You need to sign in or sign up before continuing.
quips.cgi 4.64 KB
Newer Older
1
#!/usr/bin/perl -wT
2 3 4
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
5
#
6 7
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
8 9

use strict;
10

11
use lib qw(. lib);
12

13
use Bugzilla;
14
use Bugzilla::Constants;
15 16 17
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
18
use Bugzilla::Token;
19

20
my $user = Bugzilla->login(LOGIN_REQUIRED);
21

22
my $cgi = Bugzilla->cgi;
23
my $dbh = Bugzilla->dbh;
24 25
my $template = Bugzilla->template;
my $vars = {};
26

27
my $action = $cgi->param('action') || "";
28
my $token = $cgi->param('token');
29

30
if ($action eq "show") {
31
    # Read in the entire quip list
32
    my $quipsref = $dbh->selectall_arrayref(
33
                       "SELECT quipid, userid, quip, approved FROM quips ORDER BY quipid");
34 35 36

    my $quips;
    my @quipids;
37 38
    foreach my $quipref (@$quipsref) {
        my ($quipid, $userid, $quip, $approved) = @$quipref;
39 40
        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 
                             'approved' => $approved};
41 42 43 44
        push(@quipids, $quipid);
    }

    my $users;
45
    my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
46
    foreach my $quipid (@quipids) {
47
        my $userid = $quips->{$quipid}{'userid'};
48
        if ($userid && not defined $users->{$userid}) {
49
            ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
50 51 52 53 54
        }
    }
    $vars->{'quipids'} = \@quipids;
    $vars->{'quips'} = $quips;
    $vars->{'users'} = $users;
55
    $vars->{'show_quips'} = 1;
56 57
}

58
if ($action eq "add") {
59
    (Bugzilla->params->{'quip_list_entry_control'} eq "closed") &&
60 61
      ThrowUserError("no_new_quips");

62
    check_hash_token($token, ['create-quips']);
63
    # Add the quip 
64
    my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open")
65
                   || $user->in_group('bz_quip_moderators') || 0;
66
    my $comment = $cgi->param("quip");
67
    $comment || ThrowUserError("need_quip");
68 69 70 71
    
    ThrowUserError("quip_too_long", { length => length($comment) }) 
        if length($comment) > MAX_QUIP_LENGTH;

72
    trick_taint($comment); # Used in a placeholder below
73

74
    $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
75
             undef, ($user->id, $comment, $approved));
76 77 78 79

    $vars->{'added_quip'} = $comment;
}

80
if ($action eq 'approve') {
81 82
    $user->in_group('bz_quip_moderators')
      || ThrowUserError("auth_failure", {group  => "bz_quip_moderators",
83 84
                                         action => "approve",
                                         object => "quips"});
85 86

    check_hash_token($token, ['approve-quips']);
87
    # Read in the entire quip list
88 89
    my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
    
90
    my %quips;
91 92
    foreach my $quipref (@$quipsref) {
        my ($quipid, $approved) = @$quipref;
93 94 95 96 97 98
        $quips{$quipid} = $approved;
    }

    my @approved;
    my @unapproved;
    foreach my $quipid (keys %quips) {
99 100 101 102 103 104 105 106 107 108 109 110
        # Must check for each quipid being defined for concurrency and
        # automated usage where only one quipid might be defined.
        my $quip = $cgi->param("quipid_$quipid") ? 1 : 0;
        if(defined($cgi->param("defined_quipid_$quipid"))) {
            if($quips{$quipid} != $quip) {
                if($quip) { 
                    push(@approved, $quipid); 
                } else { 
                    push(@unapproved, $quipid); 
                }
            }
        }
111
    }
112
    $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
113
            join(",", @approved) . ")") if($#approved > -1);
114
    $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
115 116 117 118 119
            join(",", @unapproved) . ")") if($#unapproved > -1);
    $vars->{ 'approved' }   = \@approved;
    $vars->{ 'unapproved' } = \@unapproved;
}

120
if ($action eq "delete") {
121 122
    $user->in_group('bz_quip_moderators')
      || ThrowUserError("auth_failure", {group  => "bz_quip_moderators",
123 124
                                         action => "delete",
                                         object => "quips"});
125
    my $quipid = $cgi->param("quipid");
126
    detaint_natural($quipid) || ThrowUserError("need_quipid");
127
    check_hash_token($token, ['quips', $quipid]);
128

129 130 131 132
    ($vars->{'deleted_quip'}) = $dbh->selectrow_array(
                                    "SELECT quip FROM quips WHERE quipid = ?",
                                    undef, $quipid);
    $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
133 134
}

135
print $cgi->header();
136 137
$template->process("list/quips.html.tmpl", $vars)
  || ThrowTemplateError($template->error());