Commit 757c98d3 authored by Per Cederqvist's avatar Per Cederqvist

Imported Bugzilla 4.3.1.

parent 5fd9cd2f
bzr://bzr.mozilla.org/bugzilla/4.2/
\ No newline at end of file
bzr://bzr.mozilla.org/bugzilla/trunk/
\ No newline at end of file
No preview for this file type
# Don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch (\.pm|\.pl|\.tmpl|localconfig.*)$>
<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
deny from all
</FilesMatch>
<IfModule mod_expires.c>
......
# -*- Mode: perl; indent-tabs-mode: nil -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Bradley Baetz <bbaetz@student.usyd.edu.au>
# Erik Stambaugh <erik@dasbistro.com>
# A. Karl Kornel <karl@kornel.name>
# Marc Schumann <wurblzap@gmail.com>
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
package Bugzilla;
......@@ -285,10 +268,10 @@ sub input_params {
return $cache->{input_params};
}
our $_localconfig;
sub localconfig {
my $class = shift;
$class->request_cache->{localconfig} ||= read_localconfig();
return $class->request_cache->{localconfig};
$_localconfig ||= read_localconfig();
return $_localconfig;
}
sub params {
......@@ -388,6 +371,12 @@ sub login {
$class->set_user($authenticated_user);
}
if ($class->sudoer) {
$class->sudoer->update_last_seen_date();
} else {
$class->user->update_last_seen_date();
}
return $class->user;
}
......@@ -592,8 +581,7 @@ sub fields {
}
}
return $do_by_name ? \%requested
: [sort { $a->sortkey <=> $b->sortkey || $a->name cmp $b->name } values %requested];
return $do_by_name ? \%requested : [values %requested];
}
sub active_custom_fields {
......@@ -848,7 +836,7 @@ in a hashref:
=item C<by_name>
If false (or not specified), this method will return an arrayref of
the requested fields.
the requested fields. The order of the returned fields is random.
If true, this method will return a hashref of fields, where the keys
are field names and the valules are L<Bugzilla::Field> objects.
......
# -*- Mode: perl; indent-tabs-mode: nil -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
# Myk Melez <myk@mozilla.org>
# Marc Schumann <wurblzap@gmail.com>
# Frédéric Buclin <LpSolit@gmail.com>
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
use strict;
......@@ -374,7 +357,7 @@ sub data {
=item C<datasize>
the length (in characters) of the attachment content
the length (in bytes) of the attachment content
=back
......@@ -582,9 +565,11 @@ sub _check_filename {
# a big deal if it munges incorrectly occasionally.
$filename =~ s/^.*[\/\\]//;
# Truncate the filename to 100 characters, counting from the end of the
# string to make sure we keep the filename extension.
$filename = substr($filename, -100, 100);
# Truncate the filename to MAX_ATTACH_FILENAME_LENGTH characters, counting
# from the end of the string to make sure we keep the filename extension.
$filename = substr($filename,
-&MAX_ATTACH_FILENAME_LENGTH,
MAX_ATTACH_FILENAME_LENGTH);
trick_taint($filename);
return $filename;
......@@ -608,12 +593,12 @@ sub _check_is_private {
=over
=item C<get_attachments_by_bug($bug_id)>
=item C<get_attachments_by_bug($bug)>
Description: retrieves and returns the attachments the currently logged in
user can view for the given bug.
Params: C<$bug_id> - integer - the ID of the bug for which
Params: C<$bug> - Bugzilla::Bug object - the bug for which
to retrieve and return attachments.
Returns: a reference to an array of attachment objects.
......@@ -621,14 +606,14 @@ Returns: a reference to an array of attachment objects.
