Imported Bugzilla 2.19.3.

987c342a · Per Cederqvist · c659c791 · 987c342a · 987c342a · 987c342a
Commit 987c342a authored Jul 11, 2014 by Per Cederqvist
75 changed files
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -241,7 +241,7 @@ or should be something which is globally required by a large ammount of code

 =head1 METHODS

-Note that all C<Bugzilla> functionailty is method based; use C<Bugzilla->dbh>
+Note that all C<Bugzilla> functionality is method based; use C<Bugzilla-E<gt>dbh>
 rather than C<Bugzilla::dbh>. Nothing cares about this now, but don't rely on
 that.

@@ -288,7 +288,7 @@ Bugzilla::User instance.

 =item C<logout_request>

-Essentially, causes calls to C<Bugzilla->user> to return C<undef>. This has the
+Essentially, causes calls to C<Bugzilla-E<gt>user> to return C<undef>. This has the
 effect of logging out a user for the current request only; cookies and
 database sessions are left intact.


--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -33,6 +33,8 @@ package Bugzilla::Attachment;

 # Use the Flag module to handle flags.
 use Bugzilla::Flag;
+use Bugzilla::Config qw(:locations);
+use Bugzilla::User;

 ############################################################################
 # Functions
@@ -62,46 +64,46 @@ sub new {
 sub query
 {
  # Retrieves and returns an array of attachment records for a given bug. 
-  # This data should be given to attachment/list.atml in an
+  # This data should be given to attachment/list.html.tmpl in an
  # "attachments" variable.
  my ($bugid) = @_;

-  my $in_editbugs = &::UserInGroup("editbugs");
-  &::SendSQL("SELECT product_id
-           FROM bugs 
-           WHERE bug_id = $bugid");
-  my $productid = &::FetchOneColumn();
-  my $caneditproduct = &::CanEditProductId($productid);
+  my $dbh = Bugzilla->dbh;

  # Retrieve a list of attachments for this bug and write them into an array
  # of hashes in which each hash represents a single attachment.
-  &::SendSQL("
-              SELECT attach_id, DATE_FORMAT(creation_ts, '%Y.%m.%d %H:%i'),
-              mimetype, description, ispatch, isobsolete, isprivate, 
-              submitter_id, LENGTH(thedata)
-              FROM attachments WHERE bug_id = $bugid ORDER BY attach_id
-            ");
+  my $list = $dbh->selectall_arrayref("SELECT attach_id, " .
+                                      $dbh->sql_date_format('creation_ts', '%Y.%m.%d %H:%i') .
+                                      ", mimetype, description, ispatch,
+                                      isobsolete, isprivate, LENGTH(thedata)
+                                      FROM attachments
+                                      WHERE bug_id = ? ORDER BY attach_id",
+                                      undef, $bugid);
+
  my @attachments = ();
-  while (&::MoreSQLData()) {
+  foreach my $row (@$list) {
    my %a;
-    my $submitter_id;
-    ($a{'attachid'}, $a{'date'}, $a{'contenttype'}, $a{'description'},
-     $a{'ispatch'}, $a{'isobsolete'}, $a{'isprivate'}, $submitter_id, 
-     $a{'datasize'}) = &::FetchSQLData();
+    ($a{'attachid'}, $a{'date'}, $a{'contenttype'},
+     $a{'description'}, $a{'ispatch'}, $a{'isobsolete'},
+     $a{'isprivate'}, $a{'datasize'}) = @$row;

    # Retrieve a list of flags for this attachment.
    $a{'flags'} = Bugzilla::Flag::match({ 'attach_id' => $a{'attachid'},
                                          'is_active' => 1 });
-    
-    # We will display the edit link if the user can edit the attachment;
-    # ie the are the submitter, or they have canedit.
-    # Also show the link if the user is not logged in - in that cae,
-    # They'll be prompted later
-    $a{'canedit'} = ($::userid == 0 || (($submitter_id == $::userid ||
-                     $in_editbugs) && $caneditproduct));
+
+    # A zero size indicates that the attachment is stored locally.
+    if ($a{'datasize'} == 0) {
+        my $attachid = $a{'attachid'};
+        my $hash = ($attachid % 100) + 100;
+        $hash =~ s/.*(\d\d)$/group.$1/;
+        if (open(AH, "$attachdir/$hash/attachment.$attachid")) {
+            $a{'datasize'} = (stat(AH))[7];
+            close(AH);
+        }
+    }
    push @attachments, \%a;
  }
-  
+
  return \@attachments;  
 }


--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -23,6 +23,8 @@
 package Bugzilla::Auth;

 use strict;
+use base qw(Exporter);
+@Bugzilla::Auth::EXPORT = qw(bz_crypt);

 use Bugzilla::Config;
 use Bugzilla::Constants;
@@ -42,6 +44,31 @@ BEGIN {
    }
 }

+sub bz_crypt ($) {
+    my ($password) = @_;
+
+    # The list of characters that can appear in a salt.  Salts and hashes
+    # are both encoded as a sequence of characters from a set containing
+    # 64 characters, each one of which represents 6 bits of the salt/hash.
+    # The encoding is similar to BASE64, the difference being that the
+    # BASE64 plus sign (+) is replaced with a forward slash (/).
+    my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/');
+
+    # Generate the salt.  We use an 8 character (48 bit) salt for maximum
+    # security on systems whose crypt uses MD5.  Systems with older
+    # versions of crypt will just use the first two characters of the salt.
+    my $salt = '';
+    for ( my $i=0 ; $i < 8 ; ++$i ) {
+        $salt .= $saltchars[rand(64)];
+    }
+
+    # Crypt the password.
+    my $cryptedpassword = crypt($password, $salt);
+
+    # Return the crypted password.
+    return $cryptedpassword;
+}
+
 # PRIVATE

 # A number of features, like password change requests, require the DB
@@ -128,6 +155,11 @@ __END__

 Bugzilla::Auth - Authentication handling for Bugzilla users

+=head1 SYNOPSIS
+
+  # Class Functions
+  $crypted = bz_crypt($password);
+
 =head1 DESCRIPTION

 Handles authentication for Bugzilla users.
@@ -147,6 +179,23 @@ authentication or login modules.

 =over 4

+=item C<bz_crypt($password)>
+
+Takes a string and returns a C<crypt>ed value for it, using a random salt.
+
+Please always use this function instead of the built-in perl "crypt"
+when initially encrypting a password.
+
+=begin undocumented
+
+Random salts are generated because the alternative is usually
+to use the first two characters of the password itself, and since
+the salt appears in plaintext at the beginning of the encrypted
+password string this has the effect of revealing the first two
+characters of the password to anyone who views the encrypted version.
+
+=end undocumented
+
 =item C<Bugzilla::Auth::get_netaddr($ipaddr)>

 Given an ip address, this returns the associated network address, using

--- a/Bugzilla/Auth/CVS/Entries
+++ b/Bugzilla/Auth/CVS/Entries
-/README/1.2/Thu Jul 29 02:45:38 2004//TBUGZILLA-2_19_2
+/README/1.2/Thu Jul 29 02:45:38 2004//TBUGZILLA-2_19_3
 D/Login////
 D/Verify////
--- a/Bugzilla/Auth/CVS/Tag
+++ b/Bugzilla/Auth/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Auth/Login/CVS/Entries
+++ b/Bugzilla/Auth/Login/CVS/Entries
-/WWW.pm/1.4/Wed Aug 11 13:53:44 2004//TBUGZILLA-2_19_2
+/WWW.pm/1.6/Sat Mar 12 21:51:15 2005//TBUGZILLA-2_19_3
 D/WWW////
--- a/Bugzilla/Auth/Login/CVS/Tag
+++ b/Bugzilla/Auth/Login/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Auth/Login/WWW.pm
+++ b/Bugzilla/Auth/Login/WWW.pm
@@ -51,6 +51,7 @@ sub login {
    # (double cookies, odd compat code settings, etc)
    return $user if $user->id;

+    $type = LOGIN_REQUIRED if Bugzilla->cgi->param('GoAheadAndLogIn');
    $type = LOGIN_NORMAL unless defined $type;

    # Log in using whatever methods are defined in user_info_class.
@@ -70,6 +71,11 @@ sub login {
    if ($userid) {
        $user = new Bugzilla::User($userid);

+        # Redirect to SSL if required
+        if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+            Bugzilla->cgi->require_https(Param('sslbase'));
+        }
+
        $user->set_flags('can_logout' => $class->can_logout);

        # Compat stuff

--- a/Bugzilla/Auth/Login/WWW/CGI.pm
+++ b/Bugzilla/Auth/Login/WWW/CGI.pm
@@ -45,10 +45,13 @@ sub login {
    }

    my $cgi = Bugzilla->cgi;
+    my $dbh = Bugzilla->dbh;

    # First, try the actual login method against form variables
    my $username = $cgi->param("Bugzilla_login");
    my $passwd = $cgi->param("Bugzilla_password");
+    
+    $cgi->delete('Bugzilla_login', 'Bugzilla_password');

    my $authmethod = Param("user_verify_class");
    my ($authres, $userid, $extra, $info) =
@@ -67,12 +70,11 @@ sub login {
        # subsequent login
        trick_taint($ipaddr);

-        my $dbh = Bugzilla->dbh;
        $dbh->do("INSERT INTO logincookies (userid, ipaddr, lastused)
                 VALUES (?, ?, NOW())",
                 undef,
                 $userid, $ipaddr);
-        my $logincookie = $dbh->selectrow_array("SELECT LAST_INSERT_ID()");
+        my $logincookie = $dbh->bz_last_key('logincookies', 'cookie');

        # Remember cookie only if admin has told so
        # or admin didn't forbid it and user told to remember.
@@ -135,6 +137,12 @@ sub login {
    # No login details were given, but we require a login if the
    # page does
    if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) {
+
+        # Redirect to SSL if required
+        if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+            $cgi->require_https(Param('sslbase'));
+        }
+    
        # Throw up the login page

        print Bugzilla->cgi->header();
@@ -142,8 +150,6 @@ sub login {
        my $template = Bugzilla->template;
        $template->process("account/auth/login.html.tmpl",
                           { 'target' => $cgi->url(-relative=>1),
-                             'form' => \%::FORM,
-                             'mform' => \%::MFORM,
                             'caneditaccount' => Bugzilla::Auth->can_edit('new'),
                             'has_db' => Bugzilla::Auth->has_db,
                           }
@@ -153,8 +159,9 @@ sub login {
        # This seems like as good as time as any to get rid of old
        # crufty junk in the logincookies table.  Get rid of any entry
        # that hasn't been used in a month.
-        Bugzilla->dbh->do("DELETE FROM logincookies " .
-                          "WHERE TO_DAYS(NOW()) - TO_DAYS(lastused) > 30");
+        $dbh->do("DELETE FROM logincookies WHERE " .
+                 $dbh->sql_to_days('NOW()') . " - " .
+                 $dbh->sql_to_days('lastused') . " > 30");

        exit;
    }
@@ -177,7 +184,7 @@ sub login {

    # If we get here, then we've run out of options, which shouldn't happen
    ThrowCodeError("authres_unhandled", { authres => $authres, 
-                                          type => $type, });
+                                          type => $type });
 }

 # This auth style allows the user to log out.

--- a/Bugzilla/Auth/Login/WWW/CGI/CVS/Entries
+++ b/Bugzilla/Auth/Login/WWW/CGI/CVS/Entries
-/Cookie.pm/1.2/Wed Sep  8 23:29:08 2004//TBUGZILLA-2_19_2
+/Cookie.pm/1.3/Tue Mar 22 22:41:07 2005//TBUGZILLA-2_19_3
 D
--- a/Bugzilla/Auth/Login/WWW/CGI/CVS/Tag
+++ b/Bugzilla/Auth/Login/WWW/CGI/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Auth/Login/WWW/CGI/Cookie.pm
+++ b/Bugzilla/Auth/Login/WWW/CGI/Cookie.pm
@@ -57,18 +57,16 @@ sub authenticate {
                "  logincookies.userid=profiles.userid AND " .
                "  logincookies.userid=? AND " .
                "  (logincookies.ipaddr=?";
+    my @params = ($login_cookie, $login, $ipaddr);
    if (defined $netaddr) {
        trick_taint($netaddr);
        $query .= " OR logincookies.ipaddr=?";
+        push(@params, $netaddr);
    }
    $query .= ")";

    my $dbh = Bugzilla->dbh;
-    my ($userid, $disabledtext) = $dbh->selectrow_array($query, undef,
-                                                        $login_cookie,
-                                                        $login,
-                                                        $ipaddr,
-                                                        $netaddr);
+    my ($userid, $disabledtext) = $dbh->selectrow_array($query, undef, @params);

    return (AUTH_DISABLED, $userid, $disabledtext)
      if ($disabledtext);

--- a/Bugzilla/Auth/Login/WWW/CVS/Entries
+++ b/Bugzilla/Auth/Login/WWW/CVS/Entries
-/CGI.pm/1.4/Wed Oct 20 20:58:45 2004//TBUGZILLA-2_19_2
-/Env.pm/1.1/Wed Aug 11 13:53:45 2004//TBUGZILLA-2_19_2
+/CGI.pm/1.10/Thu May 12 01:52:13 2005//TBUGZILLA-2_19_3
+/Env.pm/1.3/Sat Apr 16 17:08:32 2005//TBUGZILLA-2_19_3
 D/CGI////
--- a/Bugzilla/Auth/Login/WWW/CVS/Tag
+++ b/Bugzilla/Auth/Login/WWW/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Auth/Login/WWW/Env.pm
+++ b/Bugzilla/Auth/Login/WWW/Env.pm
@@ -57,7 +57,7 @@ sub login {
    trick_taint($env_id);
    trick_taint($env_realname);

-    if ($env_id | $env_email) {
+    if ($env_id || $env_email) {
        # Look in the DB for the extern_id
        if ($env_id) {

@@ -116,9 +116,7 @@ sub login {
                                     "realname, disabledtext " .
                                     ") VALUES ( ?, ?, ?, '' )");
                $sth->execute($env_email, '*', $env_realname);
-                $sth = $dbh->prepare("SELECT last_insert_id()");
-                $sth->execute();
-                $matched_userid = $sth->fetch->[0];
+                $matched_userid = $dbh->bz_last_key('profiles', 'userid');
            }
        }
    }

--- a/Bugzilla/Auth/Verify/CVS/Entries
+++ b/Bugzilla/Auth/Verify/CVS/Entries
-/DB.pm/1.3/Tue Jul 20 22:41:21 2004//TBUGZILLA-2_19_2
-/LDAP.pm/1.3/Tue Jul 20 22:41:21 2004//TBUGZILLA-2_19_2
+/DB.pm/1.4/Mon Jan 31 19:26:01 2005//TBUGZILLA-2_19_3
+/LDAP.pm/1.5/Wed Feb  9 06:42:43 2005//TBUGZILLA-2_19_3
 D
--- a/Bugzilla/Auth/Verify/CVS/Tag
+++ b/Bugzilla/Auth/Verify/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -111,7 +111,7 @@ sub check_password {
 sub change_password {
    my ($class, $userid, $password) = @_;
    my $dbh = Bugzilla->dbh;
-    my $cryptpassword = Crypt($password);
+    my $cryptpassword = bz_crypt($password);
    $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?", 
             undef, $cryptpassword, $userid);
 }

--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -33,6 +33,7 @@ use strict;

 use Bugzilla::Config;
 use Bugzilla::Constants;
+use Bugzilla::User;

 use Net::LDAP;

@@ -149,7 +150,7 @@ sub authenticate {
        if($userRealName eq "") {
            $userRealName = $user_entry->get_value("cn");
        }
-        &::InsertNewUser($username, $userRealName);
+        insert_new_user($username, $userRealName);

        ($userid, $disabledtext) = $dbh->selectrow_array($sth,
                                                         undef,

--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
--- a/Bugzilla/BugMail.pm
+++ b/Bugzilla/BugMail.pm
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -52,6 +52,11 @@ sub new {
    # Make sure that we don't send any charset headers
    $self->charset('');

+    # Redirect to SSL if required
+    if (Param('sslbase') ne '' and Param('ssl') eq 'always') {
+        $self->require_https(Param('sslbase'));
+    }
+
    # Check for errors
    # All of the Bugzilla code wants to do this, so do it here instead of
    # in each script
@@ -174,6 +179,10 @@ sub send_cookie {

    # Add the default path in
    unshift(@_, '-path' => Param('cookiepath'));
+    if (Param('cookiedomain'))
+    {
+        unshift(@_, '-domain' => Param('cookiedomain'));
+    }

    # Use CGI::Cookie directly, because CGI.pm's |cookie| method gives the
    # current value if there isn't a -value attribute, which happens when
@@ -185,6 +194,21 @@ sub send_cookie {
    return;
 }

+# Redirect to https if required
+sub require_https {
+    my $self = shift;
+    if ($self->protocol ne 'https') {
+        my $url = shift;
+        if (defined $url) {
+            $url .= $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1);
+        } else {
+            $url = $self->self_url;
+            $url =~ s/^http:/https:/i;
+        }
+        print $self->redirect(-location => $url);
+        exit;
+    }
+}

 1;

@@ -238,6 +262,14 @@ Bugzilla code (instead of C<cookie> or the C<-cookie> argument to C<header>),
 so that under mod_perl the headers can be sent correctly, using C<print> or
 the mod_perl APIs as appropriate.

+=item C<require_https($baseurl)>
+
+This routine checks if the current page is being served over https, and
+redirects to the https protocol if required, retaining QUERY_STRING.
+
+It takes an option argument which will be used as the base URL.  If $baseurl
+is not provided, the current URL is used.
+
 =back

 =head1 SEE ALSO

--- a/Bugzilla/CVS/Entries
+++ b/Bugzilla/CVS/Entries
-/.cvsignore/1.1/Mon Aug 26 22:24:55 2002//TBUGZILLA-2_19_2
-/Attachment.pm/1.17/Tue Jul  6 07:08:02 2004//TBUGZILLA-2_19_2
-/Auth.pm/1.7/Tue Jul 20 22:41:18 2004//TBUGZILLA-2_19_2
-/Bug.pm/1.47/Fri Aug 20 21:49:17 2004//TBUGZILLA-2_19_2
-/BugMail.pm/1.19/Fri Jan  7 20:56:01 2005//TBUGZILLA-2_19_2
-/CGI.pm/1.13/Wed Jan 12 17:06:10 2005//TBUGZILLA-2_19_2
-/Chart.pm/1.4/Sun Aug 29 21:29:34 2004//TBUGZILLA-2_19_2
-/Config.pm/1.29/Sat Jan 15 06:59:42 2005//TBUGZILLA-2_19_2
-/Constants.pm/1.13/Fri Jan  7 20:56:01 2005//TBUGZILLA-2_19_2
-/DB.pm/1.14/Mon Dec  6 17:16:33 2004//TBUGZILLA-2_19_2
-/Error.pm/1.9/Mon Jan  3 20:54:57 2005//TBUGZILLA-2_19_2
-/Flag.pm/1.27/Sat Jan  8 18:33:48 2005//TBUGZILLA-2_19_2
-/FlagType.pm/1.10/Tue Nov 23 22:41:43 2004//TBUGZILLA-2_19_2
-/RelationSet.pm/1.10/Thu Mar 18 03:57:05 2004//TBUGZILLA-2_19_2
-/Search.pm/1.72/Fri Dec 31 08:00:51 2004//TBUGZILLA-2_19_2
-/Series.pm/1.6/Sun Aug 29 21:29:34 2004//TBUGZILLA-2_19_2
-/Template.pm/1.18/Sat Jul 10 14:51:23 2004//TBUGZILLA-2_19_2
-/Token.pm/1.24/Sat Jan  1 13:44:16 2005//TBUGZILLA-2_19_2
-/User.pm/1.32/Fri Jan  7 20:56:01 2005//TBUGZILLA-2_19_2
-/Util.pm/1.14/Tue Jan 11 17:15:43 2005//TBUGZILLA-2_19_2
+/.cvsignore/1.1/Mon Aug 26 22:24:55 2002//TBUGZILLA-2_19_3
+/Attachment.pm/1.21/Thu Apr 28 02:14:26 2005//TBUGZILLA-2_19_3
+/Auth.pm/1.9/Mon Jan 31 20:13:55 2005//TBUGZILLA-2_19_3
+/Bug.pm/1.76/Tue May  3 18:44:53 2005//TBUGZILLA-2_19_3
+/BugMail.pm/1.39/Mon Apr  4 21:09:17 2005//TBUGZILLA-2_19_3
+/CGI.pm/1.15/Sun Jan 16 20:43:22 2005//TBUGZILLA-2_19_3
+/Chart.pm/1.8/Mon Apr 11 22:39:11 2005//TBUGZILLA-2_19_3
+/Config.pm/1.40/Thu May 12 02:51:04 2005//TBUGZILLA-2_19_3
+/Constants.pm/1.22/Tue Mar 29 21:42:57 2005//TBUGZILLA-2_19_3
+/DB.pm/1.53/Sat Apr 23 02:11:51 2005//TBUGZILLA-2_19_3
+/Error.pm/1.13/Tue Mar 22 19:22:40 2005//TBUGZILLA-2_19_3
+/Flag.pm/1.38/Fri Apr 22 02:17:14 2005//TBUGZILLA-2_19_3
+/FlagType.pm/1.16/Thu May  5 19:20:44 2005//TBUGZILLA-2_19_3
+/Group.pm/1.1/Fri Feb 18 22:42:07 2005//TBUGZILLA-2_19_3
+/Search.pm/1.96/Tue May 10 21:05:19 2005//TBUGZILLA-2_19_3
+/Series.pm/1.9/Wed Mar 16 00:27:15 2005//TBUGZILLA-2_19_3
+/Template.pm/1.25/Mon Apr  4 22:29:09 2005//TBUGZILLA-2_19_3
+/Token.pm/1.29/Thu Mar  3 07:19:09 2005//TBUGZILLA-2_19_3
+/User.pm/1.54/Sun Apr 10 17:49:48 2005//TBUGZILLA-2_19_3
+/Util.pm/1.26/Tue May 10 20:30:12 2005//TBUGZILLA-2_19_3
 D/Auth////
+D/DB////
 D/Template////
+D/User////
--- a/Bugzilla/CVS/Tag
+++ b/Bugzilla/CVS/Tag
-NBUGZILLA-2_19_2
+NBUGZILLA-2_19_3
--- a/Bugzilla/Chart.pm
+++ b/Bugzilla/Chart.pm
@@ -115,16 +115,11 @@ sub add {
    my $self = shift;
    my @series_ids = @_;

-    # If we are going from < 2 to >= 2 series, add the Grand Total line.
-    if (!$self->{'gt'}) {
-        my $current_size = scalar($self->getSeriesIDs());
-        if ($current_size < 2 &&
-            $current_size + scalar(@series_ids) >= 2) 
-        {
-            $self->{'gt'} = 1;
-        }
-    }
-        
+    # Get the current size of the series; required for adding Grand Total later
+    my $current_size = scalar($self->getSeriesIDs());
+    
+    # Count the number of added series
+    my $added = 0;
    # Create new Series and push them on to the list of lines.
    # Note that new lines have no label; the display template is responsible
    # for inventing something sensible.
@@ -133,6 +128,16 @@ sub add {
        if ($series) {
            push(@{$self->{'lines'}}, [$series]);
            push(@{$self->{'labels'}}, "");
+            $added++;
+        }
+    }
+    
+    # If we are going from < 2 to >= 2 series, add the Grand Total line.
+    if (!$self->{'gt'}) {
+        if ($current_size < 2 &&
+            $current_size + $added >= 2) 
+        {
+            $self->{'gt'} = 1;
        }
    }
 }
@@ -229,9 +234,9 @@ sub readData {
    }

    # Prepare the query which retrieves the data for each series
-    my $query = "SELECT TO_DAYS(series_date) - " . 
-                "  TO_DAYS(FROM_UNIXTIME($datefrom)), " . 
-                "series_value FROM series_data " .
+    my $query = "SELECT " . $dbh->sql_to_days('series_date') . " - " . 
+                            $dbh->sql_to_days("FROM_UNIXTIME($datefrom)") .
+                ", series_value FROM series_data " .
                "WHERE series_id = ? " .
                "AND series_date >= FROM_UNIXTIME($datefrom)";
    if ($dateto) {
@@ -320,7 +325,8 @@ sub getVisibleSeries {
                        "    AND cgm.group_id NOT IN($grouplist) " .
                        "WHERE creator = " . Bugzilla->user->id . " OR " .
                        "      cgm.category_id IS NULL " . 
-                        "GROUP BY series_id");
+                   $dbh->sql_group_by('series_id', 'cc1.name, cc2.name, ' .
+                                      'series.name'));
    foreach my $series (@$serieses) {
        my ($cat, $subcat, $name, $series_id) = @$series;
        $cats{$cat}{$subcat}{$name} = $series_id;

--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -33,8 +33,6 @@ use strict;

 use base qw(Exporter);

-use Bugzilla::Util;
-
 # Under mod_perl, get this from a .htaccess config variable,
 # and/or default from the current 'real' dir
 # At some stage after this, it may be possible for these dir locations
@@ -45,16 +43,17 @@ use Bugzilla::Util;
 # .pms elsewhere.
 # $webdotdir must be in the webtree somewhere. Even if you use a local dot,
 # we output images to there. Also, if $webdot dir is not relative to the
-# bugzilla root directory, you'll need to change showdependancygraph.cgi to
+# bugzilla root directory, you'll need to change showdependencygraph.cgi to
 # set image_url to the correct location.
 # The script should really generate these graphs directly...
-# Note that if $libpath is changed, some stuff will break, notably dependancy
+# Note that if $libpath is changed, some stuff will break, notably dependency
 # graphs (since the path will be wrong in the HTML). This will be fixed at
 # some point.

 our $libpath = '.';
 our $localconfig = "$libpath/localconfig";
 our $datadir = "$libpath/data";
+our $attachdir = "$datadir/attachments";
 our $templatedir = "$libpath/template";
 our $webdotdir = "$datadir/webdot";

@@ -71,13 +70,14 @@ our $webdotdir = "$datadir/webdot";
 %Bugzilla::Config::EXPORT_TAGS =
  (
   admin => [qw(GetParamList UpdateParams SetParam WriteParams)],
-   db => [qw($db_host $db_port $db_name $db_user $db_pass $db_sock)],
-   locations => [qw($libpath $localconfig $datadir $templatedir $webdotdir)],
+   db => [qw($db_driver $db_host $db_port $db_name $db_user $db_pass $db_sock)],
+   locations => [qw($libpath $localconfig $attachdir
+                    $datadir $templatedir $webdotdir)],
  );
 Exporter::export_ok_tags('admin', 'db', 'locations');

 # Bugzilla version
-$Bugzilla::Config::VERSION = "2.19.2";
+$Bugzilla::Config::VERSION = "2.19.3";

 use Safe;