Skip to content

bugzilla
bugzilla
Commit 719303d9 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 454251: Implement Bugzilla::Attachment->create() and $attachment->update() -…

Bug 454251: Implement Bugzilla::Attachment->create() and $attachment->update() - Patch by Fré©ric Buclin <LpSolit@gmail.com> a=LpSolit (module owner)
parent 4afa077f
Show whitespace changes
Inline Side-by-side
Showing with 481 additions and 460 deletions
Bugzilla/Attachment.pm
View file @ 719303d9
...@@ -86,6 +86,39 @@ sub DB_COLUMNS { ...@@ -86,6 +86,39 @@ sub DB_COLUMNS {
$dbh->sql_date_format('attachments.creation_ts', '%Y.%m.%d %H:%i') . ' AS creation_ts'; $dbh->sql_date_format('attachments.creation_ts', '%Y.%m.%d %H:%i') . ' AS creation_ts';
} }
use constant REQUIRED_CREATE_FIELDS => qw(
bug
data
description
filename
mimetype
);
use constant UPDATE_COLUMNS => qw(
description
filename
isobsolete
ispatch
isprivate
mimetype
modification_time
);
use constant VALIDATORS => {
bug => \&_check_bug,
description => \&_check_description,
isprivate => \&_check_is_private,
isurl => \&_check_is_url,
store_in_file => \&_check_store_in_file,
};
use constant UPDATE_VALIDATORS => {
filename => \&_check_filename,
isobsolete => \&Bugzilla::Object::check_boolean,
ispatch => \&Bugzilla::Object::check_boolean,
mimetype => \&_check_content_type,
};
############################### ###############################
#### Accessors ###### #### Accessors ######
############################### ###############################
...@@ -123,7 +156,7 @@ sub bug { ...@@ -123,7 +156,7 @@ sub bug {
my $self = shift; my $self = shift;
require Bugzilla::Bug; require Bugzilla::Bug;
$self->{bug} = Bugzilla::Bug->new($self->bug_id); $self->{bug} ||= Bugzilla::Bug->new($self->bug_id);
return $self->{bug}; return $self->{bug};
} }
...@@ -393,6 +426,13 @@ sub datasize { ...@@ -393,6 +426,13 @@ sub datasize {
return $self->{datasize}; return $self->{datasize};
} }
sub _get_local_filename {
my $self = shift;
my $hash = ($self->id % 100) + 100;
$hash =~ s/.*(\d\d)$/group.$1/;
return bz_locations()->{'attachdir'} . "/$hash/attachment." . $self->id;
}
=over =over
=item C<flags> =item C<flags>
...@@ -439,92 +479,164 @@ sub flag_types { ...@@ -439,92 +479,164 @@ sub flag_types {
#### Validators ###### #### Validators ######
############################### ###############################
# Instance methods; no POD documentation here yet because the only ones so far sub set_content_type { $_[0]->set('mimetype', $_[1]); }
# are private. sub set_description { $_[0]->set('description', $_[1]); }
sub set_filename { $_[0]->set('filename', $_[1]); }
sub set_is_obsolete { $_[0]->set('isobsolete', $_[1]); }
sub set_is_patch { $_[0]->set('ispatch', $_[1]); }
sub set_is_private { $_[0]->set('isprivate', $_[1]); }
sub _get_local_filename { sub _check_bug {
my $self = shift; my ($invocant, $bug) = @_;
my $hash = ($self->id % 100) + 100; my $user = Bugzilla->user;
$hash =~ s/.*(\d\d)$/group.$1/;
return bz_locations()->{'attachdir'} . "/$hash/attachment." . $self->id;
}
sub _validate_filename { $bug = ref $invocant ? $invocant->bug : $bug;
my ($throw_error) = @_; ($user->can_see_bug($bug->id) && $user->can_edit_product($bug->product_id))
my $cgi = Bugzilla->cgi; || ThrowUserError("illegal_attachment_edit_bug", { bug_id => $bug->id });
defined $cgi->upload('data')
|| ($throw_error ? ThrowUserError("file_not_specified") : return 0);
my $filename = $cgi->upload('data'); return $bug;
}
# Remove path info (if any) from the file name. The browser should do this sub _check_content_type {
# for us, but some are buggy. This may not work on Mac file names and could my ($invocant, $content_type) = @_;
# mess up file names with slashes in them, but them's the breaks. We only
# use this as a hint to users downloading attachments anyway, so it's not
# a big deal if it munges incorrectly occasionally.
$filename =~ s/^.*[\/\\]//;
# Truncate the filename to 100 characters, counting from the end of the $content_type = 'text/plain' if (ref $invocant && ($invocant->isurl || $invocant->ispatch));
# string to make sure we keep the filename extension. my $legal_types = join('|', LEGAL_CONTENT_TYPES);
$filename = substr($filename, -100, 100); if ($content_type !~ /^($legal_types)\/.+$/) {
ThrowUserError("invalid_content_type", { contenttype => $content_type });
}
trick_taint($content_type);
return $filename; return $content_type;
} }
sub _validate_data { sub _check_data {
my ($throw_error, $hr_vars) = @_; my ($invocant, $params) = @_;
my $cgi = Bugzilla->cgi;
my $fh;
# Skip uploading into a local variable if the user wants to upload huge
# attachments into local files.
if (!$cgi->param('bigfile')) {
$fh = $cgi->upload('data');
}
my $data; my $data;
if ($params->{isurl}) {
$data = $params->{data};
($data && $data =~ m#^(http|https|ftp)://\S+#)
|| ThrowUserError('attachment_illegal_url', { url => $data });
$params->{mimetype} = 'text/plain';
$params->{ispatch} = 0;
$params->{store_in_file} = 0;
}
else {
if ($params->{store_in_file} || !ref $params->{data}) {
# If it's a filehandle, just store it, not the content of the file
# itself as the file may be quite large. If it's not a filehandle,
# it already contains the content of the file.
$data = $params->{data};
# We could get away with reading only as much as required, except that then # We don't compress BMP images stored locally, nor do we check
# we wouldn't have a size to print to the error handler below. # their size. No need to go further.
if (!$cgi->param('bigfile')) { return $data if $params->{store_in_file};
# enable 'slurp' mode }
else {
# The file will be stored in the DB. We need the content of the file.
local $/; local $/;
my $fh = $params->{data};
$data = <$fh>; $data = <$fh>;
} }
$data $data || ThrowUserError('zero_length_file');
|| ($cgi->param('bigfile'))
|| ($throw_error ? ThrowUserError("zero_length_file") : return 0);
# This should go away, see bug 480986.
# Windows screenshots are usually uncompressed BMP files which # Windows screenshots are usually uncompressed BMP files which
# makes for a quick way to eat up disk space. Let's compress them. # makes for a quick way to eat up disk space. Let's compress them.
