bug_cgi');
+    $r->any('/:bug_id' => { bug_id => qr/^[0-9]+$/ });
+
     $r->any('/rest')->to('CGI#rest_cgi');
     $r->any('/rest.cgi/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
     $r->any('/rest/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
-    $r->any('/bug/:id')->to('CGI#show_bug_cgi');
     $r->any('/extensions/BzAPI/bin/rest.cgi/*PATH_INFO')->to('CGI#bzapi_cgi');
 
     $r->get(
-- 
cgit v1.2.3-24-g4f1b


From 5e9d3d62885d141d2c980f15ff705fd5d632d91b Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 6 Aug 2018 14:56:28 -0400
Subject: fix route

---
 Bugzilla/Quantum.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 01cbb8927..b922cf266 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -62,7 +62,7 @@ sub startup {
 
     $r->any('/')->to('CGI#index_cgi');
     $r->any('/bug/:id')->to('CGI#show_bug_cgi');
-    $r->any('/:bug_id' => { bug_id => qr/^[0-9]+$/ });
+    $r->any('/:bug_id' => { bug_id => qr/^[0-9]+$/ })->to('CGI#show_bug_cgi');
 
     $r->any('/rest')->to('CGI#rest_cgi');
     $r->any('/rest.cgi/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
-- 
cgit v1.2.3-24-g4f1b


From 8db10ddf926974bc295359b35c8b69a1033a37b5 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 7 Aug 2018 16:42:54 -0400
Subject: no bug - Fixed routing issues with /bug/<bug_id> and /<bug_id>

---
 Bugzilla/Quantum.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index b922cf266..03dfcf0d0 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -61,8 +61,8 @@ sub startup {
     Bugzilla::WebService::Server::REST->preload;
 
     $r->any('/')->to('CGI#index_cgi');
-    $r->any('/bug/:id')->to('CGI#show_bug_cgi');
-    $r->any('/:bug_id' => { bug_id => qr/^[0-9]+$/ })->to('CGI#show_bug_cgi');
+    $r->any('/bug/<id:num>')->to('CGI#show_bug_cgi');
+    $r->any('/<id:num>')->to('CGI#show_bug_cgi');
 
     $r->any('/rest')->to('CGI#rest_cgi');
     $r->any('/rest.cgi/*PATH_INFO')->to( 'CGI#rest_cgi' => { PATH_INFO => '' } );
-- 
cgit v1.2.3-24-g4f1b


From 96e529c4357f7f7832465b71f42994854a174cdd Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 20:05:13 -0400
Subject: fix glaring error

---
 Bugzilla/Quantum/SES.pm | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 47c591fb5..26df7a3eb 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -133,10 +133,7 @@ sub _process_bounce {
 }
 
 sub _process_complaint {
-    my ($self) = @_;
-
-    # email notification to bugzilla admin
-    my ($notification) = @_;
+    my ($self, $notification) = @_;
     my $template       = Bugzilla->template_inner();
     my $json           = JSON::MaybeXS->new(
         pretty    => 1,
@@ -200,4 +197,4 @@ sub ua {
     return $ua;
 }
 
-1;
\ No newline at end of file
+1;
-- 
cgit v1.2.3-24-g4f1b


From 59fe9f7c0e56abd084c711455d5639d163312e52 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:29:23 -0400
Subject: add more testing

---
 Bugzilla/Quantum/SES.pm    | 58 +++++++++++++++++++++++++++++++++++++++++++---
 Bugzilla/Quantum/Stdout.pm |  3 ++-
 2 files changed, 57 insertions(+), 4 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 26df7a3eb..119769b32 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -18,7 +18,24 @@ use JSON::MaybeXS qw(decode_json);
 use LWP::UserAgent ();
 use Try::Tiny qw(catch try);
 
+use Types::Standard qw( :all );
+use Type::Utils;
+use Type::Params qw( compile );
+
+my $Invocant = class_type { class => __PACKAGE__ };
+
 sub main {
+    my ($self) = @_;
+    try {
+        $self->_main;
+    }
+    catch {
+        FATAL($_);
+        die $_;
+    };
+}
+
+sub _main {
     my ($self) = @_;
     Bugzilla->error_mode(ERROR_MODE_DIE);
     my $message = $self->_decode_json_wrapper( $self->req->body ) // return;
@@ -70,8 +87,17 @@ sub _confirm_subscription {
     $self->_respond( 200 => 'OK' );
 }
 
+my $NotificationType = Enum [qw( Bounce Complaint )];
+my $TypeField        = Enum [qw(eventType notificationType)];
+my $Notification = Dict [
+    eventType        => Optional [$NotificationType],
+    notificationType => Optional [$NotificationType],
+    slurpy Any,
+];
+
 sub _handle_notification {
-    my ( $self, $notification, $type_field ) = @_;
+    state $check = compile($Invocant, $Notification, $TypeField );
+    my ( $self, $notification, $type_field ) = $check->(@_);
 
     if ( !exists $notification->{$type_field} ) {
         return 0;
@@ -91,8 +117,23 @@ sub _handle_notification {
     return 1;
 }
 
+my $BouncedRecipients = ArrayRef[
+    Dict[
+       emailAddress   => Str,
+       action         => Str,
+       diagnosticCode => Int,
+       slurpy Any,
+    ],
+];
+my $BounceNotification = Dict[
+    bounce => Dict[
+        bouncedRecipients => $BouncedRecipients,
+        reportingMTA => Str,
+    ],
+];
 sub _process_bounce {
-    my ($self, $notification) = @_;
+    state $check = compile($Invocant, $BounceNotification);
+    my ($self, $notification) = $check->(@_);
 
     # disable each account that is bouncing
     foreach my $recipient ( @{ $notification->{bounce}->{bouncedRecipients} } ) {
@@ -132,8 +173,19 @@ sub _process_bounce {
     $self->_respond( 200 => 'OK' );
 }
 
+my $ComplainedRecipients = ArrayRef[Dict[ emailAddress => Str, slurpy Any ]];
+my $ComplaintNotification = Dict[
+    complaint => Dict [
+        complainedRecipients => $ComplainedRecipients,
+        complaintFeedbackType => Str,
+        slurpy Any,
+    ],
+    slurpy Any,
+];
+
 sub _process_complaint {
-    my ($self, $notification) = @_;
+    state $check = compile($Invocant, $ComplaintNotification);
+    my ($self, $notification) = $check->(@_);
     my $template       = Bugzilla->template_inner();
     my $json           = JSON::MaybeXS->new(
         pretty    => 1,
diff --git a/Bugzilla/Quantum/Stdout.pm b/Bugzilla/Quantum/Stdout.pm
index be7b546ea..9cf19992c 100644
--- a/Bugzilla/Quantum/Stdout.pm
+++ b/Bugzilla/Quantum/Stdout.pm
@@ -11,6 +11,7 @@ use Moo;
 
 use Bugzilla::Logging;
 use Encode;
+use English qw(-no_match_vars);
 
 has 'controller' => (
     is       => 'ro',
@@ -41,7 +42,7 @@ sub PRINT {        ## no critic (unpack)
     if ( $self->_encoding ) {
         $bytes = encode( $self->_encoding, $bytes );
     }
-    $c->write($bytes.$\);
+    $c->write($bytes . ( $OUTPUT_RECORD_SEPARATOR // '' ) );
 }
 
 sub BINMODE {
-- 
cgit v1.2.3-24-g4f1b


From bea9c36dd3209ae1126a48ed1ed5d6023579fcf5 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:30:23 -0400
Subject: better FATAL error

---
 Bugzilla/Quantum/SES.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 119769b32..2a1c65802 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -30,7 +30,7 @@ sub main {
         $self->_main;
     }
     catch {
-        FATAL($_);
+        FATAL("Error in SES Handler: ", $_);
         die $_;
     };
 }
-- 
cgit v1.2.3-24-g4f1b


From f2f8c5e6532db45adab694846237992dc6b498e8 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:33:57 -0400
Subject: diagnostic code is a string

---
 Bugzilla/Quantum/SES.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 2a1c65802..4badbc247 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -121,7 +121,7 @@ my $BouncedRecipients = ArrayRef[
     Dict[
        emailAddress   => Str,
        action         => Str,
-       diagnosticCode => Int,
+       diagnosticCode => Str,
        slurpy Any,
     ],
 ];
-- 
cgit v1.2.3-24-g4f1b


From 50d22b447383e9ac2a88dde5a61cb4eeaf83236f Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:36:24 -0400
Subject: one more slurpy type

---
 Bugzilla/Quantum/SES.pm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 4badbc247..824ce58d3 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -125,12 +125,16 @@ my $BouncedRecipients = ArrayRef[
        slurpy Any,
     ],
 ];
-my $BounceNotification = Dict[
-    bounce => Dict[
+my $BounceNotification = Dict [
+    bounce => Dict [
         bouncedRecipients => $BouncedRecipients,
-        reportingMTA => Str,
+        reportingMTA      => Str,
+        bounceSubType     => Str,
+        bounceType        => Str,
+        slurpy Any,
     ],
 ];
+
 sub _process_bounce {
     state $check = compile($Invocant, $BounceNotification);
     my ($self, $notification) = $check->(@_);
-- 
cgit v1.2.3-24-g4f1b


From e90495d2aaee38547c06ccac1235ff1b6e4cdc82 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:38:30 -0400
Subject: once more

---
 Bugzilla/Quantum/SES.pm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index 824ce58d3..e447b036a 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -133,6 +133,7 @@ my $BounceNotification = Dict [
         bounceType        => Str,
         slurpy Any,
     ],
+    slurpy Any,
 ];
 
 sub _process_bounce {
-- 
cgit v1.2.3-24-g4f1b


From 74520b1b65b7dd7fded658033d19db55fa77f319 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 8 Aug 2018 22:46:07 -0400
Subject: more type checking

---
 Bugzilla/Quantum/SES.pm | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/SES.pm b/Bugzilla/Quantum/SES.pm
index e447b036a..03916075d 100644
--- a/Bugzilla/Quantum/SES.pm
+++ b/Bugzilla/Quantum/SES.pm
@@ -31,7 +31,7 @@ sub main {
     }
     catch {
         FATAL("Error in SES Handler: ", $_);
-        die $_;
+        $self->_respond( 400 => 'Bad Request' );
     };
 }
 
@@ -67,7 +67,8 @@ sub _main {
 }
 
 sub _confirm_subscription {
-    my ($self, $message) = @_;
+    state $check = compile($Invocant, Dict[SubscribeURL => Str, slurpy Any]);
+    my ($self, $message) = $check->(@_);
 
     my $subscribe_url = $message->{SubscribeURL};
     if ( !$subscribe_url ) {
@@ -223,13 +224,9 @@ sub _respond {
 }
 
 sub _decode_json_wrapper {
-    my ($self, $json) = @_;
+    state $check = compile($Invocant, Str);
+    my ($self, $json) = $check->(@_);
     my $result;
-    if ( !defined $json ) {
-        WARN( 'Missing JSON from ' . $self->tx->remote_address );
-        $self->_respond( 400 => 'Bad Request' );
-        return undef;
-    }
     my $ok = try {
         $result = decode_json($json);
     }
-- 
cgit v1.2.3-24-g4f1b


From 5c9bd3093ccd7c5922e5000a0b289eca15b27522 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 9 Aug 2018 11:36:08 -0400
Subject: remove more apache bits

---
 Bugzilla/Install/Filesystem.pm | 8 --------
 1 file changed, 8 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index f520d3d56..317152962 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -67,11 +67,6 @@ use constant HTTPD_ENV => qw(
     NYTPROF_DIR
 );
 
-sub HTTPD_ENV_CONF {
-    my @env = (ENV_KEYS, HTTPD_ENV);
-    return join( "\n", map { "PerlPassEnv " . $_ } @env ) . "\n";
-}
-
 ###############
 # Permissions #
 ###############
@@ -382,9 +377,6 @@ sub FILESYSTEM {
         "skins/yui3.css"          => { perms     => CGI_READ,
                                        overwrite => 1,
                                        contents  => $yui3_all_css },
-        "$confdir/env.conf"       => { perms     => CGI_READ,
-                                       overwrite => 1,
-                                       contents  => \&HTTPD_ENV_CONF },
     );
 
     # Because checksetup controls the creation of index.html separately
-- 
cgit v1.2.3-24-g4f1b


From d57aefa118802606ea7cc424aaa62173be9eec41 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 22 Aug 2018 10:33:25 -0400
Subject: add graphs to the path

---
 Bugzilla/Quantum/Static.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Quantum/Static.pm b/Bugzilla/Quantum/Static.pm
index d687873ab..c01f062a4 100644
--- a/Bugzilla/Quantum/Static.pm
+++ b/Bugzilla/Quantum/Static.pm
@@ -11,7 +11,7 @@ use Bugzilla::Constants qw(bz_locations);
 
 my $LEGACY_RE = qr{
     ^ (?:static/v[0-9]+\.[0-9]+/) ?
-    ( (?:extensions/[^/]+/web|(?:image|skin|j)s)/.+)
+    ( (?:extensions/[^/]+/web|(?:image|graph|skin|j)s)/.+)
     $
 }xs;
 
-- 
cgit v1.2.3-24-g4f1b