=cut
sub get_attachments_by_bug {
my ($class, $bug_id, $vars) = @_;
my ($class, $bug, $vars) = @_;
my $user = Bugzilla->user;
my $dbh = Bugzilla->dbh;
# By default, private attachments are not accessible, unless the user
# is in the insider group or submitted the attachment.
my $and_restriction = '';
my @values = ($bug_id);
my @values = ($bug->id);
unless ($user->is_insider) {
$and_restriction = 'AND (isprivate = 0 OR submitter_id = ?)';
......@@ -640,15 +625,18 @@ sub get_attachments_by_bug {
undef, @values);
my $attachments = Bugzilla::Attachment->new_from_list($attach_ids);
$_->{bug} = $bug foreach @$attachments;
# To avoid $attachment->flags to run SQL queries itself for each
# attachment listed here, we collect all the data at once and
# populate $attachment->{flags} ourselves.
# We also load all attachers at once for the same reason.
if ($vars->{preload}) {
# Preload flags.
$_->{flags} = [] foreach @$attachments;
my %att = map { $_->id => $_ } @$attachments;
my $flags = Bugzilla::Flag->match({ bug_id => $bug_id,
my $flags = Bugzilla::Flag->match({ bug_id => $bug->id,
target_type => 'attachment' });
# Exclude flags for private attachments you cannot see.
......@@ -656,6 +644,14 @@ sub get_attachments_by_bug {
push(@{$att{$_->attach_id}->{flags}}, $_) foreach @$flags;
$attachments = [sort {$a->id <=> $b->id} values %att];
# Preload attachers.
my %user_ids = map { $_->{submitter_id} => 1 } @$attachments;
my $users = Bugzilla::User->new_from_list([keys %user_ids]);
my %user_map = map { $_->id => $_ } @$users;
foreach my $attachment (@$attachments) {
$attachment->{attacher} = $user_map{$attachment->{submitter_id}};
}
}
return $attachments;
}
......@@ -723,8 +719,11 @@ sub validate_obsolete {
$attachment->validate_can_edit($bug->product_id)
|| ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
$vars->{'description'} = $attachment->description;
if ($attachment->bug_id != $bug->bug_id) {
$vars->{'my_bug_id'} = $bug->bug_id;
$vars->{'attach_bug_id'} = $attachment->bug_id;
ThrowCodeError('mismatched_bug_ids_on_obsolete', $vars);
}
......@@ -898,6 +897,11 @@ sub remove_from_db {
$dbh->do('UPDATE attachments SET mimetype = ?, ispatch = ?, isobsolete = ?
WHERE attach_id = ?', undef, ('text/plain', 0, 1, $self->id));
$dbh->bz_commit_transaction();
my $filename = $self->_get_local_filename;
if (-e $filename) {
unlink $filename or warn "Couldn't unlink $filename: $!";
}
}
###############################
......
# -*- Mode: perl; indent-tabs-mode: nil -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# Contributor(s): John Keiser <john@johnkeiser.com>
# Frédéric Buclin <LpSolit@gmail.com>
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
use strict;
......@@ -37,6 +27,7 @@ sub process_diff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch.
print $cgi->header(-type => 'text/plain',
-x_content_type_options => "nosniff",
-expires => '+3M');
disable_utf8();
$reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
......@@ -46,7 +37,7 @@ sub process_diff {
if ($lc->{interdiffbin} && $lc->{diffpath}) {
# Get the list of attachments that the user can view in this bug.
my @attachments =
@{Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id)};
@{Bugzilla::Attachment->get_attachments_by_bug($attachment->bug)};
# Extract patches only.
@attachments = grep {$_->ispatch == 1} @attachments;
# We want them sorted from newer to older.
......@@ -118,6 +109,7 @@ sub process_interdiff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch.
print $cgi->header(-type => 'text/plain',
-x_content_type_options => "nosniff",
-expires => '+3M');
disable_utf8();
}
......
# -*- Mode: perl; indent-tabs-mode: nil -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Bradley Baetz <bbaetz@acm.org>
# Erik Stambaugh <erik@dasbistro.com>
# Max Kanat-Alexander <mkanat@bugzilla.org>
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
package Bugzilla::Auth;
......@@ -531,5 +515,3 @@ A L<Bugzilla::User> object representing the authenticated user.
Note that C<Bugzilla::Auth::login> may modify this object at various points.
=back
# -*- Mode: perl; indent-tabs-mode: nil -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#