#!/usr/bonsaitools/bin/perl -w # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is the Bugzilla Bug Tracking System. # # The Initial Developer of the Original Code is Netscape Communications # Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): Terry Weissman # Stephan Niemz use diagnostics; use strict; require "CGI.pl"; ConnectToDatabase(); ################################################################################ # START Form Data Validation ################################################################################ # For security and correctness, validate the value of the "voteon" form variable. # Valid values are those containing a number that is the ID of an existing bug. if (defined $::FORM{'voteon'}) { $::FORM{'voteon'} =~ /^(\d+)$/; $::FORM{'voteon'} = $1 || 0; SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $::FORM{'voteon'}"); FetchSQLData() || DisplayError("You entered an invalid bug number to vote on.") && exit; } # For security and correctness, validate the value of the "bug_id" form variable. # Valid values are those containing a number that is the ID of an existing bug. if (defined $::FORM{'bug_id'}) { $::FORM{'bug_id'} =~ /^(\d+)$/; $::FORM{'bug_id'} = $1 || 0; SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $::FORM{'bug_id'}"); FetchSQLData() || DisplayError("You entered an invalid bug number.") && exit; } # For security and correctness, validate the value of the "userid" form variable. # Valid values are those containing a number that is the ID of an existing user. if (defined $::FORM{'user'}) { $::FORM{'user'} =~ /^(\d+)$/; $::FORM{'user'} = $1 || 0; SendSQL("SELECT userid FROM profiles WHERE userid = $::FORM{'user'}"); FetchSQLData() || DisplayError("You specified an invalid user number.") && exit; } ################################################################################ # END Form Data Validation ################################################################################ if (defined $::FORM{'voteon'} || (!defined $::FORM{'bug_id'} && !defined $::FORM{'user'})) { confirm_login(); $::FORM{'user'} = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'}); } print "Content-type: text/html\n\n"; if (defined $::FORM{'bug_id'}) { my $id = $::FORM{'bug_id'}; my $linkedid = qq{$id}; PutHeader("Show votes", "Show votes", "Bug $linkedid"); SendSQL("select profiles.login_name, votes.who, votes.count from votes, profiles where votes.bug_id = " . SqlQuote($id) . " and profiles.userid = votes.who"); print "\n"; print "\n"; my $sum = 0; while (MoreSQLData()) { my ($name, $userid, $count) = (FetchSQLData()); print qq{\n}; $sum += $count; } print "
WhoNumber of votes
$name$count
"; print "

Total votes: $sum

\n"; } elsif (defined $::FORM{'user'}) { quietly_check_login(); GetVersionTable(); my $who = $::FORM{'user'}; my $name = DBID_to_name($who); PutHeader("Show votes", "Show votes", $name); print qq{

\n}; print "\n"; SendSQL("lock tables bugs read, products read, votes write"); if (defined($::FORM{'voteon'})) { # Oh, boy, what a hack. Make sure there is an entry for this bug # in the vote table, just so that things display right. # Yuck yuck yuck.### SendSQL("select votes.count from votes where votes.bug_id = $::FORM{'voteon'} and votes.who = $who"); if (!MoreSQLData()) { SendSQL("insert into votes (who, bug_id, count) values ($who, $::FORM{'voteon'}, 0)"); } } my $canedit = (defined $::COOKIE{'Bugzilla_login'} && $::COOKIE{'Bugzilla_login'} eq $name); my %maxvotesperbug; if( $canedit ) { SendSQL("SELECT products.product, products.maxvotesperbug FROM products"); while (MoreSQLData()) { my ($prod, $max) = (FetchSQLData()); $maxvotesperbug{$prod}= $max; } } foreach my $product (sort(keys(%::prodmaxvotes))) { if ($::prodmaxvotes{$product} <= 0) { next; } my $qprod = value_quote($product); SendSQL("select votes.bug_id, votes.count, bugs.short_desc, bugs.bug_status from votes, bugs where votes.who = $who and votes.bug_id = bugs.bug_id and bugs.product = " . SqlQuote($product) . "order by votes.bug_id"); next if !MoreSQLData(); # don't show products without any votes my $sum = 0; print ""; while (MoreSQLData()) { my ($id, $count, $summary, $status) = (FetchSQLData()); if (!defined $status) { next; } my $opened = IsOpenedState($status); my $strike = $opened ? "" : ""; my $endstrike = $opened ? "" : ""; $summary = html_quote($summary); $sum += $count; if ($canedit) { my $min = $maxvotesperbug{$product}; # minimum of these two $min = $::prodmaxvotes{$product} if $::prodmaxvotes{$product} < $min; if( $min < 2 ) { # checkbox my $checked = $count ? ' checked' : ''; $count = qq{}; }else { # normal input $count = qq{}; } } print qq{ }; } my $plural = (($sum == 1) ? "" : "s"); print "\n"; } print "
Bug \#SummaryVotes
$product
$strike$id$endstrike $summary $count
$sum vote$plural used out of\n"; print "$::prodmaxvotes{$product} allowed.
\n"; if ($canedit) { print qq{\n}; print "
To change your votes, type in new numbers (using zero to\n"; print "mean no votes) or change the checkbox, and then click Submit.\n"; } print ""; print "
\n"; SendSQL("delete from votes where count <= 0"); SendSQL("unlock tables"); } print qq{Help! I don't understand this voting stuff}; PutFooter();