#!/usr/bin/perl -T # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # # This Source Code Form is "Incompatible With Secondary Licenses", as # defined by the Mozilla Public License, v. 2.0. use 5.14.0; use strict; use warnings; use lib qw(. lib local/lib/perl5); use File::Temp; use Bugzilla; use Bugzilla::Constants; use Bugzilla::Install::Filesystem; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Bug; use Bugzilla::Status; my $user = Bugzilla->login(); my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; my $vars = {}; # Connect to the shadow database if this installation is using one to improve # performance. my $dbh = Bugzilla->switch_to_shadow_db(); our (%seen, %edgesdone, %bugtitles); our $bug_count = 0; # CreateImagemap: This sub grabs a local filename as a parameter, reads the # dot-generated image map datafile residing in that file and turns it into # an HTML map element. THIS SUB IS ONLY USED FOR LOCAL DOT INSTALLATIONS. # The map datafile won't necessarily contain the bug summaries, so we'll # pull possible HTML titles from the %bugtitles hash (filled elsewhere # in the code) # The dot mapdata lines have the following format (\nsummary is optional): # rectangle (LEFTX,TOPY) (RIGHTX,BOTTOMY) URLBASE/show_bug.cgi?id=BUGNUM BUGNUM[\nSUMMARY] sub CreateImagemap { my $mapfilename = shift; my $map = "\n"; my $default = ""; open MAP, "<", $mapfilename; while(my $line = ) { if($line =~ /^default ([^ ]*)(.*)$/) { $default = qq{\n}; } if ($line =~ /^rectangle \((.*),(.*)\) \((.*),(.*)\) (http[^ ]*) (\d+)(\\n.*)?$/) { my ($leftx, $rightx, $topy, $bottomy, $url, $bugid) = ($1, $3, $2, $4, $5, $6); # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. my $bugtitle = $bugtitles{$bugid}; $map .= qq{bug $bugid\n}; } } close MAP; $map .= "$default"; return $map; } sub AddLink { my ($blocked, $dependson, $fh) = (@_); my $key = "$blocked,$dependson"; if (!exists $edgesdone{$key}) { $edgesdone{$key} = 1; print $fh "$dependson -> $blocked\n"; $bug_count++; $seen{$blocked} = 1; $seen{$dependson} = 1; } } ThrowUserError("missing_bug_id") unless $cgi->param('id'); # The list of valid directions. Some are not proposed in the dropdrown # menu despite the fact that they are valid. my @valid_rankdirs = ('LR', 'RL', 'TB', 'BT'); my $rankdir = $cgi->param('rankdir') || 'TB'; # Make sure the submitted 'rankdir' value is valid. if (!grep { $_ eq $rankdir } @valid_rankdirs) { $rankdir = 'TB'; } my $display = $cgi->param('display') || 'tree'; my $webdotdir = bz_locations()->{'webdotdir'}; my ($fh, $filename) = File::Temp::tempfile("XXXXXXXXXX", SUFFIX => '.dot', DIR => $webdotdir, UNLINK => 1); chmod Bugzilla::Install::Filesystem::CGI_WRITE, $filename or warn install_string('chmod_failed', { path => $filename, error => $! }); my $urlbase = correct_urlbase(); print $fh "digraph G {"; print $fh qq( graph [URL="${urlbase}query.cgi", rankdir=$rankdir] node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey] ); my %baselist; foreach my $i (split('[\s,]+', $cgi->param('id'))) { my $bug = Bugzilla::Bug->check($i); $baselist{$bug->id} = 1; } my @stack = keys(%baselist); if ($display eq 'web') { my $sth = $dbh->prepare(q{SELECT blocked, dependson FROM dependencies WHERE blocked = ? OR dependson = ?}); foreach my $id (@stack) { my $dependencies = $dbh->selectall_arrayref($sth, undef, ($id, $id)); foreach my $dependency (@$dependencies) { my ($blocked, $dependson) = @$dependency; if ($blocked != $id && !exists $seen{$blocked}) { push @stack, $blocked; } if ($dependson != $id && !exists $seen{$dependson}) { push @stack, $dependson; } AddLink($blocked, $dependson, $fh); } } } # This is the default: a tree instead of a spider web. else { my @blocker_stack = @stack; my $hide_resolved = $cgi->param('hide_resolved'); foreach my $id (@blocker_stack) { my $blocker_ids = Bugzilla::Bug::EmitDependList('blocked', 'dependson', $id, $hide_resolved); foreach my $blocker_id (@$blocker_ids) { push(@blocker_stack, $blocker_id) unless $seen{$blocker_id}; AddLink($id, $blocker_id, $fh); } } my @dependent_stack = @stack; foreach my $id (@dependent_stack) { my $dep_bug_ids = Bugzilla::Bug::EmitDependList('dependson', 'blocked', $id, $hide_resolved); foreach my $dep_bug_id (@$dep_bug_ids) { push(@dependent_stack, $dep_bug_id) unless $seen{$dep_bug_id}; AddLink($dep_bug_id, $id, $fh); } } } foreach my $k (keys(%baselist)) { $seen{$k} = 1; } my $sth = $dbh->prepare( q{SELECT bug_status, resolution, short_desc FROM bugs WHERE bugs.bug_id = ?