# We do this before we check the size since the uncompressed version # We do this before we check the size since the uncompressed version
# could easily be greater than maxattachmentsize. # could easily be greater than maxattachmentsize.
if (Bugzilla->params->{'convert_uncompressed_images'} if (Bugzilla->params->{'convert_uncompressed_images'}
&& $cgi->param('contenttype') eq 'image/bmp') { && $params->{mimetype} eq 'image/bmp')
{
require Image::Magick; require Image::Magick;
my $img = Image::Magick->new(magick=>'bmp'); my $img = Image::Magick->new(magick=>'bmp');
$img->BlobToImage($data); $img->BlobToImage($data);
$img->set(magick=>'png'); $img->set(magick=>'png');
my $imgdata = $img->ImageToBlob(); my $imgdata = $img->ImageToBlob();
$data = $imgdata; $data = $imgdata;
$cgi->param('contenttype', 'image/png'); $params->{mimetype} = 'image/png';
$hr_vars->{'convertedbmp'} = 1; # $hr_vars->{'convertedbmp'} = 1;
} }
# Make sure the attachment does not exceed the maximum permitted size # Make sure the attachment does not exceed the maximum permitted size.
my $maxsize = Bugzilla->params->{'maxattachmentsize'} * 1024; # Convert from K my $max_size = Bugzilla->params->{'maxattachmentsize'} * 1024; # Convert from K
my $len = $data ? length($data) : 0; my $len = length($data);
if ($maxsize && $len > $maxsize) { if ($len > $max_size) {
my $vars = { filesize => sprintf("%.0f", $len/1024) }; my $vars = { filesize => sprintf("%.0f", $len/1024) };
if ($cgi->param('ispatch')) { if ($params->{ispatch}) {
$throw_error ? ThrowUserError("patch_too_large", $vars) : return 0; ThrowUserError('patch_too_large', $vars);
} }
else { else {
$throw_error ? ThrowUserError("file_too_large", $vars) : return 0; ThrowUserError('file_too_large', $vars);
}
}
}
return $data;
}
sub _check_description {
my ($invocant, $description) = @_;
$description = trim($description);
$description || ThrowUserError('missing_attachment_description');
return $description;
}
sub _check_filename {
my ($invocant, $filename, $is_url) = @_;
$is_url = $invocant->isurl if ref $invocant;
# No file is attached, so it has no name.
return '' if $is_url;
$filename = trim($filename);
$filename || ThrowUserError('file_not_specified');
# Remove path info (if any) from the file name. The browser should do this
# for us, but some are buggy. This may not work on Mac file names and could
# mess up file names with slashes in them, but them's the breaks. We only
# use this as a hint to users downloading attachments anyway, so it's not
# a big deal if it munges incorrectly occasionally.
$filename =~ s/^.*[\/\\]//;
# Truncate the filename to 100 characters, counting from the end of the
# string to make sure we keep the filename extension.
$filename = substr($filename, -100, 100);
trick_taint($filename);
return $filename;
}
sub _check_is_private {
my ($invocant, $is_private) = @_;
if (((!ref $invocant && $is_private)
|| (ref $invocant && $invocant->isprivate != $is_private))
&& !Bugzilla->user->is_insider) {
ThrowUserError('user_not_insider');
} }
return $is_private ? 1 : 0;
}
sub _check_is_url {
my ($invocant, $is_url) = @_;
if ($is_url && !Bugzilla->params->{'allow_attach_url'}) {
ThrowCodeError('attachment_url_disabled');
} }
return $is_url ? 1 : 0;
}
sub _check_store_in_file {
my ($invocant, $store_in_file) = @_;
return $data || ''; if ($store_in_file && !Bugzilla->params->{'maxlocalattachment'}) {
ThrowCodeError('attachment_local_storage_disabled');
}
return $store_in_file ? 1 : 0;
} }
=pod =pod
...@@ -587,105 +699,6 @@ sub get_attachments_by_bug { ...@@ -587,105 +699,6 @@ sub get_attachments_by_bug {
=pod =pod
=item C<validate_is_patch()>
Description: validates the "patch" flag passed in by CGI.
Returns: 1 on success.
=cut
sub validate_is_patch {
my ($class, $throw_error) = @_;
my $cgi = Bugzilla->cgi;
# Set the ispatch flag to zero if it is undefined, since the UI uses
# an HTML checkbox to represent this flag, and unchecked HTML checkboxes
# do not get sent in HTML requests.
$cgi->param('ispatch', $cgi->param('ispatch') ? 1 : 0);
# Set the content type to text/plain if the attachment is a patch.
$cgi->param('contenttype', 'text/plain') if $cgi->param('ispatch');
return 1;
}
=pod
=item C<validate_description()>
Description: validates the description passed in by CGI.
Returns: 1 on success.
=cut
sub validate_description {
my ($class, $throw_error) = @_;
my $cgi = Bugzilla->cgi;
$cgi->param('description')
|| ($throw_error ? ThrowUserError("missing_attachment_description") : return 0);
return 1;
}
=pod
=item C<validate_content_type()>
Description: validates the content type passed in by CGI.
Returns: 1 on success.
=cut
sub validate_content_type {
my ($class, $throw_error) = @_;
my $cgi = Bugzilla->cgi;
if (!defined $cgi->param('contenttypemethod')) {
$throw_error ? ThrowUserError("missing_content_type_method") : return 0;
}
elsif ($cgi->param('contenttypemethod') eq 'autodetect') {
my $contenttype =
$cgi->uploadInfo($cgi->param('data'))->{'Content-Type'};
# The user asked us to auto-detect the content type, so use the type
# specified in the HTTP request headers.
if ( !$contenttype ) {
$throw_error ? ThrowUserError("missing_content_type") : return 0;
}
$cgi->param('contenttype', $contenttype);
}
elsif ($cgi->param('contenttypemethod') eq 'list') {
# The user selected a content type from the list, so use their
# selection.
$cgi->param('contenttype', $cgi->param('contenttypeselection'));
}
elsif ($cgi->param('contenttypemethod') eq 'manual') {
# The user entered a content type manually, so use their entry.
$cgi->param('contenttype', $cgi->param('contenttypeentry'));
}
else {
$throw_error ?
ThrowCodeError("illegal_content_type_method",
{ contenttypemethod => $cgi->param('contenttypemethod') }) :
return 0;
}
if ( $cgi->param('contenttype') !~
/^(application|audio|image|message|model|multipart|text|video)\/.+$/ ) {
$throw_error ?
