attachment.cgi 27.9 KB
Newer Older
1
#!/usr/bin/perl -wT
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
#                 Myk Melez <myk@mozilla.org>
23 24
#                 Daniel Raichle <draichle@gmx.net>
#                 Dave Miller <justdave@syndicomm.com>
25
#                 Alexander J. Vincent <ajvincent@juno.com>
26
#                 Max Kanat-Alexander <mkanat@bugzilla.org>
27
#                 Greg Hendricks <ghendricks@novell.com>
28
#                 Frédéric Buclin <LpSolit@gmail.com>
29
#                 Marc Schumann <wurblzap@gmail.com>
30
#                 Byron Jones <bugzilla@glob.com.au>
31 32 33 34 35 36 37 38

################################################################################
# Script Initialization
################################################################################

# Make it harder for us to do dangerous things in Perl.
use strict;

39
use lib qw(. lib);
40

41
use Bugzilla;
42
use Bugzilla::BugMail;
43
use Bugzilla::Constants;
44
use Bugzilla::Error;
45 46
use Bugzilla::Flag; 
use Bugzilla::FlagType; 
47
use Bugzilla::User;
48
use Bugzilla::Util;
49
use Bugzilla::Bug;
50
use Bugzilla::Field;
51
use Bugzilla::Attachment;
52
use Bugzilla::Attachment::PatchReader;
53
use Bugzilla::Token;
54
use Bugzilla::Keyword;
55

56 57
use Encode qw(encode);

58 59 60 61 62 63 64
# For most scripts we don't make $cgi and $template global variables. But
# when preparing Bugzilla for mod_perl, this script used these
# variables in so many subroutines that it was easier to just
# make them globals.
local our $cgi = Bugzilla->cgi;
local our $template = Bugzilla->template;
local our $vars = {};
65

66 67 68 69
################################################################################
# Main Body Execution
################################################################################

70 71 72 73
# All calls to this script should contain an "action" variable whose
# value determines what the user wants to do.  The code below checks
# the value of that variable and runs the appropriate code. If none is
# supplied, we default to 'view'.
74 75

# Determine whether to use the action specified by the user or the default.
76
my $action = $cgi->param('action') || 'view';
77

78 79 80
# You must use the appropriate urlbase/sslbase param when doing anything
# but viewing an attachment.
if ($action ne 'view') {
81 82
    do_ssl_redirect_if_required();
    if ($cgi->url_is_attachment_base) {
83 84 85 86 87 88 89 90
        $cgi->redirect_to_urlbase;
    }
    Bugzilla->login();
}

# When viewing an attachment, do not request credentials if we are on
# the alternate host. Let view() decide when to call Bugzilla->login.
if ($action eq "view")
91
{
92
    view();
93
}
94 95
elsif ($action eq "interdiff")
{
96
    interdiff();
97 98 99
}
elsif ($action eq "diff")
{
100
    diff();
101
}
102 103
elsif ($action eq "viewall") 
{ 
104
    viewall(); 
105
}
106 107
elsif ($action eq "enter") 
{ 
108 109
    Bugzilla->login(LOGIN_REQUIRED);
    enter(); 
110 111 112
}
elsif ($action eq "insert")
{
113 114
    Bugzilla->login(LOGIN_REQUIRED);
    insert();
115
}
116 117
elsif ($action eq "edit") 
{ 
118
    edit(); 
119 120 121
}
elsif ($action eq "update") 
{ 
122 123
    Bugzilla->login(LOGIN_REQUIRED);
    update();
124
}
125 126 127
elsif ($action eq "delete") {
    delete_attachment();
}
128 129
else 
{ 
130
  ThrowUserError('unknown_action', {action => $action});
131 132 133 134 135 136 137 138
}

exit;

################################################################################
# Data Validation / Security Authorization
################################################################################

139 140 141
# Validates an attachment ID. Optionally takes a parameter of a form
# variable name that contains the ID to be validated. If not specified,
# uses 'id'.
142 143
# If the second parameter is true, the attachment ID will be validated,
# however the current user's access to the attachment will not be checked.
144 145 146 147
# Will throw an error if 1) attachment ID is not a valid number,
# 2) attachment does not exist, or 3) user isn't allowed to access the
# attachment.
#
148 149 150
# Returns an attachment object.

sub validateID {
151 152
    my($param, $dont_validate_access) = @_;
    $param ||= 'id';
153

154 155 156
    # If we're not doing interdiffs, check if id wasn't specified and
    # prompt them with a page that allows them to choose an attachment.
    # Happens when calling plain attachment.cgi from the urlbar directly
157
    if ($param eq 'id' && !$cgi->param('id')) {
158
        print $cgi->header();
159 160 161 162
        $template->process("attachment/choose.html.tmpl", $vars) ||
            ThrowTemplateError($template->error());
        exit;
    }
163
    
164 165 166 167 168 169 170
    my $attach_id = $cgi->param($param);

    # Validate the specified attachment id. detaint kills $attach_id if
    # non-natural, so use the original value from $cgi in our exception
    # message here.
    detaint_natural($attach_id)
     || ThrowUserError("invalid_attach_id", { attach_id => $cgi->param($param) });
171
  
172
    # Make sure the attachment exists in the database.
173
    my $attachment = new Bugzilla::Attachment($attach_id)
174
      || ThrowUserError("invalid_attach_id", { attach_id => $attach_id });
175

176 177 178 179 180 181 182 183
    return $attachment if ($dont_validate_access || check_can_access($attachment));
}

# Make sure the current user has access to the specified attachment.
sub check_can_access {
    my $attachment = shift;
    my $user = Bugzilla->user;

184
    # Make sure the user is authorized to access this attachment's bug.
185 186 187 188
    Bugzilla::Bug->check($attachment->bug_id);
    if ($attachment->isprivate && $user->id != $attachment->attacher->id 
        && !$user->is_insider) 
    {
189 190
        ThrowUserError('auth_failure', {action => 'access',
                                        object => 'attachment'});
191
    }
192 193 194 195 196 197 198 199 200 201 202 203 204
    return 1;
}

# Determines if the attachment is public -- that is, if users who are
# not logged in have access to the attachment
sub attachmentIsPublic {
    my $attachment = shift;

    return 0 if Bugzilla->params->{'requirelogin'};
    return 0 if $attachment->isprivate;

    my $anon_user = new Bugzilla::User;
    return $anon_user->can_see_bug($attachment->bug_id);
205 206
}

207 208 209
# Validates format of a diff/interdiff. Takes a list as an parameter, which
# defines the valid format values. Will throw an error if the format is not
# in the list. Returns either the user selected or default format.
210
sub validateFormat {
211 212
  # receives a list of legal formats; first item is a default
  my $format = $cgi->param('format') || $_[0];
213
  if (not grep($_ eq $format, @_)) {
214
     ThrowUserError("invalid_format", { format  => $format, formats => \@_ });
215
  }
216

217
  return $format;
218 219
}

220 221
# Validates context of a diff/interdiff. Will throw an error if the context
# is not number, "file" or "patch". Returns the validated, detainted context.
222 223
sub validateContext
{
224 225 226 227
  my $context = $cgi->param('context') || "patch";
  if ($context ne "file" && $context ne "patch") {
    detaint_natural($context)
      || ThrowUserError("invalid_context", { context => $cgi->param('context') });
228
  }
229 230

  return $context;
231 232
}

233 234 235 236
################################################################################
# Functions
################################################################################

237
# Display an attachment.
238
sub view {
239 240 241 242 243
    my $attachment;

    if (use_attachbase()) {
        $attachment = validateID(undef, 1);
        my $path = 'attachment.cgi?id=' . $attachment->id;
244 245 246 247
        # The user is allowed to override the content type of the attachment.
        if (defined $cgi->param('content_type')) {
            $path .= '&content_type=' . url_quote($cgi->param('content_type'));
        }
248 249

        # Make sure the attachment is served from the correct server.
250
        my $bug_id = $attachment->bug_id;
251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278
        if ($cgi->url_is_attachment_base($bug_id)) {
            # No need to validate the token for public attachments. We cannot request
            # credentials as we are on the alternate host.
            if (!attachmentIsPublic($attachment)) {
                my $token = $cgi->param('t');
                my ($userid, undef, $token_attach_id) = Bugzilla::Token::GetTokenData($token);
                unless ($userid
                        && detaint_natural($token_attach_id)
                        && ($token_attach_id == $attachment->id))
                {
                    # Not a valid token.
                    print $cgi->redirect('-location' => correct_urlbase() . $path);
                    exit;
                }
                # Change current user without creating cookies.
                Bugzilla->set_user(new Bugzilla::User($userid));
                # Tokens are single use only, delete it.
                delete_token($token);
            }
        }
        elsif ($cgi->url_is_attachment_base) {
            # If we come here, this means that each bug has its own host
            # for attachments, and that we are trying to view one attachment
            # using another bug's host. That's not desired.
            $cgi->redirect_to_urlbase;
        }
        else {
            # We couldn't call Bugzilla->login earlier as we first had to
279 280
            # make sure we were not going to request credentials on the
            # alternate host.
281
            Bugzilla->login();
282 283 284 285
            my $attachbase = Bugzilla->params->{'attachment_base'};
            # Replace %bugid% by the ID of the bug the attachment 
            # belongs to, if present.
            $attachbase =~ s/\%bugid\%/$bug_id/;
286 287 288 289 290 291 292 293 294 295 296 297 298 299
            if (attachmentIsPublic($attachment)) {
                # No need for a token; redirect to attachment base.
                print $cgi->redirect(-location => $attachbase . $path);
                exit;
            } else {
                # Make sure the user can view the attachment.
                check_can_access($attachment);
                # Create a token and redirect.
                my $token = url_quote(issue_session_token($attachment->id));
                print $cgi->redirect(-location => $attachbase . "$path&t=$token");
                exit;
            }
        }
    } else {
300
        do_ssl_redirect_if_required();
301 302 303 304 305 306
        # No alternate host is used. Request credentials if required.
        Bugzilla->login();
        $attachment = validateID();
    }

    # At this point, Bugzilla->login has been called if it had to.
307 308 309
    my $contenttype = $attachment->contenttype;
    my $filename = $attachment->filename;

310 311
    # Bug 111522: allow overriding content-type manually in the posted form
    # params.
312 313
    if (defined $cgi->param('content_type')) {
        $contenttype = $attachment->_check_content_type($cgi->param('content_type'));
314
    }
315

316
    # Return the appropriate HTTP response headers.
317
    $attachment->datasize || ThrowUserError("attachment_removed");
318

319
    $filename =~ s/^.*[\/\\]//;
320 321 322 323
    # escape quotes and backslashes in the filename, per RFCs 2045/822
    $filename =~ s/\\/\\\\/g; # escape backslashes
    $filename =~ s/"/\\"/g; # escape quotes

324 325 326 327 328
    # Avoid line wrapping done by Encode, which we don't need for HTTP
    # headers. See discussion in bug 328628 for details.
    local $Encode::Encoding{'MIME-Q'}->{'bpl'} = 10000;
    $filename = encode('MIME-Q', $filename);

329 330
    my $disposition = Bugzilla->params->{'allow_attachment_display'} ? 'inline' : 'attachment';

331 332 333 334 335 336 337 338
    # Don't send a charset header with attachments--they might not be UTF-8.
    # However, we do allow people to explicitly specify a charset if they
    # want.
    if ($contenttype !~ /\bcharset=/i) {
        # In order to prevent Apache from adding a charset, we have to send a
        # charset that's a single space.
        $cgi->charset(' ');
    }
339
    print $cgi->header(-type=>"$contenttype; name=\"$filename\"",
340
                       -content_disposition=> "$disposition; filename=\"$filename\"",
341 342
                       -content_length => $attachment->datasize,
                       -x_content_type_options => "nosniff");
343
    disable_utf8();
344
    print $attachment->data;
345 346
}

347 348
sub interdiff {
    # Retrieve and validate parameters
349 350
    my $old_attachment = validateID('oldid');
    my $new_attachment = validateID('newid');
351 352 353 354 355
    my $format = validateFormat('html', 'raw');
    my $context = validateContext();

    Bugzilla::Attachment::PatchReader::process_interdiff(
        $old_attachment, $new_attachment, $format, $context);
356 357
}

358 359
sub diff {
    # Retrieve and validate parameters
360
    my $attachment = validateID();
361 362
    my $format = validateFormat('html', 'raw');
    my $context = validateContext();
363

364 365 366 367
    # If it is not a patch, view normally.
    if (!$attachment->ispatch) {
        view();
        return;
368 369
    }

370
    Bugzilla::Attachment::PatchReader::process_diff($attachment, $format, $context);
371
}
372

373 374
# Display all attachments for a given bug in a series of IFRAMEs within one
# HTML page.
375
sub viewall {
376
    # Retrieve and validate parameters
377 378
    my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
    my $bugid = $bug->id;
379

380
    my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid);
381 382
    # Ignore deleted attachments.
    @$attachments = grep { $_->datasize } @$attachments;
383

384 385 386 387 388
    if ($cgi->param('hide_obsolete')) {
        @$attachments = grep { !$_->isobsolete } @$attachments;
        $vars->{'hide_obsolete'} = 1;
    }

389 390 391
    # Define the variables and functions that will be passed to the UI template.
    $vars->{'bug'} = $bug;
    $vars->{'attachments'} = $attachments;
392

393
    print $cgi->header();
394

395 396 397
    # Generate and return the UI (HTML page) from the appropriate template.
    $template->process("attachment/show-multiple.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
398 399
}

400
# Display a form for entering a new attachment.
401
sub enter {
402
  # Retrieve and validate parameters
403 404
  my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
  my $bugid = $bug->id;
405
  Bugzilla::Attachment->_check_bug($bug);
406
  my $dbh = Bugzilla->dbh;
407 408
  my $user = Bugzilla->user;

409 410 411
  # Retrieve the attachments the user can edit from the database and write
  # them into an array of hashes where each hash represents one attachment.
  my $canEdit = "";
412 413
  if (!$user->in_group('editbugs', $bug->product_id)) {
      $canEdit = "AND submitter_id = " . $user->id;
414
  }
415 416 417
  my $attach_ids = $dbh->selectcol_arrayref("SELECT attach_id FROM attachments
                                             WHERE bug_id = ? AND isobsolete = 0 $canEdit
                                             ORDER BY attach_id", undef, $bugid);
418 419

  # Define the variables and functions that will be passed to the UI template.
420
  $vars->{'bug'} = $bug;
421
  $vars->{'attachments'} = Bugzilla::Attachment->new_from_list($attach_ids);
422

423
  my $flag_types = Bugzilla::FlagType::match({'target_type'  => 'attachment',
424 425
                                              'product_id'   => $bug->product_id,
                                              'component_id' => $bug->component_id});
426
  $vars->{'flag_types'} = $flag_types;
427 428
  $vars->{'any_flags_requesteeble'} =
    grep { $_->is_requestable && $_->is_requesteeble } @$flag_types;
429
  $vars->{'token'} = issue_session_token('create_attachment:');
430

431
  print $cgi->header();
432 433

  # Generate and return the UI (HTML page) from the appropriate template.
434 435
  $template->process("attachment/create.html.tmpl", $vars)
    || ThrowTemplateError($template->error());
436 437
}

438
# Insert a new attachment into the database.
439
sub insert {
440 441
    my $dbh = Bugzilla->dbh;
    my $user = Bugzilla->user;
442

443 444
    $dbh->bz_start_transaction;

445
    # Retrieve and validate parameters
446 447
    my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
    my $bugid = $bug->id;
448
    my ($timestamp) = $dbh->selectrow_array("SELECT NOW()");
449

450 451 452 453 454 455
    # Detect if the user already used the same form to submit an attachment
    my $token = trim($cgi->param('token'));
    if ($token) {
        my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token);
        unless ($creator_id 
            && ($creator_id == $user->id) 
456
                && ($old_attach_id =~ "^create_attachment:")) 
457 458 459 460 461
        {
            # The token is invalid.
            ThrowUserError('token_does_not_exist');
        }
    
462
        $old_attach_id =~ s/^create_attachment://;
463 464 465 466 467 468 469 470 471 472 473
   
        if ($old_attach_id) {
            $vars->{'bugid'} = $bugid;
            $vars->{'attachid'} = $old_attach_id;
            print $cgi->header();
            $template->process("attachment/cancel-create-dupe.html.tmpl",  $vars)
                || ThrowTemplateError($template->error());
            exit;
        }
    }

474 475 476 477 478 479 480 481 482 483 484 485 486
    # Check attachments the user tries to mark as obsolete.
    my @obsolete_attachments;
    if ($cgi->param('obsolete')) {
        my @obsolete = $cgi->param('obsolete');
        @obsolete_attachments = Bugzilla::Attachment->validate_obsolete($bug, \@obsolete);
    }

    # Must be called before create() as it may alter $cgi->param('ispatch').
    my $content_type = Bugzilla::Attachment::get_content_type();

    my $attachment = Bugzilla::Attachment->create(
        {bug           => $bug,
         creation_ts   => $timestamp,
487
         data          => scalar $cgi->param('attach_text') || $cgi->upload('data'),
488
         description   => scalar $cgi->param('description'),
489
         filename      => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'),
490 491 492 493 494 495
         ispatch       => scalar $cgi->param('ispatch'),
         isprivate     => scalar $cgi->param('isprivate'),
         mimetype      => $content_type,
         });

    foreach my $obsolete_attachment (@obsolete_attachments) {
496 497
        $obsolete_attachment->set_is_obsolete(1);
        $obsolete_attachment->update($timestamp);
498
    }
499

500 501 502 503 504
    my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi(
                                  $bug, $attachment, $vars, SKIP_REQUESTEE_ON_ERROR);
    $attachment->set_flags($flags, $new_flags);
    $attachment->update($timestamp);

505
    # Insert a comment about the new attachment into the database.
506
    my $comment = $cgi->param('comment');
507
    $comment = '' unless defined $comment;
508 509 510
    $bug->add_comment($comment, { isprivate => $attachment->isprivate,
                                  type => CMT_ATTACHMENT_CREATED,
                                  extra_data => $attachment->id });
511

512
  # Assign the bug to the user, if they are allowed to take it
513
  my $owner = "";
514
  if ($cgi->param('takebug') && $user->in_group('editbugs', $bug->product_id)) {
515 516 517 518 519
      # When taking a bug, we have to follow the workflow.
      my $bug_status = $cgi->param('bug_status') || '';
      ($bug_status) = grep {$_->name eq $bug_status} @{$bug->status->can_change_to};

      if ($bug_status && $bug_status->is_open
520 521
          && ($bug_status->name ne 'UNCONFIRMED' 
              || $bug->product_obj->allows_unconfirmed))
522
      {
523
          $bug->set_bug_status($bug_status->name);
524 525
          $bug->clear_resolution();
      }
526
      # Make sure the person we are taking the bug from gets mail.
527
      $owner = $bug->assigned_to->login;
528
      $bug->set_assigned_to($user);
529
  }
530 531
  $bug->update($timestamp);

532 533 534
  if ($token) {
      trick_taint($token);
      $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef,
535
               ("create_attachment:" . $attachment->id, $token));
536 537
  }

538
  $dbh->bz_commit_transaction;
539

540
  # Define the variables and functions that will be passed to the UI template.
541
  $vars->{'attachment'} = $attachment;
542 543 544 545
  # We cannot reuse the $bug object as delta_ts has eventually been updated
  # since the object was created.
  $vars->{'bugs'} = [new Bugzilla::Bug($bugid)];
  $vars->{'header_done'} = 1;
546
  $vars->{'contenttypemethod'} = $cgi->param('contenttypemethod');
547

548
  my $recipients =  { 'changer' => $user, 'owner' => $owner };
549 550
  $vars->{'sent_bugmail'} = Bugzilla::BugMail::Send($bugid, $recipients);

551
  print $cgi->header();
552
  # Generate and return the UI (HTML page) from the appropriate template.
553 554
  $template->process("attachment/created.html.tmpl", $vars)
    || ThrowTemplateError($template->error());
555 556
}

557 558 559 560
# Displays a form for editing attachment properties.
# Any user is allowed to access this page, unless the attachment
# is private and the user does not belong to the insider group.
# Validations are done later when the user submits changes.
561
sub edit {
562
  my $attachment = validateID();
563

564
  my $bugattachments =
565 566 567
      Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id);
  # We only want attachment IDs.
  @$bugattachments = map { $_->id } @$bugattachments;
568

569 570 571 572 573 574
  my $any_flags_requesteeble =
    grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types};
  # Useful in case a flagtype is no longer requestable but a requestee
  # has been set before we turned off that bit.
  $any_flags_requesteeble ||= grep { $_->requestee_id } @{$attachment->flags};
  $vars->{'any_flags_requesteeble'} = $any_flags_requesteeble;
575
  $vars->{'attachment'} = $attachment;
576
  $vars->{'attachments'} = $bugattachments;
577

578
  print $cgi->header();
579 580

  # Generate and return the UI (HTML page) from the appropriate template.
581 582
  $template->process("attachment/edit.html.tmpl", $vars)
    || ThrowTemplateError($template->error());
583 584
}

585 586
# Updates an attachment record. Only users with "editbugs" privileges,
# (or the original attachment's submitter) can edit the attachment.
587
# Users cannot edit the content of the attachment itself.
588
sub update {
589 590
    my $user = Bugzilla->user;
    my $dbh = Bugzilla->dbh;
591

592 593 594
    # Start a transaction in preparation for updating the attachment.
    $dbh->bz_start_transaction();

595
    # Retrieve and validate parameters
596
    my $attachment = validateID();
597 598
    my $bug = $attachment->bug;
    $attachment->_check_bug;
599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631
    my $can_edit = $attachment->validate_can_edit($bug->product_id);

    if ($can_edit) {
        $attachment->set_description(scalar $cgi->param('description'));
        $attachment->set_is_patch(scalar $cgi->param('ispatch'));
        $attachment->set_content_type(scalar $cgi->param('contenttypeentry'));
        $attachment->set_is_obsolete(scalar $cgi->param('isobsolete'));
        $attachment->set_is_private(scalar $cgi->param('isprivate'));
        $attachment->set_filename(scalar $cgi->param('filename'));

        # Now make sure the attachment has not been edited since we loaded the page.
        if (defined $cgi->param('delta_ts')
            && $cgi->param('delta_ts') ne $attachment->modification_time)
        {
            ($vars->{'operations'}) =
                Bugzilla::Bug::GetBugActivity($bug->id, $attachment->id, $cgi->param('delta_ts'));

            # The token contains the old modification_time. We need a new one.
            $cgi->param('token', issue_hash_token([$attachment->id, $attachment->modification_time]));

            # If the modification date changed but there is no entry in
            # the activity table, this means someone commented only.
            # In this case, there is no reason to midair.
            if (scalar(@{$vars->{'operations'}})) {
                $cgi->param('delta_ts', $attachment->modification_time);
                $vars->{'attachment'} = $attachment;

                print $cgi->header();
                # Warn the user about the mid-air collision and ask them what to do.
                $template->process("attachment/midair.html.tmpl", $vars)
                  || ThrowTemplateError($template->error());
                exit;
            }
632 633
        }
    }
634 635 636 637 638 639

    # We couldn't do this check earlier as we first had to validate attachment ID
    # and display the mid-air collision page if modification_time changed.
    my $token = $cgi->param('token');
    check_hash_token($token, [$attachment->id, $attachment->modification_time]);

640 641
    # If the user submitted a comment while editing the attachment,
    # add the comment to the bug. Do this after having validated isprivate!
642
    my $comment = $cgi->param('comment');
643
    if (defined $comment && trim($comment) ne '') {
644 645 646
        $bug->add_comment($comment, { isprivate => $attachment->isprivate,
                                      type => CMT_ATTACHMENT_UPDATED,
                                      extra_data => $attachment->id });
647 648
    }

649 650 651 652 653
    if ($can_edit) {
        my ($flags, $new_flags) =
          Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars);
        $attachment->set_flags($flags, $new_flags);
    }
654