}); my @bug_ids = keys %seen; $user->visible_bugs(\@bug_ids); foreach my $k (@bug_ids) { # Retrieve bug information from the database my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k); $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); # The bug summary is shown only if the user can see the bug. if ($user->can_see_bug($k)) { $summary = html_quote(clean_text($summary)); } else { $summary = ''; } my @params; if ($summary ne "" && $cgi->param('showsummary')) { # Wide characters cause GraphViz to die. utf8::encode($summary) if utf8::is_utf8($summary); $summary = wrap_comment($summary); $summary =~ s/([\\\"])/\\$1/g; # Newlines must be escaped too, to not break the .map file # and to prevent code injection. $summary =~ s/\n/\\n/g; push(@params, qq{label="$k\\n$summary"}); } if (exists $baselist{$k}) { push(@params, "shape=box"); } if (is_open_state($stat)) { push(@params, "color=green"); } if (@params) { print $fh "$k [" . join(',', @params) . "]\n"; } else { print $fh "$k\n"; } # Push the bug tooltip texts into a global hash so that # CreateImagemap sub (used with local dot installations) can # use them later on. my $stat_display = display_value('bug_status', $stat); my $resolution_display = display_value('resolution', $resolution); $bugtitles{$k} = trim("$stat_display $resolution_display"); # Show the bug summary in tooltips only if not shown on # the graph and it is non-empty (the user can see the bug) if (!$cgi->param('showsummary') && $summary ne "") { $bugtitles{$k} .= " - $summary"; } } print $fh "}\n"; close $fh; if ($bug_count > MAX_WEBDOT_BUGS) { unlink($filename); ThrowUserError("webdot_too_large"); } my $webdotbase = Bugzilla->localconfig->{'webdotbase'}; if ($webdotbase =~ /^https?:/) { # Remote dot server. We don't hardcode 'urlbase' here in case # 'sslbase' is in use. $webdotbase =~ s/%([a-z]*)%/Bugzilla->params->{$1}/eg; my $url = $webdotbase . $filename; $vars->{'image_url'} = $url . ".gif"; $vars->{'map_url'} = $url . ".map"; } else { # Local dot installation # First, generate the png image file from the .dot source my ($pngfh, $pngfilename) = File::Temp::tempfile("XXXXXXXXXX", SUFFIX => '.png', DIR => $webdotdir); chmod Bugzilla::Install::Filesystem::WS_SERVE, $pngfilename or warn install_string('chmod_failed', { path => $pngfilename, error => $! }); binmode $pngfh; open(DOT, '-|', "\"$webdotbase\" -Tpng $filename"); binmode DOT; print $pngfh $_ while ; close DOT; close $pngfh; # On Windows $pngfilename will contain \ instead of / $pngfilename =~ s|\\|/|g if ON_WINDOWS; # Under mod_perl, pngfilename will have an absolute path, and we # need to make that into a relative path. my $cgi_root = bz_locations()->{cgi_path}; $pngfilename =~ s#^\Q$cgi_root\E/?##; $vars->{'image_url'} = $pngfilename; # Then, generate a imagemap datafile that contains the corner data # for drawn bug objects. Pass it on to CreateImagemap that # turns this monster into html. my ($mapfh, $mapfilename) = File::Temp::tempfile("XXXXXXXXXX", SUFFIX => '.map', DIR => $webdotdir); chmod Bugzilla::Install::Filesystem::WS_SERVE, $mapfilename or warn install_string('chmod_failed', { path => $mapfilename, error => $! }); binmode $mapfh; open(DOT, '-|', "\"$webdotbase\" -Tismap $filename"); binmode DOT; print $mapfh $_ while ; close DOT; close $mapfh; $vars->{'image_map'} = CreateImagemap($mapfilename); } # Cleanup any old .dot files created from previous runs. my $since = time() - 24 * 60 * 60; # Can't use glob, since even calling that fails taint checks for perl < 5.6 opendir(DIR, $webdotdir); my @files = grep { /\.dot$|\.png$|\.map$/ && -f "$webdotdir/$_" } readdir(DIR); closedir DIR; foreach my $f (@files) { $f = "$webdotdir/$f"; # Here we are deleting all old files. All entries are from the # $webdot directory. Since we're deleting the file (not following # symlinks), this can't escape to delete anything it shouldn't # (unless someone moves the location of $webdotdir, of course) trick_taint($f); my $mtime = (stat($f))[9]; if ($mtime && $mtime < $since) { unlink $f; } } # Make sure we only include valid integers (protects us from XSS attacks). my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id'))); $vars->{'bug_id'} = join(', ', @bugs); $vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/); $vars->{'display'} = $display; $vars->{'rankdir'} = $rankdir; $vars->{'showsummary'} = $cgi->param('showsummary'); $vars->{'hide_resolved'} = $cgi->param('hide_resolved'); # Generate and return the UI (HTML page) from the appropriate template. print $cgi->header(); $template->process("bug/dependency-graph.html.tmpl", $vars) || ThrowTemplateError($template->error());