ThrowUserError("invalid_content_type",
{ contenttype => $cgi->param('contenttype') }) :
return 0;
}
return 1;
}
=pod
=item C<validate_can_edit($attachment, $product_id)> =item C<validate_can_edit($attachment, $product_id)>
Description: validates if the user is allowed to view and edit the attachment. Description: validates if the user is allowed to view and edit the attachment.
...@@ -709,7 +722,7 @@ sub validate_can_edit { ...@@ -709,7 +722,7 @@ sub validate_can_edit {
|| ((!$attachment->isprivate || $user->is_insider) || ((!$attachment->isprivate || $user->is_insider)
&& $user->in_group('editbugs', $product_id))); && $user->in_group('editbugs', $product_id)));
# If we come here, then this attachment cannot be seen by the user. # If we come here, then this attachment cannot be edited by the user.
ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
} }
...@@ -727,14 +740,13 @@ Returns: 1 on success. Else an error is thrown. ...@@ -727,14 +740,13 @@ Returns: 1 on success. Else an error is thrown.
=cut =cut
sub validate_obsolete { sub validate_obsolete {
my ($class, $bug) = @_; my ($class, $bug, $list) = @_;
my $cgi = Bugzilla->cgi;
# Make sure the attachment id is valid and the user has permissions to view # Make sure the attachment id is valid and the user has permissions to view
# the bug to which it is attached. Make sure also that the user can view # the bug to which it is attached. Make sure also that the user can view
# the attachment itself. # the attachment itself.
my @obsolete_attachments; my @obsolete_attachments;
foreach my $attachid ($cgi->param('obsolete')) { foreach my $attachid (@$list) {
my $vars = {}; my $vars = {};
$vars->{'attach_id'} = $attachid; $vars->{'attach_id'} = $attachid;
...@@ -771,134 +783,78 @@ sub validate_obsolete { ...@@ -771,134 +783,78 @@ sub validate_obsolete {
=pod =pod
=item C<create($throw_error, $bug, $user, $timestamp, $hr_vars)> =item C<create>
Description: inserts an attachment from CGI input for the given bug. Description: inserts an attachment into the given bug.
Params: C<$bug> - Bugzilla::Bug object - the bug for which to insert Params: takes a hashref with the following keys:
C<bug> - Bugzilla::Bug object - the bug for which to insert
the attachment. the attachment.
C<$user> - Bugzilla::User object - the user we're inserting an C<data> - Either a filehandle pointing to the content of the
attachment for. attachment, or the content of the attachment itself.
C<$timestamp> - scalar - timestamp of the insert as returned C<description> - string - describe what the attachment is about.
by SELECT NOW(). C<filename> - string - the name of the attachment (used by the
C<$hr_vars> - hash reference - reference to a hash of template browser when downloading it). If the attachment is a URL, this
variables. parameter has no effect.
C<mimetype> - string - a valid MIME type.
Returns: the ID of the new attachment. C<creation_ts> - string (optional) - timestamp of the insert
as returned by SELECT NOW().
C<ispatch> - boolean (optional, default false) - true if the
attachment is a patch.
C<isprivate> - boolean (optional, default false) - true if
the attachment is private.
C<isurl> - boolean (optional, default false) - true if the
attachment is a URL pointing to some external ressource.
C<store_in_file> - boolean (optional, default false) - true
if the attachment must be stored in data/attachments/ instead
of in the DB.
Returns: The new attachment object.
=cut =cut
# FIXME: needs to follow the way Object->create() works.
sub create { sub create {
my ($class, $throw_error, $bug, $user, $timestamp, $hr_vars) = @_; my $class = shift;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $attachurl = $cgi->param('attachurl') || '';
my $data;
my $filename;
my $contenttype;
my $isurl;
$class->validate_is_patch($throw_error) || return;
$class->validate_description($throw_error) || return;
if (Bugzilla->params->{'allow_attach_url'}
&& ($attachurl =~ /^(http|https|ftp):\/\/\S+/)
&& !defined $cgi->upload('data'))
{
$filename = '';
$data = $attachurl;
$isurl = 1;
$contenttype = 'text/plain';
$cgi->param('ispatch', 0);
$cgi->delete('bigfile');
}
else {
$filename = _validate_filename($throw_error) || return;
# need to validate content type before data as
# we now check the content type for image/bmp in _validate_data()
unless ($cgi->param('ispatch')) {
$class->validate_content_type($throw_error) || return;
# Set the ispatch flag to 1 if we're set to autodetect
# and the content type is text/x-diff or text/x-patch
if ($cgi->param('contenttypemethod') eq 'autodetect'
&& $cgi->param('contenttype') =~ m{text/x-(?:diff|patch)})
{
$cgi->param('ispatch', 1);
$cgi->param('contenttype', 'text/plain');
}
}
$data = _validate_data($throw_error, $hr_vars);
# If the attachment is stored locally, $data eq ''.
# If an error is thrown, $data eq '0'.
($data ne '0') || return;
$contenttype = $cgi->param('contenttype');
# These are inserted using placeholders so no need to panic $class->check_required_create_fields(@_);
trick_taint($filename); my $params = $class->run_create_validators(@_);
trick_taint($contenttype);
$isurl = 0;
}
# Check attachments the user tries to mark as obsolete.
my @obsolete_attachments;
if ($cgi->param('obsolete')) {
@obsolete_attachments = $class->validate_obsolete($bug);
}
# The order of these function calls is important, as Flag::validate
# assumes User::match_field has ensured that the
# values in the requestee fields are legitimate user email addresses.
my $match_status = Bugzilla::User::match_field($cgi, {
'^requestee(_type)?-(\d+)$' => { 'type' => 'multi' },
}, MATCH_SKIP_CONFIRM);
$hr_vars->{'match_field'} = 'requestee';
if ($match_status == USER_MATCH_FAILED) {
$hr_vars->{'message'} = 'user_match_failed';
}
elsif ($match_status == USER_MATCH_MULTIPLE) {
$hr_vars->{'message'} = 'user_match_multiple';
}
# Escape characters in strings that will be used in SQL statements. # Extract everything which is not a valid column name.