655
    # Figure out when the changes were made.
656
    my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');
657

658 659 660 661 662 663 664
    if ($can_edit) {
        my $changes = $attachment->update($timestamp);
        # If there are changes, we updated delta_ts in the DB. We have to
        # reflect this change in the bug object.
        $bug->{delta_ts} = $timestamp if scalar(keys %$changes);
    }

665
    # Commit the comment, if any.
666
    $bug->update($timestamp);
667

668 669
    # Commit the transaction now that we are finished updating the database.
    $dbh->bz_commit_transaction();
670

671 672 673 674
    # Define the variables and functions that will be passed to the UI template.
    $vars->{'attachment'} = $attachment;
    $vars->{'bugs'} = [$bug];
    $vars->{'header_done'} = 1;
675
    $vars->{'sent_bugmail'} = 
676
        Bugzilla::BugMail::Send($bug->id, { 'changer' => $user });
677

678
    print $cgi->header();
679

680 681 682
    # Generate and return the UI (HTML page) from the appropriate template.
    $template->process("attachment/updated.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
683
}
684 685 686 687 688 689 690 691 692 693 694 695 696

# Only administrators can delete attachments.
sub delete_attachment {
    my $user = Bugzilla->login(LOGIN_REQUIRED);
    my $dbh = Bugzilla->dbh;

    print $cgi->header();

    $user->in_group('admin')
      || ThrowUserError('auth_failure', {group  => 'admin',
                                         action => 'delete',
                                         object => 'attachment'});

697
    Bugzilla->params->{'allow_attachment_deletion'}
698 699 700
      || ThrowUserError('attachment_deletion_disabled');

    # Make sure the administrator is allowed to edit this attachment.
701
    my $attachment = validateID();
702
    Bugzilla::Attachment->_check_bug($attachment->bug);
703 704 705 706 707 708 709 710 711

    $attachment->datasize || ThrowUserError('attachment_removed');

    # We don't want to let a malicious URL accidentally delete an attachment.
    my $token = trim($cgi->param('token'));
    if ($token) {
        my ($creator_id, $date, $event) = Bugzilla::Token::GetTokenData($token);
        unless ($creator_id
                  && ($creator_id == $user->id)
712
                  && ($event eq 'delete_attachment' . $attachment->id))
713 714
        {
            # The token is invalid.
715
            ThrowUserError('token_does_not_exist');
716 717
        }

718 719
        my $bug = new Bugzilla::Bug($attachment->bug_id);

720 721
        # The token is valid. Delete the content of the attachment.
        my $msg;
722
        $vars->{'attachment'} = $attachment;
723 724 725 726 727 728
        $vars->{'date'} = $date;
        $vars->{'reason'} = clean_text($cgi->param('reason') || '');

        $template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg)
          || ThrowTemplateError($template->error());

729 730 731
        # Paste the reason provided by the admin into a comment.
        $bug->add_comment($msg);

732 733 734 735
        # If the attachment is stored locally, remove it.
        if (-e $attachment->_get_local_filename) {
            unlink $attachment->_get_local_filename;
        }
736
        $attachment->remove_from_db();
737 738

        # Now delete the token.
739
        delete_token($token);
740

741 742
        # Insert the comment.
        $bug->update();
743

744
        # Required to display the bug the deleted attachment belongs to.
745
        $vars->{'bugs'} = [$bug];
746 747
        $vars->{'header_done'} = 1;

748
        $vars->{'sent_bugmail'} =
749
            Bugzilla::BugMail::Send($bug->id, { 'changer' => $user });
750

751 752 753 754 755
        $template->process("attachment/updated.html.tmpl", $vars)
          || ThrowTemplateError($template->error());
    }
    else {
        # Create a token.
756
        $token = issue_session_token('delete_attachment' . $attachment->id);
757 758 759 760 761 762 763 764

        $vars->{'a'} = $attachment;
        $vars->{'token'} = $token;

        $template->process("attachment/confirm-delete.html.tmpl", $vars)
          || ThrowTemplateError($template->error());
    }
}