Commit 5883d001 authored by Per Cederqvist's avatar Per Cederqvist

Imported Bugzilla 4.2.3.

parent b38e63dd
No preview for this file type
# Don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
<FilesMatch (\.pm|\.pl|\.tmpl|localconfig.*)$>
deny from all
</FilesMatch>
<IfModule mod_expires.c>
......
......@@ -41,6 +41,7 @@ use Bugzilla::User;
use Bugzilla::Util;
use Net::LDAP;
use Net::LDAP::Util qw(escape_filter_value);
use constant admin_can_create_account => 0;
use constant user_can_create_account => 0;
......@@ -144,6 +145,7 @@ sub check_credentials {
sub _bz_search_params {
my ($username) = @_;
$username = escape_filter_value($username);
return (base => Bugzilla->params->{"LDAPBaseDN"},
scope => "sub",
filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"}
......
......@@ -169,6 +169,16 @@ sub clean_search_url {
# Delete leftovers from the login form
$self->delete('Bugzilla_remember', 'GoAheadAndLogIn');
# Delete the token if we're not performing an action which needs it
unless ((defined $self->param('remtype')
&& ($self->param('remtype') eq 'asdefault'
|| $self->param('remtype') eq 'asnamed'))
|| (defined $self->param('remaction')
&& $self->param('remaction') eq 'forget'))
{
$self->delete("token");
}
foreach my $num (1,2,3) {
# If there's no value in the email field, delete the related fields.
if (!$self->param("email$num")) {
......@@ -353,7 +363,7 @@ sub param {
sub _fix_utf8 {
my $input = shift;
# The is_utf8 is here in case CGI gets smart about utf8 someday.
utf8::decode($input) if defined $input && !utf8::is_utf8($input);
utf8::decode($input) if defined $input && !ref $input && !utf8::is_utf8($input);
return $input;
}
......
......@@ -202,7 +202,7 @@ use Memoize;
# CONSTANTS
#
# Bugzilla version
use constant BUGZILLA_VERSION => "4.2.2";
use constant BUGZILLA_VERSION => "4.2.3";
# Location of the remote and local XML files to track new releases.
use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
......
......@@ -310,8 +310,9 @@ sub adjust_statement {
my $has_from = ($part =~ m/\bFROM\b/io) if $is_select;
# Oracle recognizes CURRENT_DATE, but not CURRENT_DATE()
$part =~ s/\bCURRENT_DATE\b\(\)/CURRENT_DATE/io;
# and its CURRENT_DATE is a date+time, so wrap in TRUNC()
$part =~ s/\bCURRENT_DATE\b(?:\(\))?/TRUNC(CURRENT_DATE)/io;
# Oracle use SUBSTR instead of SUBSTRING
$part =~ s/\bSUBSTRING\b/SUBSTR/io;
......@@ -341,7 +342,8 @@ sub adjust_statement {
if ($is_select and !$has_from);
# Oracle recognizes CURRENT_DATE, but not CURRENT_DATE()
$nonstring =~ s/\bCURRENT_DATE\b\(\)/CURRENT_DATE/io;
# and its CURRENT_DATE is a date+time, so wrap in TRUNC()
$nonstring =~ s/\bCURRENT_DATE\b(?:\(\))?/TRUNC(CURRENT_DATE)/io;
# Oracle use SUBSTR instead of SUBSTRING
$nonstring =~ s/\bSUBSTRING\b/SUBSTR/io;
......@@ -635,11 +637,25 @@ sub bz_setup_database {
$self->SUPER::bz_setup_database(@_);
my $sth = $self->prepare("SELECT OBJECT_NAME FROM USER_OBJECTS WHERE OBJECT_NAME = ?");
my @tables = $self->bz_table_list_real();
foreach my $table (@tables) {
my @columns = $self->bz_table_columns_real($table);
foreach my $column (@columns) {
my $def = $self->bz_column_info($table, $column);
# bz_add_column() before Bugzilla 4.2.3 didn't handle primary keys
# correctly (bug 731156). We have to add missing sequences and
# triggers ourselves.
if ($def->{TYPE} =~ /SERIAL/i) {
my $sequence = "${table}_${column}_SEQ";
my $exists = $self->selectrow_array($sth, undef, $sequence);
if (!$exists) {
my @sql = $self->_get_create_seq_ddl($table, $column);
$self->do($_) foreach @sql;
}
}
if ($def->{REFERENCES}) {
my $references = $def->{REFERENCES};
my $update = $references->{UPDATE} || 'CASCADE';
......@@ -653,15 +669,13 @@ sub bz_setup_database {
$to_table = 'tag';
}
if ( $update =~ /CASCADE/i ){
my $trigger_name = uc($fk_name . "_UC");
my $exist_trigger = $self->selectcol_arrayref(
"SELECT OBJECT_NAME FROM USER_OBJECTS
WHERE OBJECT_NAME = ?", undef, $trigger_name);
my $trigger_name = uc($fk_name . "_UC");
my $exist_trigger = $self->selectcol_arrayref($sth, undef, $trigger_name);
if(@$exist_trigger) {
$self->do("DROP TRIGGER $trigger_name");
}
my $tr_str = "CREATE OR REPLACE TRIGGER $trigger_name"
my $tr_str = "CREATE OR REPLACE TRIGGER $trigger_name"
. " AFTER UPDATE OF $to_column ON $to_table "
. " REFERENCING "
. " NEW AS NEW "
......@@ -672,22 +686,46 @@ sub bz_setup_database {
. " SET $column = :NEW.$to_column"
. " WHERE $column = :OLD.$to_column;"
. " END $trigger_name;";
$self->do($tr_str);
}
}
}
}
$self->do($tr_str);
}
}
}
}
# Drop the trigger which causes bug 541553
my $trigger_name = "PRODUCTS_MILESTONEURL";
my $exist_trigger = $self->selectcol_arrayref(
"SELECT OBJECT_NAME FROM USER_OBJECTS
WHERE OBJECT_NAME = ?", undef, $trigger_name);
my $exist_trigger = $self->selectcol_arrayref($sth, undef, $trigger_name);
if(@$exist_trigger) {
$self->do("DROP TRIGGER $trigger_name");
}
}
# These two methods have been copied from Bugzilla::DB::Schema::Oracle.
sub _get_create_seq_ddl {
my ($self, $table, $column) = @_;
my $seq_name = "${table}_${column}_SEQ";
my $seq_sql = "CREATE SEQUENCE $seq_name INCREMENT BY 1 START WITH 1 " .
"NOMAXVALUE NOCYCLE NOCACHE";
my $trigger_sql = $self->_get_create_trigger_ddl($table, $column, $seq_name);
return ($seq_sql, $trigger_sql);
}
sub _get_create_trigger_ddl {
my ($self, $table, $column, $seq_name) = @_;
my $trigger_sql = "CREATE OR REPLACE TRIGGER ${table}_${column}_TR "
. " BEFORE INSERT ON $table "
. " FOR EACH ROW "
. " BEGIN "
. " SELECT ${seq_name}.NEXTVAL "
. " INTO :NEW.$column FROM DUAL; "
. " END;";
return $trigger_sql;
}
############################################################################
package Bugzilla::DB::Oracle::st;
use base qw(DBI::st);
......
......@@ -199,6 +199,31 @@ sub _get_fk_name {
return $fk_name;
}
sub get_add_column_ddl {
my $self = shift;
my ($table, $column, $definition, $init_value) = @_;
my @sql;
# Create sequences and triggers to emulate SERIAL datatypes.
if ($definition->{TYPE} =~ /SERIAL/i) {
# Clone the definition to not alter the original one.
my %def = %$definition;
# Oracle requires to define the column is several steps.
my $pk = delete $def{PRIMARYKEY};
my $notnull = delete $def{NOTNULL};
@sql = $self->SUPER::get_add_column_ddl($table, $column, \%def, $init_value);
push(@sql, $self->_get_create_seq_ddl($table, $column));
push(@sql, "UPDATE $table SET $column = ${table}_${column}_SEQ.NEXTVAL");
push(@sql, "ALTER TABLE $table MODIFY $column NOT NULL") if $notnull;
push(@sql, "ALTER TABLE $table ADD PRIMARY KEY ($column)") if $pk;
}
else {
@sql = $self->SUPER::get_add_column_ddl(@_);
}
return @sql;
}
sub get_alter_column_ddl {
my ($self, $table, $column, $new_def, $set_nulls_to) = @_;
......@@ -364,6 +389,29 @@ sub get_rename_column_ddl {
return @sql;
}
sub get_drop_column_ddl {
my $self = shift;
my ($table, $column) = @_;
my @sql;
push(@sql, $self->SUPER::get_drop_column_ddl(@_));
my $dbh=Bugzilla->dbh;
my $trigger_name = uc($table . "_" . $column);
my $exist_trigger = $dbh->selectcol_arrayref(
"SELECT OBJECT_NAME FROM USER_OBJECTS
WHERE OBJECT_NAME = ?", undef, $trigger_name);
if(@$exist_trigger) {
push(@sql, "DROP TRIGGER $trigger_name");
}
# If this column is of type SERIAL, we need to drop the sequence
# and trigger that went along with it.
my $def = $self->get_column_abstract($table, $column);
if ($def->{TYPE} =~ /SERIAL/i) {
push(@sql, "DROP SEQUENCE ${table}_${column}_SEQ");
push(@sql, "DROP TRIGGER ${table}_${column}_TR");
}
return @sql;
}
sub get_rename_table_sql {
my ($self, $old_name, $new_name) = @_;
if (lc($old_name) eq lc($new_name)) {
......@@ -465,20 +513,4 @@ sub get_set_serial_sql {
return @sql;
}
sub get_drop_column_ddl {
my $self = shift;
my ($table, $column) = @_;
my @sql;
push(@sql, $self->SUPER::get_drop_column_ddl(@_));
my $dbh=Bugzilla->dbh;
my $trigger_name = uc($table . "_" . $column);
my $exist_trigger = $dbh->selectcol_arrayref(
"SELECT OBJECT_NAME FROM USER_OBJECTS
WHERE OBJECT_NAME = ?", undef, $trigger_name);
if(@$exist_trigger) {
push(@sql, "DROP TRIGGER $trigger_name");
}
return @sql;
}
1;
......@@ -90,6 +90,16 @@ sub _initialize {
} #eosub--_initialize
#--------------------------------------------------------------------
sub get_create_database_sql {
my ($self, $name) = @_;
# We only create as utf8 if we have no params (meaning we're doing
# a new installation) or if the utf8 param is on.
my $create_utf8 = Bugzilla->params->{'utf8'}
|| !defined Bugzilla->params->{'utf8'};
my $charset = $create_utf8 ? "ENCODING 'UTF8' TEMPLATE template0" : '';
return ("CREATE DATABASE $name $charset");
}
sub get_rename_column_ddl {
my ($self, $table, $old_name, $new_name) = @_;
if (lc($old_name) eq lc($new_name)) {
......
......@@ -824,10 +824,19 @@ sub _add_extra_column {
# These are the columns that we're going to be actually SELECTing.
sub _display_columns {
my ($self) = @_;
# Do not alter the list specified here at all, even if they are duplicated.
# Those are passed by the caller, and the caller expects to get them back
# in the exact same order.
$self->{display_columns} ||= [$self->_input_columns, $self->_extra_columns];
return @{ $self->{display_columns} } if $self->{display_columns};
# Do not alter the list from _input_columns at all, even if there are
# duplicated columns. Those are passed by the caller, and the caller
# expects to get them back in the exact same order.
my @columns = $self->_input_columns;
# Only add columns which are not already listed.
my %list = map { $_ => 1 } @columns;
foreach my $column ($self->_extra_columns) {
push(@columns, $column) unless $list{$column}++;
}
$self->{display_columns} = \@columns;
return @{ $self->{display_columns} };
}
......@@ -2304,6 +2313,12 @@ sub _long_desc_changedbefore_after {
};
push(@$joins, $join);
$args->{term} = "$table.bug_when IS NOT NULL";
# If the user is not part of the insiders group, they cannot see
# private comments
if (!$self->_user->is_insider) {
$args->{term} .= " AND $table.isprivate = 0";
}
}
sub _content_matches {
......@@ -2786,8 +2801,10 @@ sub _changedbefore_changedafter {
extra => ["$table.fieldid = $field_id",
"$table.bug_when $sql_operator $sql_date"],
};
push(@$joins, $join);
$args->{term} = "$table.bug_when IS NOT NULL";
$self->_changed_security_check($args, $join);
push(@$joins, $join);
}
sub _changedfrom_changedto {
......@@ -2806,9 +2823,10 @@ sub _changedfrom_changedto {
extra => ["$table.fieldid = $field_id",
"$table.$column = $quoted"],
};
push(@$joins, $join);
$args->{term} = "$table.bug_when IS NOT NULL";
$self->_changed_security_check($args, $join);
push(@$joins, $join);
}
sub _changedby {
......@@ -2827,8 +2845,32 @@ sub _changedby {
extra => ["$table.fieldid = $field_id",
"$table.who = $user_id"],
};
push(@$joins, $join);
$args->{term} = "$table.bug_when IS NOT NULL";
$self->_changed_security_check($args, $join);
push(@$joins, $join);
}
sub _changed_security_check {
my ($self, $args, $join) = @_;
my ($chart_id, $field) = @$args{qw(chart_id field)};
my $field_object = $self->_chart_fields->{$field}
|| ThrowCodeError("invalid_field_name", { field => $field });
my $field_id = $field_object->id;
# If the user is not part of the insiders group, they cannot see
# changes to attachments (including attachment flags) that are private
if ($field =~ /^(?:flagtypes\.name$|attach)/ and !$self->_user->is_insider) {
$join->{then_to} = {
as => "attach_${field_id}_$chart_id",
table => 'attachments',
from => "act_${field_id}_$chart_id.attach_id",
to => 'attach_id',
};
$args->{term} .= " AND COALESCE(attach_${field_id}_$chart_id.isprivate, 0) = 0";
}
}
######################
......
......@@ -109,7 +109,7 @@ sub check {
if (!$search->shared_with_group
or !$user->in_group($search->shared_with_group))
{
ThrowUserError('missing_query', { queryname => $search->name,
ThrowUserError('missing_query', { name => $search->name,
sharer_id => $search->user->id });
}
......
......@@ -1528,6 +1528,8 @@ sub match_field {
my @logins;
for my $query (@queries) {
$query = trim($query);
next if $query eq '';
my $users = match(
$query, # match string
$limit, # match limit
......
......@@ -2198,8 +2198,9 @@ B<STABLE>
=item B<Description>
This allows you to create a new bug in Bugzilla. If you specify any
invalid fields, they will be ignored. If you specify any fields you
are not allowed to set, they will just be set to their defaults or ignored.
invalid fields, an error will be thrown stating which field is invalid.
If you specify any fields you are not allowed to set, they will just be
set to their defaults or ignored.
You cannot currently set all the items here that you can set on enter_bug.cgi.
......
......@@ -213,7 +213,7 @@ sub LookupNamedQuery {
Bugzilla->login(LOGIN_REQUIRED);
my $query = Bugzilla::Search::Saved->check(
{ user => $sharer_id, name => $name });
{ user => $sharer_id, name => $name, _error => 'missing_query' });
$query->url
|| ThrowUserError("buglist_parameters_required");
......@@ -465,6 +465,8 @@ elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
$user = Bugzilla->login(LOGIN_REQUIRED);
my $token = $cgi->param('token');
check_hash_token($token, ['searchknob']);
$buffer = $params->canonicalise_query('cmdtype', 'remtype',
'query_based_on', 'token');
InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
$vars->{'message'} = "buglist_new_default_query";
}
......@@ -1116,7 +1118,8 @@ else {
# Set 'urlquerypart' once the buglist ID is known.
$vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype',
'query_based_on');
'query_based_on',
'token');
if ($format->{'extension'} eq "csv") {
# We set CSV files to be downloaded, as they are designed for importing
......
......@@ -2,7 +2,7 @@
<HTML
><HEAD
><TITLE
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TITLE
><META
NAME="GENERATOR"
......@@ -43,7 +43,7 @@ CLASS="TITLEPAGE"
CLASS="title"
><A
NAME="AEN2"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</A
></H1
><H3
......@@ -51,7 +51,7 @@ CLASS="corpauthor"
>The Bugzilla Team</H3
><P
CLASS="pubdate"
>2012-07-26<BR></P
>2012-08-30<BR></P
><DIV
><DIV
CLASS="abstract"
......@@ -683,7 +683,7 @@ NAME="newversions"
>1.3. New Versions</A
></H2
><P
>&#13; This is the 4.2.2 version of The Bugzilla Guide. It is so named
>&#13; This is the 4.2.3 version of The Bugzilla Guide. It is so named
to match the current version of Bugzilla.
This version of the guide, like its associated Bugzilla version, is a
development version.
......
......@@ -7,11 +7,11 @@
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="NEXT"
......@@ -36,7 +36,7 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TH
></TR
><TR
......@@ -154,7 +154,7 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TD
><TD
WIDTH="34%"
......
......@@ -7,7 +7,7 @@
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="PREVIOUS"
......@@ -35,7 +35,7 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TH
></TR
><TR
......
......@@ -1526,7 +1526,7 @@ name="create"
><b>Description</b></a></dt>
<dd>
<p>This allows you to create a new bug in Bugzilla. If you specify any invalid fields, they will be ignored. If you specify any fields you are not allowed to set, they will just be set to their defaults or ignored.</p>
<p>This allows you to create a new bug in Bugzilla. If you specify any invalid fields, an error will be thrown stating which field is invalid. If you specify any fields you are not allowed to set, they will just be set to their defaults or ignored.</p>
<p>You cannot currently set all the items here that you can set on enter_bug.cgi.</p>
......
......@@ -2,13 +2,13 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Bugzilla 4.2.2 API Documentation</title>
<title>Bugzilla 4.2.3 API Documentation</title>
<link rel="stylesheet" title="style" type="text/css" href="./../../../style.css" media="all" >
</head>
<body class="contentspage">
<h1>Bugzilla 4.2.2 API Documentation</h1>
<h1>Bugzilla 4.2.3 API Documentation</h1>
<dl class='superindex'>
<dt><a name="Extensions">Extensions</a></dt>
<dd>
......
......@@ -7,7 +7,7 @@
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="UP"
......@@ -38,7 +38,7 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TH
></TR
><TR
......
......@@ -7,7 +7,7 @@
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="UP"
......@@ -38,7 +38,7 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TH
></TR
><TR
......
......@@ -7,7 +7,7 @@
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The Bugzilla Guide - 4.2.2
TITLE="The Bugzilla Guide - 4.2.3
Release"
HREF="index.html"><LINK
REL="UP"
......@@ -38,7 +38,7 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide - 4.2.2
>The Bugzilla Guide - 4.2.3
Release</TH