my $description = $cgi->param('description'); my $bug = delete $params->{bug};
trick_taint($description); $params->{bug_id} = $bug->id;
my $isprivate = $cgi->param('isprivate') ? 1 : 0; my $fh = delete $params->{data};
my $store_in_file = delete $params->{store_in_file};
# Insert the attachment into the database. my $attachment = $class->insert_create_data($params);
my $sth = $dbh->do( my $attachid = $attachment->id;
"INSERT INTO attachments
(bug_id, creation_ts, modification_time, filename, description,
mimetype, ispatch, isurl, isprivate, submitter_id)
VALUES (?,?,?,?,?,?,?,?,?,?)", undef, ($bug->bug_id, $timestamp, $timestamp,
$filename, $description, $contenttype, $cgi->param('ispatch'),
$isurl, $isprivate, $user->id));
# Retrieve the ID of the newly created attachment record.
my $attachid = $dbh->bz_last_key('attachments', 'attach_id');
# We only use $data here in this INSERT with a placeholder, # We only use $data here in this INSERT with a placeholder,
# so it's safe. # so it's safe.
$sth = $dbh->prepare("INSERT INTO attach_data my $sth = $dbh->prepare("INSERT INTO attach_data
(id, thedata) VALUES ($attachid, ?)"); (id, thedata) VALUES ($attachid, ?)");
my $data = $store_in_file ? "" : $fh;
trick_taint($data); trick_taint($data);
$sth->bind_param(1, $data, $dbh->BLOB_TYPE); $sth->bind_param(1, $data, $dbh->BLOB_TYPE);
$sth->execute(); $sth->execute();
# If the file is to be stored locally, stream the file from the web server # If the file is to be stored locally, stream the file from the web server
# to the local file without reading it into a local variable. # to the local file without reading it into a local variable.
if ($cgi->param('bigfile')) { if ($store_in_file) {
my $limit = Bugzilla->params->{"maxlocalattachment"} * 1048576;
# If $fh is not a filehandle, we already know its size.
ThrowUserError("local_file_too_large") if (!ref($fh) && length($fh) > $limit);
my $attachdir = bz_locations()->{'attachdir'}; my $attachdir = bz_locations()->{'attachdir'};
my $fh = $cgi->upload('data');
my $hash = ($attachid % 100) + 100; my $hash = ($attachid % 100) + 100;
$hash =~ s/.*(\d\d)$/group.$1/; $hash =~ s/.*(\d\d)$/group.$1/;
mkdir "$attachdir/$hash", 0770; mkdir "$attachdir/$hash", 0770;
chmod 0770, "$attachdir/$hash"; chmod 0770, "$attachdir/$hash";
open(AH, ">$attachdir/$hash/attachment.$attachid"); open(AH, ">$attachdir/$hash/attachment.$attachid");
binmode AH; binmode AH;
if (ref $fh) {
my $sizecount = 0; my $sizecount = 0;
my $limit = (Bugzilla->params->{"maxlocalattachment"} * 1048576);
while (<$fh>) { while (<$fh>) {
print AH $_; print AH $_;
$sizecount += length($_); $sizecount += length($_);
...@@ -906,57 +862,68 @@ sub create { ...@@ -906,57 +862,68 @@ sub create {
close AH; close AH;
close $fh; close $fh;
unlink "$attachdir/$hash/attachment.$attachid"; unlink "$attachdir/$hash/attachment.$attachid";
$throw_error ? ThrowUserError("local_file_too_large") : return; ThrowUserError("local_file_too_large");
} }
} }
close AH;
close $fh; close $fh;
} }
else {
print AH $fh;
}
close AH;
}
# Make existing attachments obsolete. # Return the new attachment object.
my $fieldid = get_field_id('attachments.isobsolete'); return $attachment;
}
foreach my $obsolete_attachment (@obsolete_attachments) { sub run_create_validators {
# If the obsolete attachment has request flags, cancel them. my $class = shift;
# This call must be done before updating the 'attachments' table. my $params = $class->SUPER::run_create_validators(@_);
Bugzilla::Flag->CancelRequests($bug, $obsolete_attachment, $timestamp);
$dbh->do('UPDATE attachments SET isobsolete = 1, modification_time = ? $params->{data} = $class->_check_data($params);
WHERE attach_id = ?', # We couldn't call these checkers earlier as _check_data() could alter values.
undef, ($timestamp, $obsolete_attachment->id)); $params->{ispatch} = $params->{ispatch} ? 1 : 0;
$params->{filename} = $class->_check_filename($params->{filename}, $params->{isurl});
$params->{mimetype} = $class->_check_content_type($params->{mimetype});
$params->{creation_ts} ||= Bugzilla->dbh->selectrow_array('SELECT NOW()');
$params->{modification_time} = $params->{creation_ts};
$params->{submitter_id} = Bugzilla->user->id || ThrowCodeError('invalid_user');
$dbh->do('INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, return $params;
}
sub update {
my $self = shift;
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
my $bug = $self->bug;
my $timestamp = shift || $dbh->selectrow_array('SELECT NOW()');
$self->{modification_time} = $timestamp;
my ($changes, $old_self) = $self->SUPER::update(@_);
# Ignore this change.
delete $changes->{modification_time};
# Record changes in the activity table.
my $sth = $dbh->prepare('INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when,
fieldid, removed, added) fieldid, removed, added)
VALUES (?,?,?,?,?,?,?)', VALUES (?, ?, ?, ?, ?, ?, ?)');
undef, ($bug->bug_id, $obsolete_attachment->id, $user->id,
$timestamp, $fieldid, 0, 1)); foreach my $field (keys %$changes) {
} my $change = $changes->{$field};
my $fieldid = get_field_id("attachments.$field");
my $attachment = new Bugzilla::Attachment($attachid); $sth->execute($bug->id, $self->id, $user->id, $timestamp,
$fieldid, $change->[0], $change->[1]);
# 1. Add flags, if any. To avoid dying if something goes wrong
# while processing flags, we will eval() flag validation.
# This requires errors to die().
# XXX: this can go away as soon as flag validation is able to
# fail without dying.
#
# 2. Flag::validate() should not detect any reference to existing flags
# when creating a new attachment. Setting the third param to -1 will
# force this function to check this point.
my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE);
eval {
Bugzilla::Flag::validate($bug->bug_id, -1, SKIP_REQUESTEE_ON_ERROR);
Bugzilla::Flag->process($bug, $attachment, $timestamp, $hr_vars);
};
Bugzilla->error_mode($error_mode_cache);
if ($@) {
$hr_vars->{'message'} = 'flag_creation_failed';
$hr_vars->{'flag_creation_error'} = $@;
} }
# Return the new attachment object. if (scalar(keys %$changes)) {
return $attachment; $dbh->do('UPDATE bugs SET delta_ts = ? WHERE bug_id = ?',
undef, $timestamp, $bug->id);
}
return $changes;
} }
=pod =pod
...@@ -985,4 +952,50 @@ sub remove_from_db { ...@@ -985,4 +952,50 @@ sub remove_from_db {
$dbh->bz_commit_transaction(); $dbh->bz_commit_transaction();
} }
###############################
#### Helpers #####
###############################
# Extract the content type from the attachment form.
sub get_content_type {
my $cgi = Bugzilla->cgi;
return 'text/plain' if ($cgi->param('ispatch') || $cgi->param('attachurl'));
my $content_type;
if (!defined $cgi->param('contenttypemethod')) {
ThrowUserError("missing_content_type_method");
}
elsif ($cgi->param('contenttypemethod') eq 'autodetect') {
defined $cgi->upload('data') || ThrowUserError('file_not_specified');
# The user asked us to auto-detect the content type, so use the type
# specified in the HTTP request headers.
$content_type =
$cgi->uploadInfo($cgi->param('data'))->{'Content-Type'};
$content_type || ThrowUserError("missing_content_type");
# Set the ispatch flag to 1 if the content type
# is text/x-diff or text/x-patch
if ($content_type =~ m{text/x-(?:diff|patch)}) {
$cgi->param('ispatch', 1);
$content_type = 'text/plain';
}
}
elsif ($cgi->param('contenttypemethod') eq 'list') {
# The user selected a content type from the list, so use their
# selection.
$content_type = $cgi->param('contenttypeselection');
}
elsif ($cgi->param('contenttypemethod') eq 'manual') {
# The user entered a content type manually, so use their entry.
$content_type = $cgi->param('contenttypeentry');
}
else {
ThrowCodeError("illegal_content_type_method",
{ contenttypemethod => $cgi->param('contenttypemethod') });
}
return $content_type;
}
1; 1;
Bugzilla/Constants.pm
View file @ 719303d9
...@@ -148,6 +148,7 @@ use File::Basename; ...@@ -148,6 +148,7 @@ use File::Basename;
MAX_LOGINCOOKIE_AGE MAX_LOGINCOOKIE_AGE
SAFE_PROTOCOLS SAFE_PROTOCOLS
LEGAL_CONTENT_TYPES
MIN_SMALLINT MIN_SMALLINT
MAX_SMALLINT MAX_SMALLINT
...@@ -236,18 +237,6 @@ use constant LOGOUT_ALL => 0; ...@@ -236,18 +237,6 @@ use constant LOGOUT_ALL => 0;
use constant LOGOUT_CURRENT => 1; use constant LOGOUT_CURRENT => 1;
use constant LOGOUT_KEEP_CURRENT => 2; use constant LOGOUT_KEEP_CURRENT => 2;
use constant contenttypes =>
{
"html"=> "text/html" ,
"rdf" => "application/rdf+xml" ,
"atom"=> "application/atom+xml" ,
"xml" => "application/xml" ,
"js" => "application/x-javascript" ,
"csv" => "text/csv" ,
"png" => "image/png" ,
"ics" => "text/calendar" ,
};
use constant GRANT_DIRECT => 0; use constant GRANT_DIRECT => 0;
use constant GRANT_REGEXP => 2; use constant GRANT_REGEXP => 2;
...@@ -377,6 +366,22 @@ use constant SAFE_PROTOCOLS => ('afs', 'cid', 'ftp', 'gopher', 'http', 'https', ...@@ -377,6 +366,22 @@ use constant SAFE_PROTOCOLS => ('afs', 'cid', 'ftp', 'gopher', 'http', 'https',
'irc', 'mid', 'news', 'nntp', 'prospero', 'telnet', 'irc', 'mid', 'news', 'nntp', 'prospero', 'telnet',
'view-source', 'wais'); 'view-source', 'wais');
# Valid MIME types for attachments.
use constant LEGAL_CONTENT_TYPES => ('application', 'audio', 'image', 'message',
'model', 'multipart', 'text', 'video');
use constant contenttypes =>
{
"html"=> "text/html" ,
"rdf" => "application/rdf+xml" ,
"atom"=> "application/atom+xml" ,
"xml" => "application/xml" ,
"js" => "application/x-javascript" ,
"csv" => "text/csv" ,
"png" => "image/png" ,
"ics" => "text/calendar" ,
};
# Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode. # Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode.
use constant USAGE_MODE_BROWSER => 0; use constant USAGE_MODE_BROWSER => 0;
use constant USAGE_MODE_CMDLINE => 1; use constant USAGE_MODE_CMDLINE => 1;
......
Bugzilla/Flag.pm
View file @ 719303d9
...@@ -1057,6 +1057,46 @@ sub FormToNewFlags { ...@@ -1057,6 +1057,46 @@ sub FormToNewFlags {
return \@flags; return \@flags;
} }
# This is a helper to set flags on a new bug or attachment.
# For existing bugs and attachments, errors must be reported.
sub set_flags {
my ($class, $bug, $attachment, $timestamp, $vars) = @_;
my $cgi = Bugzilla->cgi;
# The order of these function calls is important, as Flag::validate
# assumes User::match_field has ensured that the
# values in the requestee fields are legitimate user email addresses.
my $match_status = Bugzilla::User::match_field($cgi, {
'^requestee(_type)?-(\d+)$' => { 'type' => 'multi' },
}, MATCH_SKIP_CONFIRM);
$vars->{'match_field'} = 'requestee';
if ($match_status == USER_MATCH_FAILED) {
$vars->{'message'} = 'user_match_failed';
}
elsif ($match_status == USER_MATCH_MULTIPLE) {
$vars->{'message'} = 'user_match_multiple';
}
# 1. Add flags, if any. To avoid dying if something goes wrong
# while processing flags, we will eval() flag validation.
#
# 2. Flag::validate() should not detect any reference to existing flags
# when creating a new attachment. Setting the third param to -1 will
# force this function to check this point.
my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE);
eval {
validate($bug->bug_id, $attachment ? -1 : undef, SKIP_REQUESTEE_ON_ERROR);
$class->process($bug, $attachment, $timestamp, $vars);
};
Bugzilla->error_mode($error_mode_cache);
if ($@) {
$vars->{'message'} = 'flag_creation_failed';
$vars->{'flag_creation_error'} = $@;
}
}
=pod =pod
=over =over
......
attachment.cgi
View file @ 719303d9
...@@ -237,20 +237,6 @@ sub validateContext ...@@ -237,20 +237,6 @@ sub validateContext
return $context; return $context;
} }
sub validateCanChangeBug
{
my ($bugid) = @_;
my $dbh = Bugzilla->dbh;
my ($productid) = $dbh->selectrow_array(
"SELECT product_id
FROM bugs
WHERE bug_id = ?", undef, $bugid);
Bugzilla->user->can_edit_product($productid)
|| ThrowUserError("illegal_attachment_edit_bug",
{ bug_id => $bugid });
}
################################################################################ ################################################################################
# Functions # Functions
################################################################################ ################################################################################
...@@ -316,12 +302,8 @@ sub view { ...@@ -316,12 +302,8 @@ sub view {
# Bug 111522: allow overriding content-type manually in the posted form # Bug 111522: allow overriding content-type manually in the posted form
# params. # params.
if (defined $cgi->param('content_type')) if (defined $cgi->param('content_type')) {
{ $contenttype = $attachment->_check_content_type($cgi->param('content_type'));
$cgi->param('contenttypemethod', 'manual');
$cgi->param('contenttypeentry', $cgi->param('content_type'));
Bugzilla::Attachment->validate_content_type(THROW_ERROR);
$contenttype = $cgi->param('content_type');
} }
# Return the appropriate HTTP response headers. # Return the appropriate HTTP response headers.
...@@ -392,7 +374,7 @@ sub enter { ...@@ -392,7 +374,7 @@ sub enter {
# Retrieve and validate parameters # Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id; my $bugid = $bug->id;
validateCanChangeBug($bugid); Bugzilla::Attachment->_check_bug($bug);
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user; my $user = Bugzilla->user;
...@@ -434,8 +416,7 @@ sub insert { ...@@ -434,8 +416,7 @@ sub insert {
# Retrieve and validate parameters # Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id; my $bugid = $bug->id;
validateCanChangeBug($bugid); my ($timestamp) = $dbh->selectrow_array("SELECT NOW()");
my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()");
# Detect if the user already used the same form to submit an attachment # Detect if the user already used the same form to submit an attachment
my $token = trim($cgi->param('token')); my $token = trim($cgi->param('token'));
...@@ -461,8 +442,48 @@ sub insert { ...@@ -461,8 +442,48 @@ sub insert {
} }
} }
my $attachment = # Check attachments the user tries to mark as obsolete.
Bugzilla::Attachment->create(THROW_ERROR, $bug, $user, $timestamp, $vars); my @obsolete_attachments;
if ($cgi->param('obsolete')) {
my @obsolete = $cgi->param('obsolete');
@obsolete_attachments = Bugzilla::Attachment->validate_obsolete($bug, \@obsolete);
}
# Must be called before create() as it may alter $cgi->param('ispatch').
my $content_type = Bugzilla::Attachment::get_content_type();
my $attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
data => scalar $cgi->param('attachurl') || $cgi->upload('data'),
description => scalar $cgi->param('description'),
filename => $cgi->param('attachurl') ? '' : scalar $cgi->upload('data'),
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
isurl => scalar $cgi->param('attachurl'),
mimetype => $content_type,
store_in_file => scalar $cgi->param('bigfile'),
});
Bugzilla::Flag->set_flags($bug, $attachment, $timestamp, $vars);
my $fieldid = get_field_id('attachments.isobsolete');
foreach my $obsolete_attachment (@obsolete_attachments) {
# If the obsolete attachment has request flags, cancel them.
# This call must be done before updating the 'attachments' table.
Bugzilla::Flag->CancelRequests($bug, $obsolete_attachment, $timestamp);
$dbh->do('UPDATE attachments SET isobsolete = 1, modification_time = ?
WHERE attach_id = ?',
undef, ($timestamp, $obsolete_attachment->id));
$dbh->do('INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when,
fieldid, removed, added)
VALUES (?,?,?,?,?,?,?)',
undef, ($bug->bug_id, $obsolete_attachment->id, $user->id,
$timestamp, $fieldid, 0, 1));
}
# Insert a comment about the new attachment into the database. # Insert a comment about the new attachment into the database.
my $comment = "Created an attachment (id=" . $attachment->id . ")\n" . my $comment = "Created an attachment (id=" . $attachment->id . ")\n" .
...@@ -538,25 +559,28 @@ sub edit { ...@@ -538,25 +559,28 @@ sub edit {
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
} }
# Updates an attachment record. Users with "editbugs" privileges, (or the # Updates an attachment record. Only users with "editbugs" privileges,
# original attachment's submitter) can edit the attachment's description, # (or the original attachment's submitter) can edit the attachment.
# content type, ispatch and isobsolete flags, and statuses, and they can
# also submit a comment that appears in the bug.
# Users cannot edit the content of the attachment itself. # Users cannot edit the content of the attachment itself.
sub update { sub update {
my $user = Bugzilla->user; my $user = Bugzilla->user;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
# Start a transaction in preparation for updating the attachment.
$dbh->bz_start_transaction();
# Retrieve and validate parameters # Retrieve and validate parameters
my $attachment = validateID(); my $attachment = validateID();
my $bug = new Bugzilla::Bug($attachment->bug_id); my $bug = $attachment->bug;
$attachment->validate_can_edit($bug->product_id); $attachment->_check_bug;
validateCanChangeBug($bug->id); $attachment->validate_can_edit($bug->product_id); # FIXME: allow comments anyway.
Bugzilla::Attachment->validate_description(THROW_ERROR);
Bugzilla::Attachment->validate_is_patch(THROW_ERROR); $attachment->set_description(scalar $cgi->param('description'));
Bugzilla::Attachment->validate_content_type(THROW_ERROR) unless $cgi->param('ispatch'); $attachment->set_is_patch(scalar $cgi->param('ispatch'));
$cgi->param('isobsolete', $cgi->param('isobsolete') ? 1 : 0); $attachment->set_content_type(scalar $cgi->param('contenttypeentry'));
$cgi->param('isprivate', $cgi->param('isprivate') ? 1 : 0); $attachment->set_is_obsolete(scalar $cgi->param('isobsolete'));
$attachment->set_is_private(scalar $cgi->param('isprivate'));
$attachment->set_filename(scalar $cgi->param('filename'));
# Now make sure the attachment has not been edited since we loaded the page. # Now make sure the attachment has not been edited since we loaded the page.
if (defined $cgi->param('delta_ts') if (defined $cgi->param('delta_ts')
...@@ -588,17 +612,6 @@ sub update { ...@@ -588,17 +612,6 @@ sub update {
my $token = $cgi->param('token'); my $token = $cgi->param('token');
check_hash_token($token, [$attachment->id, $attachment->modification_time]); check_hash_token($token, [$attachment->id, $attachment->modification_time]);
# If the submitter of the attachment is not in the insidergroup,
# be sure that he cannot overwrite the private bit.
# This check must be done before calling Bugzilla::Flag*::validate(),
# because they will look at the private bit when checking permissions.
# XXX - This is a ugly hack. Ideally, we shouldn't have to look at the
# old private bit twice (first here, and then below again), but this is
# the less risky change.
unless ($user->is_insider) {
$cgi->param('isprivate', $attachment->isprivate);
}
# If the user submitted a comment while editing the attachment, # If the user submitted a comment while editing the attachment,
# add the comment to the bug. Do this after having validated isprivate! # add the comment to the bug. Do this after having validated isprivate!
if ($cgi->param('comment')) { if ($cgi->param('comment')) {
...@@ -607,7 +620,7 @@ sub update { ...@@ -607,7 +620,7 @@ sub update {
my $comment = "(From update of attachment " . $attachment->id . ")\n" . my $comment = "(From update of attachment " . $attachment->id . ")\n" .
$cgi->param('comment'); $cgi->param('comment');
$bug->add_comment($comment, { isprivate => $cgi->param('isprivate') }); $bug->add_comment($comment, { isprivate => $attachment->isprivate });
} }
# The order of these function calls is important, as Flag::validate # The order of these function calls is important, as Flag::validate
...@@ -618,17 +631,6 @@ sub update { ...@@ -618,17 +631,6 @@ sub update {
}); });
Bugzilla::Flag::validate($bug->id, $attachment->id); Bugzilla::Flag::validate($bug->id, $attachment->id);
# Start a transaction in preparation for updating the attachment.
$dbh->bz_start_transaction();
# Quote the description and content type for use in the SQL UPDATE statement.
my $description = $cgi->param('description');
my $contenttype = $cgi->param('contenttype');
my $filename = $cgi->param('filename');
# we can detaint this way thanks to placeholders
trick_taint($description);
trick_taint($contenttype);
trick_taint($filename);
# Figure out when the changes were made. # Figure out when the changes were made.
my ($timestamp) = $dbh->selectrow_array("SELECT NOW()"); my ($timestamp) = $dbh->selectrow_array("SELECT NOW()");
...@@ -639,82 +641,17 @@ sub update { ...@@ -639,82 +641,17 @@ sub update {
# the user submits at the same time. # the user submits at the same time.
Bugzilla::Flag->process($bug, $attachment, $timestamp, $vars); Bugzilla::Flag->process($bug, $attachment, $timestamp, $vars);
# Update the attachment record in the database. $attachment->update($timestamp);
$dbh->do("UPDATE attachments # Commit the comment, if any.
SET description = ?, $bug->update();
mimetype = ?,
filename = ?,
ispatch = ?,
isobsolete = ?,
isprivate = ?,
modification_time = ?
WHERE attach_id = ?",
undef, ($description, $contenttype, $filename,
$cgi->param('ispatch'), $cgi->param('isobsolete'),
$cgi->param('isprivate'), $timestamp, $attachment->id));
my $updated_attachment = new Bugzilla::Attachment($attachment->id);
# Record changes in the activity table.
my $sth = $dbh->prepare('INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when,
fieldid, removed, added)
VALUES (?, ?, ?, ?, ?, ?, ?)');
# Flag for updating Last-Modified timestamp if record changed
my $updated = 0;
if ($attachment->description ne $updated_attachment->description) {
my $fieldid = get_field_id('attachments.description');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->description, $updated_attachment->description);
$updated = 1;
}
if ($attachment->contenttype ne $updated_attachment->contenttype) {
my $fieldid = get_field_id('attachments.mimetype');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->contenttype, $updated_attachment->contenttype);
$updated = 1;
}
if ($attachment->filename ne $updated_attachment->filename) {
my $fieldid = get_field_id('attachments.filename');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->filename, $updated_attachment->filename);
$updated = 1;
}
if ($attachment->ispatch != $updated_attachment->ispatch) {
my $fieldid = get_field_id('attachments.ispatch');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->ispatch, $updated_attachment->ispatch);
$updated = 1;
}
if ($attachment->isobsolete != $updated_attachment->isobsolete) {
my $fieldid = get_field_id('attachments.isobsolete');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->isobsolete, $updated_attachment->isobsolete);
$updated = 1;
}
if ($attachment->isprivate != $updated_attachment->isprivate) {
my $fieldid = get_field_id('attachments.isprivate');
$sth->execute($bug->id, $attachment->id, $user->id, $timestamp, $fieldid,
$attachment->isprivate, $updated_attachment->isprivate);
$updated = 1;
}
if ($updated) {
$dbh->do("UPDATE bugs SET delta_ts = ? WHERE bug_id = ?", undef,
$timestamp, $bug->id);
}
# Commit the transaction now that we are finished updating the database. # Commit the transaction now that we are finished updating the database.
$dbh->bz_commit_transaction(); $dbh->bz_commit_transaction();
# Commit the comment, if any.
$bug->update();
# Define the variables and functions that will be passed to the UI template. # Define the variables and functions that will be passed to the UI template.
$vars->{'mailrecipients'} = { 'changer' => Bugzilla->user->login }; $vars->{'mailrecipients'} = { 'changer' => $user->login };
$vars->{'attachment'} = $attachment; $vars->{'attachment'} = $attachment;
# We cannot reuse the $bug object as delta_ts has eventually been updated $vars->{'bugs'} = [$bug];
# since the object was created.
$vars->{'bugs'} = [new Bugzilla::Bug($bug->id)];
$vars->{'header_done'} = 1; $vars->{'header_done'} = 1;
$vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
...@@ -742,7 +679,7 @@ sub delete_attachment { ...@@ -742,7 +679,7 @@ sub delete_attachment {
# Make sure the administrator is allowed to edit this attachment. # Make sure the administrator is allowed to edit this attachment.
my $attachment = validateID(); my $attachment = validateID();
validateCanChangeBug($attachment->bug_id); Bugzilla::Attachment->_check_bug($attachment->bug);
$attachment->datasize || ThrowUserError('attachment_removed'); $attachment->datasize || ThrowUserError('attachment_removed');
......
post_bug.cgi
View file @ 719303d9
...@@ -85,12 +85,10 @@ if ($token) { ...@@ -85,12 +85,10 @@ if ($token) {
} }
# do a match on the fields if applicable # do a match on the fields if applicable
Bugzilla::User::match_field ($cgi, {
&Bugzilla::User::match_field ($cgi, {
'cc' => { 'type' => 'multi' }, 'cc' => { 'type' => 'multi' },
'assigned_to' => { 'type' => 'single' }, 'assigned_to' => { 'type' => 'single' },
'qa_contact' => { 'type' => 'single' }, 'qa_contact' => { 'type' => 'single' },
'^requestee_type-(\d+)$' => { 'type' => 'multi' },
}); });
if (defined $cgi->param('maketemplate')) { if (defined $cgi->param('maketemplate')) {
...@@ -194,10 +192,35 @@ if (defined $cgi->param('version')) { ...@@ -194,10 +192,35 @@ if (defined $cgi->param('version')) {
# Add an attachment if requested. # Add an attachment if requested.
if (defined($cgi->upload('data')) || $cgi->param('attachurl')) { if (defined($cgi->upload('data')) || $cgi->param('attachurl')) {
$cgi->param('isprivate', $cgi->param('commentprivacy')); $cgi->param('isprivate', $cgi->param('commentprivacy'));
my $attachment = Bugzilla::Attachment->create(!THROW_ERROR,
$bug, $user, $timestamp, $vars); # Must be called before create() as it may alter $cgi->param('ispatch').
my $content_type = Bugzilla::Attachment::get_content_type();
my $attachment;
# If the attachment cannot be successfully added to the bug,
# we notify the user, but we don't interrupt the bug creation process.
my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE);
eval {
$attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
data => scalar $cgi->param('attachurl') || $cgi->upload('data'),
description => scalar $cgi->param('description'),
filename => $cgi->param('attachurl') ? '' : scalar $cgi->upload('data'),
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
isurl => scalar $cgi->param('attachurl'),
mimetype => $content_type,
store_in_file => scalar $cgi->param('bigfile'),
});
};
Bugzilla->error_mode($error_mode_cache);
if ($attachment) { if ($attachment) {
# Set attachment flags.
Bugzilla::Flag->set_flags($bug, $attachment, $timestamp, $vars);
# Update the comment to include the new attachment ID. # Update the comment to include the new attachment ID.
# This string is hardcoded here because Template::quoteUrls() # This string is hardcoded here because Template::quoteUrls()
# expects to find this exact string. # expects to find this exact string.
...@@ -222,22 +245,8 @@ if (defined($cgi->upload('data')) || $cgi->param('attachurl')) { ...@@ -222,22 +245,8 @@ if (defined($cgi->upload('data')) || $cgi->param('attachurl')) {
}; };
} }
# Add flags, if any. To avoid dying if something goes wrong # Set bug flags.
# while processing flags, we will eval() flag validation. Bugzilla::Flag->set_flags($bug, undef, $timestamp, $vars);
# This requires errors to die().
# XXX: this can go away as soon as flag validation is able to
# fail without dying.
my $error_mode_cache = Bugzilla->error_mode;
Bugzilla->error_mode(ERROR_MODE_DIE);
eval {
Bugzilla::Flag::validate($id, undef, SKIP_REQUESTEE_ON_ERROR);
Bugzilla::Flag->process($bug, undef, $timestamp, $vars);
};
Bugzilla->error_mode($error_mode_cache);
if ($@) {
$vars->{'message'} = 'flag_creation_failed';
$vars->{'flag_creation_error'} = $@;
}
# Email everyone the details of the new bug # Email everyone the details of the new bug
$vars->{'mailrecipients'} = {'changer' => $user->login}; $vars->{'mailrecipients'} = {'changer' => $user->login};
......
template/en/default/global/code-error.html.tmpl
View file @ 719303d9
...@@ -47,6 +47,14 @@ ...@@ -47,6 +47,14 @@
Attachment #[% attach_id FILTER html %] ([% description FILTER html %]) Attachment #[% attach_id FILTER html %] ([% description FILTER html %])
is already obsolete. is already obsolete.
[% ELSIF error == "attachment_local_storage_disabled" %]
[% title = "Local Storage Disabled" %]
You cannot store attachments locally. This feature is disabled.
[% ELSIF error == "attachment_url_disabled" %]
[% title = "Attachment URL Disabled" %]
You cannot attach a URL. This feature is currently disabled.
[% ELSIF error == "auth_invalid_email" %] [% ELSIF error == "auth_invalid_email" %]
[% title = "Invalid Email Address" %] [% title = "Invalid Email Address" %]
We received an email address (<b>[% addr FILTER html %]</b>) We received an email address (<b>[% addr FILTER html %]</b>)
......
template/en/default/global/user-error.html.tmpl
View file @ 719303d9
...@@ -211,6 +211,11 @@ ...@@ -211,6 +211,11 @@
[% title = "Attachment Deletion Disabled" %] [% title = "Attachment Deletion Disabled" %]
Attachment deletion is disabled on this installation. Attachment deletion is disabled on this installation.
[% ELSIF error == "attachment_illegal_url" %]
[% title = "Illegal Attachment URL" %]
<em>[% url FILTER html %]</em> is not a legal URL for attachments.
It must start either with http://, https:// or ftp://.
[% ELSIF error == "attachment_removed" %] [% ELSIF error == "attachment_removed" %]
[% title = "Attachment Removed" %] [% title = "Attachment Removed" %]
The attachment you are attempting to access has been removed. The attachment you are attempting to access has been removed.
...@@ -875,8 +880,7 @@ ...@@ -875,8 +880,7 @@
[% title = "Invalid Content-Type" %] [% title = "Invalid Content-Type" %]
The content type <em>[% contenttype FILTER html %]</em> is invalid. The content type <em>[% contenttype FILTER html %]</em> is invalid.
Valid types must be of the form <em>foo/bar</em> where <em>foo</em> Valid types must be of the form <em>foo/bar</em> where <em>foo</em>
is either <em>application, audio, image, message, model, multipart, is one of <em>[% constants.LEGAL_CONTENT_TYPES.join(', ') FILTER html %]</em>.
text,</em> or <em>video</em>.
[% ELSIF error == "invalid_context" %] [% ELSIF error == "invalid_context" %]
[% title = "Invalid Context" %] [% title = "Invalid Context" %]
...@@ -1615,6 +1619,11 @@ ...@@ -1615,6 +1619,11 @@
<tt>[% name FILTER html %]</tt> does not exist or you are not allowed <tt>[% name FILTER html %]</tt> does not exist or you are not allowed
to see that user. to see that user.
[% ELSIF error == "user_not_insider" %]
[% title = "User Not In Insidergroup" %]
Sorry, but you are not allowed to (un)mark comments or attachments
as private.
[% ELSIF error == "votes_must_be_nonnegative" %] [% ELSIF error == "votes_must_be_nonnegative" %]
[% title = "Votes Must Be Non-negative" %] [% title = "Votes Must Be Non-negative" %]
[% admindocslinks = {'voting.html' => 'Setting up the voting feature'} %] [% admindocslinks = {'voting.html' => 'Setting up the voting feature'} %]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment