Skip to content

bugzilla
bugzilla
Commit 27cf9640 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 238875: remove %FORM from post_bug.cgi - Patch by Teemu Mannermaa…

Bug 238875: remove %FORM from post_bug.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
parent f9289c13
Hide whitespace changes
Inline Side-by-side
Showing with 91 additions and 92 deletions
post_bug.cgi
View file @ 27cf9640
...@@ -70,9 +70,8 @@ my $dbh = Bugzilla->dbh; ...@@ -70,9 +70,8 @@ my $dbh = Bugzilla->dbh;
# enter_bug template and then referencing them in the comment template. # enter_bug template and then referencing them in the comment template.
my $comment; my $comment;
$vars->{'form'} = \%::FORM; my $format = GetFormat("bug/create/comment",
scalar($cgi->param('format')), "txt");
my $format = GetFormat("bug/create/comment", $::FORM{'format'}, "txt");
$template->process($format->{'template'}, $vars, \$comment) $template->process($format->{'template'}, $vars, \$comment)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
...@@ -81,22 +80,22 @@ ValidateComment($comment); ...@@ -81,22 +80,22 @@ ValidateComment($comment);
# Check that the product exists and that the user # Check that the product exists and that the user
# is allowed to submit bugs in this product. # is allowed to submit bugs in this product.
my $product = $::FORM{'product'}; my $product = $cgi->param('product');
if (!CanEnterProduct($product)) { if (!CanEnterProduct($product)) {
ThrowUserError("entry_access_denied", {product => $product}); ThrowUserError("entry_access_denied", {product => $product});
} }
my $product_id = get_product_id($product); my $product_id = get_product_id($product);
# Set cookies # Set cookies
if (exists $::FORM{'product'}) { if (defined $cgi->param('product')) {
if (exists $::FORM{'version'}) { if (defined $cgi->param('version')) {
$cgi->send_cookie(-name => "VERSION-$product", $cgi->send_cookie(-name => "VERSION-$product",
-value => $cgi->param('version'), -value => $cgi->param('version'),
-expires => "Fri, 01-Jan-2038 00:00:00 GMT"); -expires => "Fri, 01-Jan-2038 00:00:00 GMT");
} }
} }
if (defined $::FORM{'maketemplate'}) { if (defined $cgi->param('maketemplate')) {
$vars->{'url'} = $::buffer; $vars->{'url'} = $::buffer;
print $cgi->header(); print $cgi->header();
...@@ -108,34 +107,35 @@ if (defined $::FORM{'maketemplate'}) { ...@@ -108,34 +107,35 @@ if (defined $::FORM{'maketemplate'}) {
umask 0; umask 0;
# Some sanity checking # Some sanity checking
my $component_id = get_component_id($product_id, $::FORM{component}); my $component_id = get_component_id($product_id,
scalar($cgi->param('component')));
$component_id || ThrowUserError("require_component"); $component_id || ThrowUserError("require_component");
if (!defined $::FORM{'short_desc'} || trim($::FORM{'short_desc'}) eq "") { if (!$cgi->param('short_desc') || trim($cgi->param('short_desc')) eq "") {
ThrowUserError("require_summary"); ThrowUserError("require_summary");
} }
# Check that if required a description has been provided # Check that if required a description has been provided
# This has to go somewhere after 'maketemplate' # This has to go somewhere after 'maketemplate'
# or it breaks bookmarks with no comments. # or it breaks bookmarks with no comments.
if (Param("commentoncreate") && !trim($::FORM{'comment'})) { if (Param("commentoncreate") && !trim($cgi->param('comment'))) {
ThrowUserError("description_required"); ThrowUserError("description_required");
} }
# If bug_file_loc is "http://", the default, strip it out and use an empty # If bug_file_loc is "http://", the default, use an empty value instead.
# value. $cgi->param('bug_file_loc', '') if $cgi->param('bug_file_loc') eq 'http://';
$::FORM{'bug_file_loc'} = "" if $::FORM{'bug_file_loc'} eq 'http://';
my $sql_product = SqlQuote($cgi->param('product'));
my $sql_product = SqlQuote($::FORM{'product'}); my $sql_component = SqlQuote($cgi->param('component'));
my $sql_component = SqlQuote($::FORM{'component'});
# Default assignee is the component owner. # Default assignee is the component owner.
if (!UserInGroup("editbugs") || $::FORM{'assigned_to'} eq "") { if (!UserInGroup("editbugs") || $cgi->param('assigned_to') eq "") {
SendSQL("SELECT initialowner FROM components " . SendSQL("SELECT initialowner FROM components " .
"WHERE id = $component_id"); "WHERE id = $component_id");
$::FORM{'assigned_to'} = FetchOneColumn(); $cgi->param(-name => 'assigned_to', -value => FetchOneColumn());
} else { } else {
$::FORM{'assigned_to'} = DBNameToIdAndCheck(trim($::FORM{'assigned_to'})); $cgi->param(-name => 'assigned_to',
-value => DBNameToIdAndCheck(trim($cgi->param('assigned_to'))));
} }
my @bug_fields = ("version", "rep_platform", my @bug_fields = ("version", "rep_platform",
...@@ -146,50 +146,46 @@ my @bug_fields = ("version", "rep_platform", ...@@ -146,50 +146,46 @@ my @bug_fields = ("version", "rep_platform",
# Retrieve the default QA contact if the field is empty # Retrieve the default QA contact if the field is empty
if (Param("useqacontact")) { if (Param("useqacontact")) {
my $qa_contact; my $qa_contact;
if (!UserInGroup("editbugs") || trim($::FORM{'qa_contact'}) eq "") { if (!UserInGroup("editbugs") || !defined $cgi->param('qa_contact')
|| trim($cgi->param('qa_contact')) eq "") {
SendSQL("SELECT initialqacontact FROM components " . SendSQL("SELECT initialqacontact FROM components " .
"WHERE id = $component_id"); "WHERE id = $component_id");
$qa_contact = FetchOneColumn(); $qa_contact = FetchOneColumn();
} else { } else {
$qa_contact = DBNameToIdAndCheck(trim($::FORM{'qa_contact'})); $qa_contact = DBNameToIdAndCheck(trim($cgi->param('qa_contact')));
} }
if ($qa_contact) { if ($qa_contact) {
$::FORM{'qa_contact'} = $qa_contact; $cgi->param(-name => 'qa_contact', -value => $qa_contact);
push(@bug_fields, "qa_contact"); push(@bug_fields, "qa_contact");
} }
} }
if (UserInGroup("editbugs") || UserInGroup("canconfirm")) { if (UserInGroup("editbugs") || UserInGroup("canconfirm")) {
# Default to NEW if the user hasn't selected another status # Default to NEW if the user hasn't selected another status
$::FORM{'bug_status'} ||= "NEW"; if (!$cgi->param('bug_status')) {
$cgi->param(-name => 'bug_status', -value => "NEW");
}
} else { } else {
# Default to UNCONFIRMED if we are using it, NEW otherwise # Default to UNCONFIRMED if we are using it, NEW otherwise
$::FORM{'bug_status'} = 'UNCONFIRMED'; $cgi->param(-name => 'bug_status', -value => 'UNCONFIRMED');
SendSQL("SELECT votestoconfirm FROM products WHERE id = $product_id"); SendSQL("SELECT votestoconfirm FROM products WHERE id = $product_id");
if (!FetchOneColumn()) { if (!FetchOneColumn()) {
$::FORM{'bug_status'} = "NEW"; $cgi->param(-name => 'bug_status', -value => "NEW");
} }
} }
if (!exists $::FORM{'target_milestone'}) { if (!defined $cgi->param('target_milestone')) {
SendSQL("SELECT defaultmilestone FROM products WHERE name=$sql_product"); SendSQL("SELECT defaultmilestone FROM products WHERE name=$sql_product");
$::FORM{'target_milestone'} = FetchOneColumn(); $cgi->param(-name => 'target_milestone', -value => FetchOneColumn());
} }
if (!Param('letsubmitterchoosepriority')) { if (!Param('letsubmitterchoosepriority')) {
$::FORM{'priority'} = Param('defaultpriority'); $cgi->param(-name => 'priority', -value => Param('defaultpriority'));
