#!/usr/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Bugzilla Bug Tracking System. # # The Initial Developer of the Original Code is Netscape Communications # Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): Terry Weissman # Dan Mosedale # Joe Robins # Gervase Markham # Marc Schumann use strict; use lib qw(.); use Bugzilla; use Bugzilla::Attachment; use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Bug; use Bugzilla::User; use Bugzilla::Field; use Bugzilla::Product; use Bugzilla::Component; use Bugzilla::Keyword; use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; ###################################################################### # Subroutines ###################################################################### # Determines whether or not a group is active by checking # the "isactive" column for the group in the "groups" table. # Note: This function selects groups by id rather than by name. sub GroupIsActive { my ($group_id) = @_; $group_id ||= 0; detaint_natural($group_id); my ($is_active) = Bugzilla->dbh->selectrow_array( "SELECT isactive FROM groups WHERE id = ?", undef, $group_id); return $is_active; } ###################################################################### # Main Script ###################################################################### # Detect if the user already used the same form to submit a bug my $token = trim($cgi->param('token')); if ($token) { my ($creator_id, $date, $old_bug_id) = Bugzilla::Token::GetTokenData($token); unless ($creator_id && ($creator_id == $user->id) && ($old_bug_id =~ "^createbug:")) { # The token is invalid. ThrowUserError('token_inexistent'); } $old_bug_id =~ s/^createbug://; if ($old_bug_id && (!$cgi->param('ignore_token') || ($cgi->param('ignore_token') != $old_bug_id))) { $vars->{'bugid'} = $old_bug_id; $vars->{'allow_override'} = defined $cgi->param('ignore_token') ? 0 : 1; print $cgi->header(); $template->process("bug/create/confirm-create-dupe.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } } # do a match on the fields if applicable &Bugzilla::User::match_field ($cgi, { 'cc' => { 'type' => 'multi' }, 'assigned_to' => { 'type' => 'single' }, 'qa_contact' => { 'type' => 'single' }, }); # The format of the initial comment can be structured by adding fields to the # enter_bug template and then referencing them in the comment template. my $comment; my $format = $template->get_format("bug/create/comment", scalar($cgi->param('format')), "txt"); $template->process($format->{'template'}, $vars, \$comment) || ThrowTemplateError($template->error()); ValidateComment($comment); # Check that the product exists and that the user # is allowed to enter bugs into this product. $user->can_enter_product(scalar $cgi->param('product'), 1); my $product = Bugzilla::Product::check_product(scalar $cgi->param('product')); # Set cookies if (defined $cgi->param('product')) { if (defined $cgi->param('version')) { $cgi->send_cookie(-name => "VERSION-" . $product->name, -value => $cgi->param('version'), -expires => "Fri, 01-Jan-2038 00:00:00 GMT"); } } if (defined $cgi->param('maketemplate')) { $vars->{'url'} = $cgi->query_string(); $vars->{'short_desc'} = $cgi->param('short_desc'); print $cgi->header(); $template->process("bug/create/make-template.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } umask 0; # Some sanity checking $cgi->param('component') || ThrowUserError("require_component"); my $component = Bugzilla::Component::check_component($product, scalar $cgi->param('component')); # Set the parameter to itself, but cleaned up $cgi->param('short_desc', clean_text($cgi->param('short_desc'))); if (!defined $cgi->param('short_desc') || $cgi->param('short_desc') eq "") { ThrowUserError("require_summary"); } # Check that if required a description has been provided # This has to go somewhere after 'maketemplate' # or it breaks bookmarks with no comments. if (Bugzilla->params->{"commentoncreate"} && !trim($cgi->param('comment'))) { ThrowUserError("description_required"); } # If bug_file_loc is "http://", the default, use an empty value instead. $cgi->param('bug_file_loc', '') if $cgi->param('bug_file_loc') eq 'http://'; # Default assignee is the component owner. if (!UserInGroup("editbugs") || $cgi->param('assigned_to') eq "") { $cgi->param(-name => 'assigned_to', -value => $component->default_assignee->id); } else { $cgi->param(-name => 'assigned_to', -value => login_to_id(trim($cgi->param('assigned_to')), THROW_ERROR)); } my @enter_bug_field_names = map {$_->name} Bugzilla->get_fields({ custom => 1, obsolete => 0, enter_bug => 1}); my @bug_fields = ("version", "rep_platform", "bug_severity", "priority", "op_sys", "assigned_to", "bug_status", "everconfirmed", "bug_file_loc", "short_desc", "target_milestone", "status_whiteboard", @enter_bug_field_names); if (Bugzilla->params->{"usebugaliases"}) { my $alias = trim($cgi->param('alias') || ""); if ($alias ne "") { ValidateBugAlias($alias); $cgi->param('alias', $alias); push (@bug_fields,"alias"); } } # Retrieve the default QA contact if the field is empty if (Bugzilla->params->{"useqacontact"}) { my $qa_contact; if (!UserInGroup("editbugs") || !defined $cgi->param('qa_contact') || trim($cgi->param('qa_contact')) eq "") { $qa_contact = $component->default_qa_contact->id; } else { $qa_contact = login_to_id(trim($cgi->param('qa_contact')), THROW_ERROR); } if ($qa_contact) { $cgi->param(-name => 'qa_contact', -value => $qa_contact); push(@bug_fields, "qa_contact"); } } # Check the bug status. # This order is important, see below. my @valid_statuses = ('UNCONFIRMED', 'NEW', 'ASSIGNED'); my $bug_status = 'UNCONFIRMED'; if ($user->in_group('editbugs') || $user->in_group('canconfirm')) { # Default to NEW if the user with privs hasn't selected another status. $bug_status = scalar($cgi->param('bug_status')) || 'NEW'; } elsif (!$product->votes_to_confirm) { $bug_status = 'NEW'; } $cgi->param(-name => 'bug_status', -value => $bug_status); # Reject 'UNCONFIRMED' as a valid status if the product # doesn't require votes to confirm its bugs. shift @valid_statuses if !$product->votes_to_confirm; if (!defined $cgi->param('target_milestone')) { $cgi->param(-name => 'target_milestone', -value => $product->default_milestone); } if (!Bugzilla->params->{'letsubmitterchoosepriority'}) { $cgi->param(-name => 'priority', -value => Bugzilla->params->{'defaultpriority'}); } # Some more sanity checking check_field('rep_platform', scalar $cgi->param('rep_platform')); check_field('bug_severity', scalar $cgi->param('bug_severity')); check_field('priority', scalar $cgi->param('priority')); check_field('op_sys', scalar $cgi->param('op_sys')); check_field('bug_status', scalar $cgi->param('bug_status'), \@valid_statuses); check_field('version', scalar $cgi->param('version'), [map($_->name, @{$product->versions})]); check_field('target_milestone', scalar $cgi->param('target_milestone'), [map($_->name, @{$product->milestones})]); foreach my $field_name ('assigned_to', 'bug_file_loc', 'comment') { defined($cgi->param($field_name)) || ThrowCodeError('undefined_field', { field => $field_name }); } my $everconfirmed = ($cgi->param('bug_status') eq 'UNCONFIRMED') ? 0 : 1; $cgi->param(-name => 'everconfirmed', -value => $everconfirmed); my @used_fields; foreach my $field (@bug_fields) { if (defined $cgi->param($field)) { push (@used_fields, $field); } } $cgi->param(-name => 'product_id', -value => $product->id); push(@used_fields, "product_id"); $cgi->param(-name => 'component_id', -value => $component->id); push(@used_fields, "component_id"); my %ccids; # Create the ccid hash for inserting into the db # use a hash rather than a list to avoid adding users twice if (defined $cgi->param('cc')) { foreach my $person ($cgi->param('cc')) { next unless $person; my $ccid = login_to_id($person, THROW_ERROR); if ($ccid && !$ccids{$ccid}) { $ccids{$ccid} = 1; } } } # Check for valid keywords and create list of keywords to be added to db # (validity routine copied from process_bug.cgi) my @keywordlist; my %keywordseen; if ($cgi->param('keywords') && UserInGroup("editbugs")) { foreach my $keyword (split(/[\s,]+/, $cgi->param('keywords'))) { if ($keyword eq '') { next; } my $keyword_obj = new Bugzilla::Keyword({name => $keyword}); if (!$keyword_obj) { ThrowUserError("unknown_keyword", { keyword => $keyword }); } if (!$keywordseen{$keyword_obj->id}) { push(@keywordlist, $keyword_obj->id); $keywordseen{$keyword_obj->id} = 1; } } } if (Bugzilla->params->{"strict_isolation"}) { my @blocked_users = (); my %related_users = %ccids; $related_users{$cgi->param('assigned_to')} = 1; if (Bugzilla->params->{'useqacontact'} && $cgi->param('qa_contact')) { $related_users{$cgi->param('qa_contact')} = 1; } foreach my $pid (keys %related_users) { my $related_user = Bugzilla::User->new($pid); if (!$related_user->can_edit_product($product->id)) { push (@blocked_users, $related_user->login); } } if (scalar(@blocked_users)) { ThrowUserError("invalid_user_group", {'users' => \@blocked_users, 'new' => 1, 'product' => $product->name }); } } # Check for valid dependency info. foreach my $field ("dependson", "blocked") { if (UserInGroup("editbugs") && $cgi->param($field)) { my @validvalues; foreach my $id (split(/[\s,]+/, $cgi->param($field))) { next unless $id; # $field is not passed to ValidateBugID to prevent adding new # dependencies on inaccessible bugs. ValidateBugID($id); push(@validvalues, $id); } $cgi->param(-name => $field, -value => join(",", @validvalues)); } } # Gather the dependency list, and make sure there are no circular refs my %deps; if (UserInGroup("editbugs")) { %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')), scalar($cgi->param('blocked'))); } # get current time my $timestamp = $dbh->selectrow_array(q{SELECT NOW()}); # Build up SQL string to add bug. # creation_ts will only be set when all other fields are defined. my @fields_values; foreach my $field (@used_fields) { my $value = $cgi->param($field); trick_taint($value); push (@fields_values, $value); } my $sql_used_fields = join(", ", @used_fields); my $sql_placeholders = "?, " x scalar(@used_fields); my $query = qq{INSERT INTO bugs ($sql_used_fields, reporter, delta_ts, estimated_time, remaining_time, deadline) VALUES ($sql_placeholders ?, ?, ?, ?, ?)}; $comment =~ s/\r\n?/\n/g; # Get rid of \r. $comment = trim($comment); # If comment is all whitespace, it'll be null at this point. That's # OK except for the fact that it causes e-mail to be suppressed. $comment = $comment ? $comment : " "; push (@fields_values, $user->id); push (@fields_values, $timestamp); my $est_time = 0; my $deadline; # Time Tracking if (UserInGroup(Bugzilla->params->{"timetrackinggroup"}) && defined $cgi->param('estimated_time')) { $est_time = $cgi->param('estimated_time'); Bugzilla::Bug::ValidateTime($est_time, 'estimated_time'); trick_taint($est_time); } push (@fields_values, $est_time, $est_time); if ( UserInGroup(Bugzilla->params->{"timetrackinggroup"}) && $cgi->param('deadline') ) { validate_date($cgi->param('deadline')) || ThrowUserError('illegal_date', {date => $cgi->param('deadline'), format => 'YYYY-MM-DD'}); $deadline = $cgi->param('deadline'); trick_taint($deadline); } push (@fields_values, $deadline); # Groups my @groupstoadd = (); my $sth_othercontrol = $dbh->prepare(q{SELECT othercontrol FROM group_control_map WHERE group_id = ? AND product_id = ?}); foreach my $b (grep(/^bit-\d*$/, $cgi->param())) { if ($cgi->param($b)) { my $v = substr($b, 4); detaint_natural($v) || ThrowUserError("invalid_group_ID"); if (!GroupIsActive($v)) { # Prevent the user from adding the bug to an inactive group. # Should only happen if there is a bug in Bugzilla or the user # hacked the "enter bug" form since otherwise the UI # for adding the bug to the group won't appear on that form. $vars->{'bit'} = $v; ThrowCodeError("inactive_group"); } my ($permit) = $user->in_group_id($v); if (!$permit) { my $othercontrol = $dbh->selectrow_array($sth_othercontrol, undef, ($v, $product->id)); $permit = (($othercontrol == CONTROLMAPSHOWN) || ($othercontrol == CONTROLMAPDEFAULT)); } if ($permit) { push(@groupstoadd, $v) } } } my $groups = $dbh->selectall_arrayref(q{ SELECT DISTINCT groups.id, groups.name, membercontrol, othercontrol, description FROM groups LEFT JOIN group_control_map ON group_id = id AND product_id = ? WHERE isbuggroup != 0 AND isactive != 0 ORDER BY description}, undef, $product->id); foreach my $group (@$groups) { my ($id, $groupname, $membercontrol, $othercontrol) = @$group; $membercontrol ||= 0; $othercontrol ||= 0; # Add groups required if (($membercontrol == CONTROLMAPMANDATORY) || (($othercontrol == CONTROLMAPMANDATORY) && (!UserInGroup($groupname)))) { # User had no option, bug needs to be in this group. push(@groupstoadd, $id) } } # Add the bug report to the DB. $dbh->bz_lock_tables('bugs WRITE', 'bug_group_map WRITE', 'longdescs WRITE', 'cc WRITE', 'keywords WRITE', 'dependencies WRITE', 'bugs_activity WRITE', 'groups READ', 'user_group_map READ', 'group_group_map READ', 'keyworddefs READ', 'fielddefs READ'); $dbh->do($query, undef, @fields_values); # Get the bug ID back. my $id = $dbh->bz_last_key('bugs', 'bug_id'); # Add the group restrictions my $sth_addgroup = $dbh->prepare(q{ INSERT INTO bug_group_map (bug_id, group_id) VALUES (?, ?)}); foreach my $grouptoadd (@groupstoadd) { $sth_addgroup->execute($id, $grouptoadd); } # Add the initial comment, allowing for the fact that it may be private my $privacy = 0; if (Bugzilla->params->{"insidergroup"} && UserInGroup(Bugzilla->params->{"insidergroup"})) { $privacy = $cgi->param('commentprivacy') ? 1 : 0; } trick_taint($comment); $dbh->do(q{INSERT INTO longdescs (bug_id, who, bug_when, thetext,isprivate) VALUES (?, ?, ?, ?, ?)}, undef, ($id, $user->id, $timestamp, $comment, $privacy)); # Insert the cclist into the database my $sth_cclist = $dbh->prepare(q{INSERT INTO cc (bug_id, who) VALUES (?,?)}); foreach my $ccid (keys(%ccids)) { $sth_cclist->execute($id, $ccid); } my @all_deps; my $sth_addkeyword = $dbh->prepare(q{ INSERT INTO keywords (bug_id, keywordid) VALUES (?, ?)}); if (UserInGroup("editbugs")) { foreach my $keyword (@keywordlist) { $sth_addkeyword->execute($id, $keyword); } if (@keywordlist) { # Make sure that we have the correct case for the kw my $kw_ids = join(', ', @keywordlist); my $list = $dbh->selectcol_arrayref(qq{ SELECT name FROM keyworddefs WHERE id IN ($kw_ids) ORDER BY name}); my $kw_list = join(', ', @$list); $dbh->do(q{UPDATE bugs SET delta_ts = ?, keywords = ? WHERE bug_id = ?}, undef, ($timestamp, $kw_list, $id)); } if ($cgi->param('dependson') || $cgi->param('blocked')) { foreach my $pair (["blocked", "dependson"], ["dependson", "blocked"]) { my ($me, $target) = @{$pair}; my $sth_dep = $dbh->prepare(qq{ INSERT INTO dependencies ($me, $target) VALUES (?, ?)}); foreach my $i (@{$deps{$target}}) { $sth_dep->execute($id, $i); push(@all_deps, $i); # list for mailing dependent bugs # Log the activity for the other bug: LogActivityEntry($i, $me, "", $id, $user->id, $timestamp); } } } } # All fields related to the newly created bug are set. # The bug can now be made accessible. $dbh->do("UPDATE bugs SET creation_ts = ? WHERE bug_id = ?", undef, ($timestamp, $id)); $dbh->bz_unlock_tables(); my $bug = new Bugzilla::Bug($id, $user->id); # Add an attachment if requested. if (defined($cgi->upload('data')) || $cgi->param('attachurl')) { $cgi->param('isprivate', $cgi->param('commentprivacy')); Bugzilla::Attachment->insert_attachment_for_bug(!THROW_ERROR, $bug, $user, $timestamp, \$vars) || ($vars->{'message'} = 'attachment_creation_failed'); # Determine if Patch Viewer is installed, for Diff link eval { require PatchReader; $vars->{'patchviewerinstalled'} = 1; }; } # Add flags, if any. To avoid dying if something goes wrong # while processing flags, we will eval() flag validation. # This requires to be in batch mode. # XXX: this can go away as soon as flag validation is able to # fail without dying. Bugzilla->batch(1); eval { # Make sure no flags have already been set for this bug. # Impossible? - Well, depends if you hack the URL or not. # Passing a bug ID of 0 will make it complain if it finds one. Bugzilla::Flag::validate($cgi, 0); Bugzilla::FlagType::validate($cgi, $id); Bugzilla::Flag::process($bug, undef, $timestamp, $cgi); }; Bugzilla->batch(0); if ($@) { $vars->{'message'} = 'flag_creation_failed'; $vars->{'flag_creation_error'} = $@; } # Email everyone the details of the new bug $vars->{'mailrecipients'} = {'changer' => $user->login}; $vars->{'id'} = $id; $vars->{'bug'} = $bug; ThrowCodeError("bug_error", { bug => $bug }) if $bug->error; $vars->{'sentmail'} = []; push (@{$vars->{'sentmail'}}, { type => 'created', id => $id, }); foreach my $i (@all_deps) { push (@{$vars->{'sentmail'}}, { type => 'dep', id => $i, }); } my @bug_list; if ($cgi->cookie("BUGLIST")) { @bug_list = split(/:/, $cgi->cookie("BUGLIST")); } $vars->{'bug_list'} = \@bug_list; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); if ($token) { trick_taint($token); $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, ("createbug:$id", $token)); } print $cgi->header(); $template->process("bug/create/created.html.tmpl", $vars) || ThrowTemplateError($template->error());