} }
GetVersionTable(); GetVersionTable();
# XXX Temporar FORM compatibility code, reflect changes back to CGI object
$cgi->param('bug_file_loc', $::FORM{'bug_file_loc'});
$cgi->param('assigned_to', $::FORM{'assigned_to'});
$cgi->param('bug_status', $::FORM{'bug_status'});
$cgi->param('target_milestone', $::FORM{'target_milestone'});
$cgi->param('priority', $::FORM{'priority'});
# Some more sanity checking # Some more sanity checking
CheckFormField($cgi, 'product', \@::legal_product); CheckFormField($cgi, 'product', \@::legal_product);
CheckFormField($cgi, 'rep_platform', \@::legal_platform); CheckFormField($cgi, 'rep_platform', \@::legal_platform);
...@@ -206,37 +202,32 @@ CheckFormFieldDefined($cgi, 'comment'); ...@@ -206,37 +202,32 @@ CheckFormFieldDefined($cgi, 'comment');
my @used_fields; my @used_fields;
foreach my $field (@bug_fields) { foreach my $field (@bug_fields) {
if (exists $::FORM{$field}) { if (defined $cgi->param($field)) {
push (@used_fields, $field); push (@used_fields, $field);
} }
} }
if (exists $::FORM{'bug_status'} if (defined $cgi->param('bug_status')
&& $::FORM{'bug_status'} ne 'UNCONFIRMED') && $cgi->param('bug_status') ne 'UNCONFIRMED')
{ {
push(@used_fields, "everconfirmed"); push(@used_fields, "everconfirmed");
$::FORM{'everconfirmed'} = 1; $cgi->param(-name => 'everconfirmed', -value => 1);
} }
$::FORM{'product_id'} = $product_id; $cgi->param(-name => 'product_id', -value => $product_id);
push(@used_fields, "product_id"); push(@used_fields, "product_id");
$::FORM{component_id} = $component_id; $cgi->param(-name => 'component_id', -value => $component_id);
push(@used_fields, "component_id"); push(@used_fields, "component_id");
my %ccids; my %ccids;
my @cc;
# Create the ccid hash for inserting into the db # Create the ccid hash for inserting into the db
# and the list for passing to Bugzilla::BugMail::Send
# use a hash rather than a list to avoid adding users twice # use a hash rather than a list to avoid adding users twice
if (defined $::FORM{'cc'}) { if (defined $cgi->param('cc')) {
foreach my $person (split(/[ ,]/, $::FORM{'cc'})) { foreach my $person ($cgi->param('cc')) {
if ($person ne "") { my $ccid = DBNameToIdAndCheck($person);
my $ccid = DBNameToIdAndCheck($person); if ($ccid && !$ccids{$ccid}) {
if ($ccid && !$ccids{$ccid}) { $ccids{$ccid} = 1;
$ccids{$ccid} = 1;
push(@cc, $person);
}
} }
} }
} }
...@@ -245,8 +236,8 @@ if (defined $::FORM{'cc'}) { ...@@ -245,8 +236,8 @@ if (defined $::FORM{'cc'}) {
my @keywordlist; my @keywordlist;
my %keywordseen; my %keywordseen;
if ($::FORM{'keywords'} && UserInGroup("editbugs")) { if ($cgi->param('keywords') && UserInGroup("editbugs")) {
foreach my $keyword (split(/[\s,]+/, $::FORM{'keywords'})) { foreach my $keyword (split(/[\s,]+/, $cgi->param('keywords'))) {
if ($keyword eq '') { if ($keyword eq '') {
next; next;
} }
...@@ -264,27 +255,27 @@ if ($::FORM{'keywords'} && UserInGroup("editbugs")) { ...@@ -264,27 +255,27 @@ if ($::FORM{'keywords'} && UserInGroup("editbugs")) {
# Check for valid dependency info. # Check for valid dependency info.
foreach my $field ("dependson", "blocked") { foreach my $field ("dependson", "blocked") {
if (UserInGroup("editbugs") && defined($::FORM{$field}) && if (UserInGroup("editbugs") && defined($cgi->param($field)) &&
$::FORM{$field} ne "") { $cgi->param($field) ne "") {
my @validvalues; my @validvalues;
foreach my $id (split(/[\s,]+/, $::FORM{$field})) { foreach my $id (split(/[\s,]+/, $cgi->param($field))) {
next unless $id; next unless $id;
ValidateBugID($id, $field); ValidateBugID($id, $field);
push(@validvalues, $id); push(@validvalues, $id);
} }
$::FORM{$field} = join(",", @validvalues); $cgi->param(-name => $field, -value => join(",", @validvalues));
} }
} }
# Gather the dependecy list, and make sure there are no circular refs # Gather the dependecy list, and make sure there are no circular refs
my %deps; my %deps;
if (UserInGroup("editbugs") && defined($::FORM{'dependson'})) { if (UserInGroup("editbugs") && defined($cgi->param('dependson'))) {
my $me = "blocked"; my $me = "blocked";
my $target = "dependson"; my $target = "dependson";
my %deptree; my %deptree;
for (1..2) { for (1..2) {
$deptree{$target} = []; $deptree{$target} = [];
my %seen; my %seen;
foreach my $i (split('[\s,]+', $::FORM{$target})) { foreach my $i (split('[\s,]+', $cgi->param($target))) {
if (!exists $seen{$i}) { if (!exists $seen{$i}) {
push(@{$deptree{$target}}, $i); push(@{$deptree{$target}}, $i);
$seen{$i} = 1; $seen{$i} = 1;
...@@ -346,7 +337,7 @@ my $sql = "INSERT INTO bugs " . ...@@ -346,7 +337,7 @@ my $sql = "INSERT INTO bugs " .
"VALUES ("; "VALUES (";
foreach my $field (@used_fields) { foreach my $field (@used_fields) {
$sql .= SqlQuote($::FORM{$field}) . ","; $sql .= SqlQuote($cgi->param($field)) . ",";
} }
$comment =~ s/\r\n?/\n/g; # Get rid of \r. $comment =~ s/\r\n?/\n/g; # Get rid of \r.
...@@ -359,19 +350,19 @@ $sql .= "$::userid, $sql_timestamp, $sql_timestamp, "; ...@@ -359,19 +350,19 @@ $sql .= "$::userid, $sql_timestamp, $sql_timestamp, ";
# Time Tracking # Time Tracking
if (UserInGroup(Param("timetrackinggroup")) && if (UserInGroup(Param("timetrackinggroup")) &&
defined $::FORM{'estimated_time'}) { defined $cgi->param('estimated_time')) {
my $est_time = $::FORM{'estimated_time'}; my $est_time = $cgi->param('estimated_time');
Bugzilla::Bug::ValidateTime($est_time, 'estimated_time'); Bugzilla::Bug::ValidateTime($est_time, 'estimated_time');
$sql .= SqlQuote($est_time) . "," . SqlQuote($est_time) . ","; $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time) . ",";
} else { } else {
$sql .= "0, 0, "; $sql .= "0, 0, ";
} }
if ((UserInGroup(Param("timetrackinggroup"))) && ($::FORM{'deadline'})) { if ((UserInGroup(Param("timetrackinggroup"))) && ($cgi->param('deadline'))) {
Bugzilla::Util::ValidateDate($::FORM{'deadline'}, 'YYYY-MM-DD'); Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD');
my $str = $::FORM{'deadline'}; my $str = $cgi->param('deadline');
$sql .= SqlQuote($::FORM{'deadline'}); $sql .= SqlQuote($cgi->param('deadline'));
} else { } else {
$sql .= "NULL"; $sql .= "NULL";
} }
...@@ -380,10 +371,10 @@ $sql .= ")"; ...@@ -380,10 +371,10 @@ $sql .= ")";
# Groups # Groups
my @groupstoadd = (); my @groupstoadd = ();
foreach my $b (grep(/^bit-\d*$/, keys %::FORM)) { foreach my $b (grep(/^bit-\d*$/, $cgi->param())) {
if ($::FORM{$b}) { if ($cgi->param($b)) {
my $v = substr($b, 4); my $v = substr($b, 4);
$v =~ /^(\d+)$/ detaint_natural($v)
|| ThrowCodeError("group_id_invalid"); || ThrowCodeError("group_id_invalid");
if (!GroupIsActive($v)) { if (!GroupIsActive($v)) {
# Prevent the user from adding the bug to an inactive group. # Prevent the user from adding the bug to an inactive group.
...@@ -444,7 +435,7 @@ foreach my $grouptoadd (@groupstoadd) { ...@@ -444,7 +435,7 @@ foreach my $grouptoadd (@groupstoadd) {
# Add the initial comment, allowing for the fact that it may be private # Add the initial comment, allowing for the fact that it may be private
my $privacy = 0; my $privacy = 0;
if (Param("insidergroup") && UserInGroup(Param("insidergroup"))) { if (Param("insidergroup") && UserInGroup(Param("insidergroup"))) {
$privacy = $::FORM{'commentprivacy'} ? 1 : 0; $privacy = $cgi->param('commentprivacy') ? 1 : 0;
} }
SendSQL("INSERT INTO longdescs (bug_id, who, bug_when, thetext, isprivate) SendSQL("INSERT INTO longdescs (bug_id, who, bug_when, thetext, isprivate)
...@@ -474,7 +465,7 @@ if (UserInGroup("editbugs")) { ...@@ -474,7 +465,7 @@ if (UserInGroup("editbugs")) {
" keywords = " . SqlQuote(join(', ', @list)) . " keywords = " . SqlQuote(join(', ', @list)) .
" WHERE bug_id = $id"); " WHERE bug_id = $id");
} }
if (defined $::FORM{'dependson'}) { if (defined $cgi->param('dependson')) {
my $me = "blocked"; my $me = "blocked";
my $target = "dependson"; my $target = "dependson";
for (1..2) { for (1..2) {
......
template/en/default/bug/create/comment-guided.txt.tmpl
View file @ 27cf9640
...@@ -19,33 +19,37 @@ ...@@ -19,33 +19,37 @@
# Contributor(s): Gervase Markham <gerv@gerv.net> # Contributor(s): Gervase Markham <gerv@gerv.net>
#%] #%]
[%# INTERFACE: [%# INTERFACE:
# form: hash. This is the $::FORM variable from a bug submission (i.e. the # This template has no interface.
# fields on a template from enter_bug.cgi.) It can be used to pull out #
# various custom fields and format an initial Description entry from them. # Form variables from a bug submission (i.e. the fields on a template from
# enter_bug.cgi) can be access via Bugzilla.cgi.param. It can be used to
# pull out various custom fields and format an initial Description entry
# from them.
#%] #%]
[% USE Bugzilla %] [% USE Bugzilla %]
User-Agent: [%+ Bugzilla.cgi.user_agent() %] [% cgi = Bugzilla.cgi %]
Build Identifier: [%+ form.buildid %] User-Agent: [%+ cgi.user_agent() %]
Build Identifier: [%+ cgi.param("buildid") %]
[%+ form.comment IF form.comment %] [%+ cgi.param("comment") IF cgi.param("comment") %]
[%+ IF form.reproducible != "Choose one..." -%] [%+ IF cgi.param("reproducible") != "Choose one..." -%]
Reproducible: [%+ form.reproducible %] Reproducible: [%+ cgi.param("reproducible") %]
[% END %] [% END %]
[% IF !(form.reproduce_steps.match('^1\.\s+2\.\s+3\.\s+$') || form.reproduce_steps.match('^\s+$')) %] [% IF !(cgi.param("reproduce_steps").match('^1\.\s+2\.\s+3\.\s+$') || cgi.param("reproduce_steps").match('^\s+$')) %]
Steps to Reproduce: Steps to Reproduce:
[%+ form.reproduce_steps %] [%+ cgi.param("reproduce_steps") %]
[% END %] [% END %]
[% IF form.actual_results -%] [% IF cgi.param("actual_results") -%]
Actual Results: Actual Results:
[%+ form.actual_results %] [%+ cgi.param("actual_results") %]
[% END %] [% END %]
[% IF form.expected_results %] [% IF cgi.param("expected_results") %]
Expected Results: Expected Results:
[%+ form.expected_results %] [%+ cgi.param("expected_results") %]
[% END %] [% END %]
[%+ form.additional_info %] [%+ cgi.param("additional_info") %]
template/en/default/bug/create/comment.txt.tmpl
View file @ 27cf9640
...@@ -19,8 +19,12 @@ ...@@ -19,8 +19,12 @@
# Contributor(s): Gervase Markham <gerv@gerv.net> # Contributor(s): Gervase Markham <gerv@gerv.net>
#%] #%]
[%# INTERFACE: [%# INTERFACE:
# form: hash. This is the $::FORM variable from a bug submission (i.e. the # This template has no interface.
# fields on a template from enter_bug.cgi.) It can be used to pull out #
# various custom fields and format an initial Description entry from them. # Form variables from a bug submission (i.e. the fields on a template from
#%] # enter_bug.cgi) can be access via Bugzilla.cgi.param. It can be used to
[% form.comment %] # pull out various custom fields and format an initial Description entry
# from them.
#%]
[% USE Bugzilla %]
[% Bugzilla.cgi.param("comment") %]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment