Bug 201816 - use CGI.pm for header output

Bugzilla/Auth/CGI.pm

@@ -70,9 +70,13 @@ sub login {
                  undef,
                  $userid, $ipaddr);
         my $logincookie = $dbh->selectrow_array("SELECT LAST_INSERT_ID()");
-        my $cookiepath = Param("cookiepath");
-        print "Set-Cookie: Bugzilla_login=$userid ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-        print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+
+        $cgi->send_cookie(-name => 'Bugzilla_login',
+                          -value => $userid,
+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+        $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+                          -value => $logincookie,
+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
 
         # compat code. The cookie value is used for logouts, and that
         # isn't generic yet.
@@ -120,7 +124,7 @@ sub login {
     if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) {
         # Throw up the login page
 
-        print "Content-Type: text/html\n\n";
+        print Bugzilla->cgi->header();
 
         my $template = Bugzilla->template;
         $template->process("account/auth/login.html.tmpl",
@@ -152,9 +156,12 @@ sub login {
     # The account may be disabled
     if ($authres == AUTH_DISABLED) {
         # Clear the cookie
-        my $cookiepath = Param("cookiepath");
-        print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
-        print "Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+
+        $cgi->send_cookie(-name => 'Bugzilla_login',
+                          -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
+        $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+                          -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
+
         # and throw a user error
         &::ThrowUserError("account_disabled",
                           {'disabled_reason' => $extra});

Bugzilla/CGI.pm

@@ -23,11 +23,12 @@ use strict;
 
 package Bugzilla::CGI;
 
-use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles);
+use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles :unique_headers);
 
 use base qw(CGI);
 
 use Bugzilla::Util;
+use Bugzilla::Config;
 
 # We need to disable output buffering - see bug 179174
 $| = 1;
@@ -44,6 +45,9 @@ sub new {
 
     my $self = $class->SUPER::new(@args);
 
+    # Make sure that we don't send any charset headers
+    $self->charset('');
+
     # Check for errors
     # All of the Bugzilla code wants to do this, so do it here instead of
     # in each script
@@ -62,20 +66,18 @@ sub new {
         # multipart requests, and so should never happen unless there is a
         # browser bug.
 
-        # Using CGI.pm to do this means that ThrowCodeError prints the
-        # content-type again...
-        #print $self->header(-status => $err);
-        print "Status: $err\n";
-
-        my $vars = {};
-        if ($err =~ m/(\d{3})\s(.*)/) {
-            $vars->{http_error_code} = $1;
-            $vars->{http_error_string} = $2;
-        } else {
-            $vars->{http_error_string} = $err;
-        }
-
-        &::ThrowCodeError("cgi_error", $vars);
+        print $self->header(-status => $err);
+
+        # ThrowCodeError wants to print the header, so it grabs Bugzilla->cgi
+        # which creates a new Bugzilla::CGI object, which fails again, which
+        # ends up here, and calls ThrowCodeError, and then recurses forever.
+        # So don't use it.
+        # In fact, we can't use templates at all, because we need a CGI object
+        # to determine the template lang as well as the current url (from the
+        # template)
+        # Since this is an internal error which indicates a severe browser bug,
+        # just die.
+        die "CGI parsing error: $err";
     }
 
     return $self;
@@ -105,6 +107,46 @@ sub canonicalise_query {
     return join("&", @parameters);
 }
 
+# CGI.pm makes this nph, but apache doesn't like that
+sub multipart_init {
+    my $self = shift;
+
+    unshift(@_, '-nph' => undef);
+
+    return $self->SUPER::multipart_init(@_);
+}
+
+sub cookie {
+    my $self = shift;
+
+    # Add the default path in, but only if we're fetching stuff
+    # (This test fails for |$cgi->cookie(-name=>'x')| which _is_ meant to
+    # fetch, but thats an ugly notation for the fetch case which we shouldn't
+    # be using)
+    unshift(@_, '-path' => Param('cookiepath')) if scalar(@_)>1;
+
+    return $self->SUPER::cookie(@_);
+}
+
+# The various parts of Bugzilla which create cookies don't want to have to
+# pass them arround to all of the callers. Instead, store them locally here,
+# and then output as required from |headers|.
+# This is done instead of just printing the result from the script, because
+# we need to use |$r->header_out| under mod_perl (which is what CGI.pm
+# does, and we need to match, plus if we don't |print| anything, we can turn
+# off mod_perl/Apache's header parsing for a small perf gain)
+sub send_cookie {
+    my $self = shift;
+
+    my $cookie = $self->cookie(@_);
+
+    # XXX - mod_perl
+    print "Set-Cookie: $cookie\r\n";
+
+    return;
+}
+
+
 1;
 
 __END__
@@ -149,4 +191,21 @@ I<Bugzilla::CGI> also includes additional functions.
 This returns a sorted string of the parameters, suitable for use in a url.
 Values in C<@exclude> are not included in the result.
 
+=item C<cookie>
+
+Identical to the CGI.pm C<cookie> routine, except that the cookie path is
+automatically added.
+
+=item C<send_cookie>
+
+This routine is identical to CGI.pm's C<cookie> routine, except that the cookie
+is sent to the browser, rather than returned. This should be used by all
+Bugzilla code (instead of C<cookie> or the C<-cookie> argument to C<header>),
+so that under mod_perl the headers can be sent correctly, using C<print> or
+the mod_perl APIs as appropriate.
+
 =back
+
+=head1 SEE ALSO
+
+L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>

Bugzilla/Constants.pm

@@ -47,7 +47,8 @@ use base qw(Exporter);
     LOGIN_NORMAL
     LOGIN_REQUIRED
 );
-   
+
+@Bugzilla::Constants::EXPORT_OK = qw(contenttypes);
 
 # CONSTANTS
 #
@@ -94,4 +95,14 @@ use constant LOGIN_OPTIONAL => 0;
 use constant LOGIN_NORMAL => 1;
 use constant LOGIN_REQUIRED => 2;
 
+use constant contenttypes =>
+  {
+   "html" => "text/html" , 
+   "rdf" => "application/xml" , 
+   "xml" => "text/xml" , 
+   "js" => "application/x-javascript" , 
+   "csv" => "text/plain" ,
+   "png" => "image/png" ,
+  };
+
 1;

Bugzilla/Error.pm

@@ -39,8 +39,7 @@ sub ThrowUserError {
 
     Bugzilla->dbh->do("UNLOCK TABLES") if $unlock_tables;
 
-    # XXX - mod_perl
-    print "Content-type: text/html\n\n" if !$::vars->{'header_done'};
+    print Bugzilla->cgi->header();
 
     my $template = Bugzilla->template;
     $template->process("global/user-error.html.tmpl", $vars)

Bugzilla/Flag.pm

@@ -587,7 +587,7 @@ sub notify {
     my $rv = 
       $::template->process($template_file, $::vars, \$message);
     if (!$rv) {
-        print "Content-Type: text/html\n\n" unless $::vars->{'header_done'};
+        Bugzilla->cgi->header();
         &::ThrowTemplateError($::template->error());
     }
     

Bugzilla/User.pm

@@ -366,7 +366,7 @@ sub match_field {
     $vars->{'matches'}       = $matches; # matches that were made
     $vars->{'matchsuccess'}  = $matchsuccess; # continue or fail
 
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     $::template->process("global/confirm-user-match.html.tmpl", $vars)
       || &::ThrowTemplateError($::template->error());

CGI.pl

@@ -59,7 +59,7 @@ if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) {
     $::vars->{'message'} = "shutdown";
     
     # Return the appropriate HTTP response headers.
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
     
     # Generate and return an HTML message about the downtime.
     $::template->process("global/message.html.tmpl", $::vars)
@@ -320,7 +320,7 @@ sub ThrowCodeError {
       $vars->{'variables'} = $extra_vars;
   }
   
-  print "Content-type: text/html\n\n" if !$vars->{'header_done'};
+  print Bugzilla->cgi->header();
   $template->process("global/code-error.html.tmpl", $vars)
     || ThrowTemplateError($template->error());
     

attachment.cgi

@@ -33,7 +33,6 @@ use strict;
 use lib qw(.);
 
 use vars qw(
-  $cgi
   $template
   $vars
 );
@@ -63,6 +62,8 @@ quietly_check_login();
 # to just above validateID().
 my $bugid;
 
+my $cgi = Bugzilla->cgi;
+
 ################################################################################
 # Main Body Execution
 ################################################################################
@@ -399,11 +400,12 @@ sub view
     # Return the appropriate HTTP response headers.
     $filename =~ s/^.*[\/\\]//;
     my $filesize = length($thedata);
-    print qq{Content-Type: $contenttype; name="$filename"\n};
-    print qq{Content-Disposition: inline; filename=$filename\n};
-    print qq{Content-Length: $filesize\n};
-    print qq{\n$thedata};
 
+    print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"",
+                                -content_disposition=> "inline; filename=$filename\n",
+                                -content_length => $filesize);
+
+    print $thedata;
 }
 
 
@@ -450,8 +452,7 @@ sub viewall
   $vars->{'bugsummary'} = $bugsummary;
   $vars->{'GetBugLink'} = \&GetBugLink;
 
-  # Return the appropriate HTTP response headers.
-  print "Content-Type: text/html\n\n";
+  print Bugzilla->cgi->header();
 
   # Generate and return the UI (HTML page) from the appropriate template.
   $template->process("attachment/show-multiple.html.tmpl", $vars)
@@ -495,8 +496,7 @@ sub enter
   $vars->{'bugsummary'} = $bugsummary;
   $vars->{'GetBugLink'} = \&GetBugLink;
 
-  # Return the appropriate HTTP response headers.
-  print "Content-Type: text/html\n\n";
+  print Bugzilla->cgi->header();
 
   # Generate and return the UI (HTML page) from the appropriate template.
   $template->process("attachment/create.html.tmpl", $vars)
@@ -604,8 +604,7 @@ sub insert
   $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};
   $vars->{'contenttype'} = $::FORM{'contenttype'};
 
-  # Return the appropriate HTTP response headers.
-  print "Content-Type: text/html\n\n";
+  print Bugzilla->cgi->header();
 
   # Generate and return the UI (HTML page) from the appropriate template.
   $template->process("attachment/created.html.tmpl", $vars)
@@ -667,8 +666,7 @@ sub edit
   $vars->{'attachments'} = \@bugattachments; 
   $vars->{'GetBugLink'} = \&GetBugLink;
 
-  # Return the appropriate HTTP response headers.
-  print "Content-Type: text/html\n\n";
+  print Bugzilla->cgi->header();
 
   # Generate and return the UI (HTML page) from the appropriate template.
   $template->process("attachment/edit.html.tmpl", $vars)
@@ -815,8 +813,7 @@ sub update
   $vars->{'attachid'} = $::FORM{'id'}; 
   $vars->{'bugid'} = $bugid; 
 
-  # Return the appropriate HTTP response headers.
-  print "Content-Type: text/html\n\n";
+  print Bugzilla->cgi->header();
 
   # Generate and return the UI (HTML page) from the appropriate template.
   $template->process("attachment/updated.html.tmpl", $vars)

buglist.cgi

@@ -33,7 +33,7 @@ use strict;
 
 use lib qw(.);
 
-use vars qw($cgi $template $vars);
+use vars qw($template $vars);
 
 use Bugzilla;
 use Bugzilla::Search;
@@ -56,10 +56,12 @@ use vars qw($db_name
             $userid
             @versions);
 
+my $cgi = Bugzilla->cgi;
+
 if (length($::buffer) == 0) {
-    print "Refresh: 10; URL=query.cgi\n";
+    print $cgi->header(-refresh=> '10; URL=query.cgi');
     ThrowUserError("buglist_parameters_required");
-}    
+}
 
 ConnectToDatabase();
 
@@ -131,8 +133,7 @@ if ($::FORM{'regetlastlist'}) {
 
 if ($::buffer =~ /&cmd-/) {
     my $url = "query.cgi?$::buffer#chart";
-    print "Refresh: 0; URL=$url\n";
-    print "Content-Type: text/html\n\n";
+    print $cgi->redirect(-location => $url);
     # Generate and return the UI (HTML page) from the appropriate template.
     $vars->{'message'} = "buglist_adding_field";
     $vars->{'url'} = $url;
@@ -257,8 +258,7 @@ if ($::FORM{'cmdtype'} eq "dorem") {
     }
     elsif ($::FORM{'remaction'} eq "load") {
         my $url = "query.cgi?" . LookupNamedQuery($::FORM{"namedcmd"});
-        print "Refresh: 0; URL=$url\n";
-        print "Content-Type: text/html\n\n";
+        print $cgi->redirect(-location=>$url);
         # Generate and return the UI (HTML page) from the appropriate template.
         $vars->{'message'} = "buglist_load_named_query";
         $vars->{'namedcmd'} = $::FORM{'namedcmd'};
@@ -282,7 +282,7 @@ if ($::FORM{'cmdtype'} eq "dorem") {
             $count++;
         }
 
-        print "Content-Type: text/html\n\n";
+        print $cgi->header();
         # Generate and return the UI (HTML page) from the appropriate template.
         $vars->{'message'} = "buglist_query_gone";
         $vars->{'namedcmd'} = $::FORM{'namedcmd'};
@@ -535,8 +535,8 @@ if ($order) {
                 if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) {
                     $vars->{'fragment'} = $fragment;
                     if ($order_from_cookie) {
-                        my $cookiepath = Param("cookiepath");
-                        print "Set-Cookie: LASTORDER= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+                        $cgi->send_cookie(-name => 'LASTORDER',
+                                          -expires => 'Tue, 15-Sep-1998 21:49:00 GMT');
                         ThrowCodeError("invalid_column_name_cookie");
                     }
                     else {
@@ -618,15 +618,15 @@ $query .= " ORDER BY $db_order " if ($order);
 # Time to use server push to display an interim message to the user until
 # the query completes and we can display the bug list.
 if ($serverpush) {
-    # Generate HTTP headers.
-    print "Content-Disposition: inline; filename=$filename\n";
-    print "Content-Type: multipart/x-mixed-replace;boundary=thisrandomstring\n\n";
-    print "--thisrandomstring\n";
-    print "Content-Type: text/html\n\n";
+    print $cgi->multipart_init(-content_disposition => "inline; filename=$filename");
+
+    print $cgi->multipart_start();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("list/server-push.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
+
+    print $cgi->multipart_end();
 }
 
 # Connect to the shadow database if this installation is using one to improve
@@ -800,39 +800,47 @@ if ($dotweak) {
 # HTTP Header Generation
 ################################################################################
 
-# If we are doing server push, output a separator string.
-print "\n--thisrandomstring\n" if $serverpush;
-    
 # Generate HTTP headers
 
-# Suggest a name for the bug list if the user wants to save it as a file.
-# If we are doing server push, then we did this already in the HTTP headers
-# that started the server push, so we don't have to do it again here.
-print "Content-Disposition: inline; filename=$filename\n" unless $serverpush;
+my $contenttype;
 
 if ($format->{'extension'} eq "html") {
     my $cookiepath = Param("cookiepath");
-    print "Content-Type: text/html\n";
 
     if ($order) {
         my $qorder = url_quote($order);
-        print "Set-Cookie: LASTORDER=$qorder ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+        $cgi->send_cookie(-name => 'LASTORDER',
+                          -value => $qorder,
+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
     }
     my $bugids = join(":", @bugidlist);
     # See also Bug 111999
     if (length($bugids) < 4000) {
-        print "Set-Cookie: BUGLIST=$bugids ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+        $cgi->send_cookie(-name => 'BUGLIST',
+                          -value => $bugids,
+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
     }
     else {
-        print "Set-Cookie: BUGLIST= ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+        $cgi->send_cookie(-name => 'BUGLIST',
+                          -expires => 'Tue, 15-Sep-1998 21:49:00 GMT');
         $vars->{'toolong'} = 1;
     }
+
+    $contenttype = "text/html";
 }
 else {
-    print "Content-Type: $format->{'ctype'}\n";
+    $contenttype = $format->{'ctype'};
 }
 
-print "\n"; # end HTTP headers
+if ($serverpush) {
+    print $cgi->multipart_start(-type=>$contenttype);
+} else {
+    # Suggest a name for the bug list if the user wants to save it as a file.
+    # If we are doing server push, then we did this already in the HTTP headers
+    # that started the server push, so we don't have to do it again here.
+    print $cgi->header(-type => $contenttype,
+                       -content_disposition => "inline; filename=$filename");
+}
 
 
 ################################################################################
@@ -848,4 +856,4 @@ $template->process($format->{'template'}, $vars)
 # Script Conclusion
 ################################################################################
 
-print "\n--thisrandomstring--\n" if $serverpush;
+print $cgi->multipart_final() if $serverpush;

checksetup.pl

@@ -211,7 +211,7 @@ my $modules = [
     }, 
     { 
         name => 'CGI', 
-        version => '2.88' 
+        version => '2.93' 
     }, 
     {
         name => 'Data::Dumper', 
@@ -587,24 +587,6 @@ LocalVar('platforms', '
 );
 ');
 
-
-
-LocalVar('contenttypes', '
-#
-# The types of content that template files can generate, indexed by file extension.
-#
-$contenttypes = {
-  "html" => "text/html" , 
-   "rdf" => "application/xml" , 
-   "xml" => "text/xml" , 
-    "js" => "application/x-javascript" , 
-   "csv" => "text/plain" ,
-   "png" => "image/png" ,
-};
-');
-
-
-
 if ($newstuff ne "") {
     print "\nThis version of Bugzilla contains some variables that you may want\n",
           "to change and adapt to your local settings. Please edit the file\n",

colchange.cgi

@@ -32,6 +32,8 @@ use vars qw(
   $vars
 );
 
+use Bugzilla;
+
 require "CGI.pl";
 
 ConnectToDatabase();
@@ -39,6 +41,8 @@ quietly_check_login();
 
 GetVersionTable();
 
+my $cgi = Bugzilla->cgi;
+
 # The master list not only says what fields are possible, but what order
 # they get displayed in.
 my @masterlist = ("opendate", "changeddate", "bug_severity", "priority",
@@ -87,12 +91,15 @@ if (defined $::FORM{'rememberedquery'}) {
     }
     my $list = join(" ", @collist);
     my $urlbase = Param("urlbase");
-    my $cookiepath = Param("cookiepath");
-    
-    print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-    print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-    print "Refresh: 0; URL=buglist.cgi?$::FORM{'rememberedquery'}\n";
-    print "Content-type: text/html\n\n";
+
+    $cgi->send_cookie(-name => 'COLUMNLIST',
+                      -value => $list,
+                      -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+    $cgi->send_cookie(-name => 'SPLITHEADER',
+                      -value => $::FORM{'splitheader'},
+                      -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+
+    print $cgi->redirect("buglist.cgi?$::FORM{'rememberedquery'}");
     $vars->{'message'} = "change_columns";
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -111,6 +118,6 @@ $vars->{'splitheader'} = $::COOKIE{'SPLITHEADER'} ? 1 : 0;
 $vars->{'buffer'} = $::buffer;
 
 # Generate and return the UI (HTML page) from the appropriate template.
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $template->process("list/change-columns.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

createaccount.cgi

@@ -47,13 +47,16 @@ unless (Bugzilla::Auth->can_edit) {
   ThrowUserError("auth_cant_create_account");
 }
 
+my $cgi = Bugzilla->cgi;
+
 # Clear out the login cookies.  Make people log in again if they create an
 # account; otherwise, they'll probably get confused.
-my $cookiepath = Param("cookiepath");
-print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+$cgi->send_cookie(-name => 'Bugzilla_login',
+                  -expires => 'Tue, 15-Sep-1998 21:49:00 GMT');
+$cgi->send_cookie(-name => 'Bugzilla_logincookie',
+                  -expires => 'Tue, 15-Sep-1998 21:49:00 GMT');
 
-print "Content-Type: text/html\n\n";
+print $cgi->header();
 
 my $login = $::FORM{'login'};
 

describecomponents.cgi

@@ -31,6 +31,8 @@ use strict;
 
 use lib qw(.);
 
+use Bugzilla;
+
 require "CGI.pl";
 
 ConnectToDatabase();
@@ -38,6 +40,8 @@ quietly_check_login();
 
 GetVersionTable();
 
+my $cgi = Bugzilla->cgi;
+
 if (!defined $::FORM{'product'}) {
     # Reference to a subset of %::proddesc, which the user is allowed to see
     my %products;
@@ -63,7 +67,7 @@ if (!defined $::FORM{'product'}) {
         $::vars->{'proddesc'} = \%products;
         $::vars->{'target'} = "describecomponents.cgi";
 
-        print "Content-type: text/html\n\n";
+        print $cgi->header();
         $::template->process("global/choose-product.html.tmpl", $::vars)
           || ThrowTemplateError($::template->error());
         exit;
@@ -118,7 +122,7 @@ while (MoreSQLData()) {
 $::vars->{'product'} = $product;
 $::vars->{'components'} = \@components;
 
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $::template->process("reports/components.html.tmpl", $::vars)
   || ThrowTemplateError($::template->error());
 

describekeywords.cgi

@@ -24,6 +24,8 @@
 use strict;
 use lib ".";
 
+use Bugzilla;
+
 require "CGI.pl";
 
 # Use the global template variables. 
@@ -33,6 +35,8 @@ ConnectToDatabase();
 
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 SendSQL("SELECT keyworddefs.name, keyworddefs.description, 
                 COUNT(keywords.bug_id)
          FROM keyworddefs LEFT JOIN keywords ON keyworddefs.id=keywords.keywordid
@@ -52,6 +56,6 @@ while (MoreSQLData()) {
 $vars->{'keywords'} = \@keywords;
 $vars->{'caneditkeywords'} = UserInGroup("editkeywords");
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 $template->process("reports/keywords.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

doeditparams.cgi

@@ -25,6 +25,7 @@ use strict;
 
 use lib qw(.);
 
+use Bugzilla;
 use Bugzilla::Config qw(:DEFAULT :admin);
 
 require "CGI.pl";
@@ -34,7 +35,9 @@ use vars %::MFORM;
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+my $cgi = Bugzilla->cgi;
+
+print $cgi->header();
 
 if (!UserInGroup("tweakparams")) {
     print "<H1>Sorry, you aren't a member of the 'tweakparams' group.</H1>\n";

duplicates.cgi

@@ -36,15 +36,18 @@ use vars qw($buffer);
 
 use Bugzilla;
 use Bugzilla::Search;
-use Bugzilla::CGI;
+
+my $cgi = Bugzilla->cgi;
 
 # Go directly to the XUL version of the duplicates report (duplicates.xul)
 # if the user specified ctype=xul.  Adds params if they exist, and directs
 # the user to a signed copy of the script in duplicates.jar if it exists.
 if ($::FORM{'ctype'} && $::FORM{'ctype'} eq "xul") {
     my $params = CanonicaliseParams($::buffer, ["format", "ctype"]);
-    print "Location: " . (-e "duplicates.jar" ? "duplicates.jar!/" : "") . 
+    my $url = (-e "duplicates.jar" ? "duplicates.jar!/" : "") . 
           "duplicates.xul" . ($params ? "?$params" : "") . "\n\n";
+
+    print $cgi->redirect($url);
     exit;
 }
 
@@ -261,8 +264,8 @@ $vars->{'products'} = \@::legal_product;
 
 my $format = 
   GetFormat("reports/duplicates", $::FORM{'format'}, $::FORM{'ctype'});
- 
-print "Content-Type: $format->{'ctype'}\n\n";
+
+print $cgi->header($format->{'ctype'});
 
 # Generate and return the UI (HTML page) from the appropriate template.
 $template->process($format->{'template'}, $vars)

editcomponents.cgi

@@ -191,7 +191,7 @@ sub PutTrailer (@)
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 unless (UserInGroup("editcomponents")) {
     PutHeader("Not allowed");

editflagtypes.cgi

@@ -35,6 +35,7 @@ require "CGI.pl";
 ConnectToDatabase();
 
 # Use Bugzilla's flag modules for handling flag types.
+use Bugzilla;
 use Bugzilla::Flag;
 use Bugzilla::FlagType;
 
@@ -94,7 +95,7 @@ sub list {
       Bugzilla::FlagType::match({ 'target_type' => 'attachment' }, 1);
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("admin/flag-type/list.html.tmpl", $vars)
@@ -138,7 +139,7 @@ sub edit {
     }
     
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("admin/flag-type/edit.html.tmpl", $vars)
@@ -189,7 +190,7 @@ sub processCategoryChange {
     $vars->{'type'} = $type;
     
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("admin/flag-type/edit.html.tmpl", $vars)
@@ -246,7 +247,7 @@ sub insert {
     $vars->{'message'} = "flag_type_created";
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("global/message.html.tmpl", $vars)
@@ -328,7 +329,7 @@ sub update {
     $vars->{'message'} = "flag_type_changes_saved";
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("global/message.html.tmpl", $vars)
@@ -348,7 +349,7 @@ sub confirmDelete
     $vars->{'flag_count'} = scalar($count);
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars)
@@ -380,7 +381,7 @@ sub delete {
     $vars->{'message'} = "flag_type_deleted";
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("global/message.html.tmpl", $vars)
@@ -400,7 +401,7 @@ sub deactivate {
     $vars->{'flag_type'} = Bugzilla::FlagType::get($::FORM{'id'});
     
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("global/message.html.tmpl", $vars)

editgroups.cgi

@@ -33,7 +33,7 @@ require "CGI.pl";
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 if (!UserInGroup("creategroups")) {
     PutHeader("Not Authorized","Edit Groups","","Not Authorized for this function!");

editkeywords.cgi

@@ -110,7 +110,7 @@ sub Validate ($$) {
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 unless (UserInGroup("editkeywords")) {
     PutHeader("Not allowed");

editmilestones.cgi

@@ -148,7 +148,7 @@ sub PutTrailer (@)
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 unless (UserInGroup("editcomponents")) {
     PutHeader("Not allowed");

editparams.cgi

@@ -32,7 +32,7 @@ require "CGI.pl";
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 if (!UserInGroup("tweakparams")) {
     print "<H1>Sorry, you aren't a member of the 'tweakparams' group.</H1>\n";

editproducts.cgi

@@ -178,7 +178,7 @@ sub PutTrailer (@)
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 unless (UserInGroup("editcomponents")) {
     PutHeader("Not allowed");

editusers.cgi

@@ -236,7 +236,7 @@ sub PutTrailer (@)
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 $editall = UserInGroup("editusers");
 

editversions.cgi

@@ -157,7 +157,7 @@ sub PutTrailer (@)
 ConnectToDatabase();
 confirm_login();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 unless (UserInGroup("editcomponents")) {
     PutHeader("Not allowed");

enter_bug.cgi

@@ -36,6 +36,7 @@ use strict;
 
 use lib qw(.);
 
+use Bugzilla;
 use Bugzilla::Constants;
 require "CGI.pl";
 
@@ -65,6 +66,8 @@ ConnectToDatabase();
 # user is right from the start. 
 confirm_login() if AnyEntryGroups();
 
+my $cgi = Bugzilla->cgi;
+
 if (!defined $::FORM{'product'}) {
     GetVersionTable();
     quietly_check_login();
@@ -88,7 +91,7 @@ if (!defined $::FORM{'product'}) {
         $vars->{'target'} = "enter_bug.cgi";
         $vars->{'format'} = $::FORM{'format'};
         
-        print "Content-type: text/html\n\n";
+        print $cgi->header();
         $template->process("global/choose-product.html.tmpl", $vars)
           || ThrowTemplateError($template->error());
         exit;        
@@ -364,7 +367,7 @@ $vars->{'use_keywords'} = 1 if (@::legal_keywords);
 my $format = 
   GetFormat("bug/create/create", $::FORM{'format'}, $::FORM{'ctype'});
 
-print "Content-type: $format->{'ctype'}\n\n";
+print $cgi->header($format->{'ctype'});
 $template->process($format->{'template'}, $vars)
   || ThrowTemplateError($template->error());          
 

globals.pl

@@ -40,7 +40,6 @@ use Bugzilla::Config qw(:DEFAULT ChmodDataFile);
 sub globals_pl_sillyness {
     my $zz;
     $zz = @main::SqlStateStack;
-    $zz = $main::contenttypes;
     $zz = @main::default_column_list;
     $zz = $main::defaultqueryname;
     $zz = @main::enterable_products;
@@ -1536,7 +1535,7 @@ sub GetFormat {
     {
         'template'    => $template ,
         'extension'   => $ctype ,
-        'ctype' => $::contenttypes->{$ctype} ,
+        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype} ,
     };
 }
 

importxml.pl

@@ -59,6 +59,8 @@ BEGIN {
 chdir $::path;
 use lib ($::path);
 
+use Bugzilla;
+
 use XML::Parser;
 use Data::Dumper;
 $Data::Dumper::Useqq = 1;
@@ -136,7 +138,7 @@ sub Lock {
         open(LOCKFID, ">>data/maillock") || die "Can't open data/maillock: $!";
         my $val = flock(LOCKFID,2);
         if (!$val) { # '2' is magic 'exclusive lock' const.
-            print "Content-type: text/html\n\n";
+            print Bugzilla->cgi->header();
             print "Lock failed: $val\n";
         }
         chmod 0666, "data/maillock";

index.cgi

@@ -51,10 +51,12 @@ quietly_check_login('permit_anonymous');
 # Main Body Execution
 ###############################################################################
 
+my $cgi = Bugzilla->cgi;
+
 $vars->{'username'} = $::COOKIE{'Bugzilla_login'} || '';
 
 # Return the appropriate HTTP response headers.
-print "Content-Type: text/html\n\n";
+print $cgi->header();
 
 # Generate and return the UI (HTML page) from the appropriate template.
 $template->process("index.html.tmpl", $vars)

long_list.cgi

@@ -24,6 +24,8 @@
 use strict;
 use lib qw(.);
 
+use Bugzilla;
+
 require "CGI.pl";
 
 use vars qw($userid @legal_keywords %FORM);
@@ -37,6 +39,8 @@ quietly_check_login();
 
 GetVersionTable();
 
+my $cgi = Bugzilla->cgi;
+
 my $generic_query = "
   SELECT 
     bugs.bug_id, 
@@ -116,8 +120,7 @@ my @time = localtime(time());
 my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
 my $filename = "bugs-$date.html";
 
-print "Content-Type: text/html\n";
-print "Content-Disposition: inline; filename=$filename\n\n";
+print $cgi->header(-content_disposition => "inline; filename=$filename");
 
 # Generate and return the UI (HTML page) from the appropriate template.
 $template->process("bug/show-multiple.html.tmpl", $vars)

move.pl

@@ -31,6 +31,7 @@ require "CGI.pl";
 use vars qw($template $userid %COOKIE);
 
 use Bug;
+use Bugzilla;
 use Bugzilla::BugMail;
 
 $::lockcount = 0;
@@ -44,6 +45,8 @@ unless ( Param("move-enabled") ) {
 ConnectToDatabase();
 confirm_login();
 
+my $cgi = Bugzilla->cgi;
+
 sub Log {
     my ($str) = (@_);
     Lock();
@@ -59,7 +62,7 @@ sub Lock {
         open(LOCKFID, ">>data/maillock") || die "Can't open data/maillock: $!";
         my $val = flock(LOCKFID,2);
         if (!$val) { # '2' is magic 'exclusive lock' const.
-            print "Content-type: text/html\n\n";
+            print $cgi->header();
             print "Lock failed: $val\n";
         }
         chmod 0666, "data/maillock";
@@ -76,7 +79,7 @@ sub Unlock {
 }
 
 if ( !defined $::FORM{'buglist'} ) {
-  print "Content-type: text/html\n\n";
+  print $cgi->header();
   PutHeader("Move Bugs");
   print "Move bugs either from the bug display page or perform a ";
   print "<A HREF=\"query.cgi\">query</A> and change several bugs at once.\n";
@@ -91,7 +94,7 @@ my $movers = Param("movers");
 $movers =~ s/\s?,\s?/|/g;
 $movers =~ s/@/\@/g;
 unless ($exporter =~ /($movers)/) {
-  print "Content-type: text/html\n\n";
+  print $cgi->header();
   PutHeader("Move Bugs");
   print "<P>You do not have permission to move bugs<P>\n";
   PutFooter();

page.cgi

@@ -31,6 +31,9 @@
 use strict;
 
 use lib ".";
+
+use Bugzilla;
+
 require "CGI.pl";
 
 use vars qw($template $vars);
@@ -39,6 +42,8 @@ ConnectToDatabase();
 
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 if ($::FORM{'id'}) {
     # Remove all dodgy chars, and split into name and ctype.
     $::FORM{'id'} =~ s/[^\w\-\.]//g;
@@ -47,8 +52,8 @@ if ($::FORM{'id'}) {
     my $format = GetFormat($1, undef, $2);
     
     $vars->{'form'} = \%::FORM; 
-    
-    print "Content-Type: $format->{'ctype'}\n\n";
+
+    print $cgi->header($format->{'ctype'});
 
     $template->process("pages/$format->{'template'}", $vars)
       || ThrowTemplateError($template->error());

post_bug.cgi

@@ -26,6 +26,7 @@
 use strict;
 use lib qw(.);
 
+use Bugzilla;
 use Bugzilla::Constants;
 require "CGI.pl";
 
@@ -55,6 +56,8 @@ use vars qw($vars $template);
 ConnectToDatabase();
 my $whoid = confirm_login();
 
+my $cgi = Bugzilla->cgi;
+
 # do a match on the fields if applicable
 
 &Bugzilla::User::match_field ({
@@ -85,16 +88,17 @@ if (!$product_id) {
 # Set cookies
 my $cookiepath = Param("cookiepath");
 if (exists $::FORM{'product'}) {
-    if (exists $::FORM{'version'}) {           
-        print "Set-Cookie: VERSION-$product=$::FORM{'version'} ; " .
-              "path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; 
+    if (exists $::FORM{'version'}) {
+        $cgi->send_cookie(-name => "VERSION-$product",
+                          -value => $cgi->param('version'),
+                          -expires => "Fri, 01-Jan-2038 00:00:00 GMT");
     }
 }
 
 if (defined $::FORM{'maketemplate'}) {
     $vars->{'url'} = $::buffer;
     
-    print "Content-type: text/html\n\n";
+    print $cgi->header();
     $template->process("bug/create/make-template.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -491,7 +495,7 @@ if ($::COOKIE{"BUGLIST"}) {
 }
 $vars->{'bug_list'} = \@bug_list;
 
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $template->process("bug/create/created.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
 

process_bug.cgi

@@ -31,6 +31,7 @@ my $UserInCanConfirmGroupSet = -1;
 
 use lib qw(.);
 
+use Bugzilla;
 use Bugzilla::Constants;
 require "CGI.pl";
 
@@ -58,6 +59,8 @@ use vars qw(%versions
 ConnectToDatabase();
 my $whoid = confirm_login();
 
+my $cgi = Bugzilla->cgi;
+
 my $requiremilestone = 0;
 
 use vars qw($template $vars);
@@ -143,7 +146,7 @@ foreach my $field ("dependson", "blocked") {
 # End Data/Security Validation
 ######################################################################
 
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $vars->{'title_tag'} = "bug_processed";
 
 # Set the title if we can see a mid-air coming. This test may have false
@@ -493,7 +496,7 @@ sub DuplicateUserConfirm {
     
     # Confirm whether or not to add the reporter to the cc: list
     # of the original bug (the one this bug is being duped against).
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("bug/process/confirm-duplicate.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;

query.cgi

@@ -50,6 +50,9 @@ use vars qw(
 );
 
 ConnectToDatabase();
+
+my $cgi = Bugzilla->cgi;
+
 my $userid = 0;
 if (defined $::FORM{"GoAheadAndLogIn"}) {
     # We got here from a login page, probably from relogin.cgi.  We better
@@ -87,8 +90,8 @@ if ($userid) {
                             "($userid, $qname, " . SqlQuote($value) . ")");
                 }
             }
-            print "Set-Cookie: $cookiename= ; path=" . Param("cookiepath") . 
-                  "; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
+            $cgi->send_cookie(-name => $cookiename,
+                              -expires => "Fri, 01-Jan-2038 00:00:00 GMT");
         }
     }
 }
@@ -398,6 +401,8 @@ $vars->{'format'} = $::FORM{'format'};
 my $format = GetFormat("search/search", 
                        $::FORM{'query_format'} || $::FORM{'format'}, 
                        $::FORM{'ctype'});
-print "Content-Type: $format->{'ctype'}\n\n";
+
+print $cgi->header($format->{'ctype'});
+
 $template->process($format->{'template'}, $vars)
   || ThrowTemplateError($template->error());

queryhelp.cgi

@@ -35,7 +35,7 @@ quietly_check_login();
 
 GetVersionTable();
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 my $product = $::FORM{'product'};
 

quips.cgi

@@ -39,6 +39,8 @@ require "CGI.pl";
 ConnectToDatabase();
 confirm_login();
 
+my $cgi = Bugzilla->cgi;
+
 if (Param('enablequips') eq "off") {
     ThrowUserError("quips_disabled");
 }
@@ -129,6 +131,6 @@ if ($action eq "delete") {
     SendSQL("DELETE FROM quips WHERE quipid = $quipid");
 }
 
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $template->process("list/quips.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

relogin.cgi

@@ -37,6 +37,8 @@ require "CGI.pl";
 ConnectToDatabase();
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 if ($::userid) {
     # Even though we know the userid must match, we still check it in the
     # SQL as a sanity check, since there is no locking here, and if
@@ -49,17 +51,17 @@ if ($::userid) {
             "AND userid = $::userid");
 }
 
-my $cookiepath = Param("cookiepath");
-print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
-";
+$cgi->send_cookie(-name => "Bugzilla_login",
+                  -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
+$cgi->send_cookie(-name => "Bugzilla_logincookie",
+                  -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
 
 delete $::COOKIE{"Bugzilla_login"};
 
-$vars->{'message'} = "logged_out";                          
+$vars->{'message'} = "logged_out";
 $vars->{'user'} = {};
 
-print "Content-Type: text/html\n\n";
+print $cgi->header();
 $template->process("global/message.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
 

report.cgi

@@ -26,15 +26,19 @@ use lib ".";
 
 require "CGI.pl";
 
-use vars qw($cgi $template $vars);
+use vars qw($template $vars);
 
 use Bugzilla;
 
+my $cgi = Bugzilla->cgi;
+
 # Go straight back to query.cgi if we are adding a boolean chart.
 if (grep(/^cmd-/, $cgi->param())) {
     my $params = $cgi->canonicalise_query("format", "ctype");
-    print "Location: query.cgi?format=" . $cgi->param('query_format') . 
-                                           ($params ? "&$params" : "") . "\n\n";
+    my $location = "query.cgi?format=" . $cgi->param('query_format') . 
+      ($params ? "&$params" : "") . "\n\n";
+
+    print $cgi->redirect($location);
     exit;
 }
 
@@ -52,7 +56,7 @@ my $action = $cgi->param('action') || 'menu';
 
 if ($action eq "menu") {
     # No need to do any searching in this case, so bail out early.
-    print "Content-Type: text/html\n\n";
+    print $cgi->header();
     $template->process("reports/menu.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -276,8 +280,8 @@ $format->{'ctype'} = "text/html" if $::FORM{'debug'};
 my @time = localtime(time());
 my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
 my $filename = "report-$date.$format->{extension}";
-print "Content-Disposition: inline; filename=$filename\n";
-print "Content-Type: $format->{'ctype'}\n\n";
+print $cgi->header(-type => $format->{'ctype'},
+                   -content_disposition => "inline; filename=$filename");
 
 # Problems with this CGI are often due to malformed data. Setting debug=1
 # prints out both data structures.

reports.cgi

@@ -62,6 +62,8 @@ GetVersionTable();
 
 Bugzilla->switch_to_shadow_db();
 
+my $cgi = Bugzilla->cgi;
+
 # We only want those products that the user has permissions for.
 my @myproducts;
 push( @myproducts, "-All-");
@@ -69,7 +71,7 @@ push( @myproducts, GetSelectableProducts());
 
 if (! defined $FORM{'product'}) {
 
-    print "Content-type: text/html\n\n";
+    print $cgi->header();
     PutHeader("Bug Charts");
     choose_product(@myproducts);
     PutFooter();
@@ -93,10 +95,7 @@ if (! defined $FORM{'product'}) {
     # This means that is OK to detaint
     trick_taint($FORM{'product'});
 
-    # Output appropriate HTTP response headers
-    print "Content-type: text/html\n";
-    # Changing attachment to inline to resolve 46897 - zach@zachlipton.com
-    print "Content-disposition: inline; filename=bugzilla_report.html\n\n";
+    print $cgi->header(-Content_Disposition=>'inline; filename=bugzilla_report.html');
 
     PutHeader("Bug Charts");
 

request.cgi

@@ -266,7 +266,7 @@ sub queue {
     $vars->{'types'} = \@types;
 
     # Return the appropriate HTTP response headers.
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Generate and return the UI (HTML page) from the appropriate template.
     $template->process("request/queue.html.tmpl", $vars)

show_activity.cgi

@@ -51,7 +51,7 @@ ValidateBugID($::FORM{'id'});
 
 $vars->{'bug_id'} = $::FORM{'id'};
 
-print "Content-type: text/html\n\n";
+print Bugzilla->cgi->header();
 
 $template->process("bug/activity/show.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

show_bug.cgi

@@ -24,14 +24,18 @@ use strict;
 
 use lib qw(.);
 
+use Bugzilla;
+
 require "CGI.pl";
 
 ConnectToDatabase();
 
-use vars qw($cgi $template $vars $userid);
+use vars qw($template $vars $userid);
 
 use Bug;
 
+my $cgi = Bugzilla->cgi;
+
 if ($::FORM{'GoAheadAndLogIn'}) {
     confirm_login();
 } else {
@@ -44,7 +48,7 @@ my $single = !$cgi->param('format')
 
 # If we don't have an ID, _AND_ we're only doing a single bug, then prompt
 if (!defined $cgi->param('id') && $single) {
-    print "Content-type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("bug/choose.html.tmpl", $vars) ||
       ThrowTemplateError($template->error());
     exit;
@@ -100,6 +104,7 @@ foreach ($cgi->param("excludefield")) {
 
 $vars->{'displayfields'} = \%displayfields;
 
-print "Content-type: $format->{'ctype'}\n\n";
+print $cgi->header($format->{'ctype'});
+
 $template->process("$format->{'template'}", $vars)
   || ThrowTemplateError($template->error());

showattachment.cgi

@@ -25,12 +25,16 @@ use strict;
 
 use lib qw(.);
 
-require "CGI.pl";
+use Bugzilla;
+use Bugzilla::Util;
+
+my $cgi = Bugzilla->cgi;
+
+my $id = $cgi->param('attach_id');
+detaint_natural($id) if defined $id;
+$id ||= "";
+
+print $cgi->redirect(-location=>"attachment.cgi?id=$id&action=view",
+                     -status=>'301 Permanent Redirect');
 
-# Redirect to the new interface for displaying attachments.
-detaint_natural($::FORM{'attach_id'}) if defined($::FORM{'attach_id'});
-my $id = $::FORM{'attach_id'} || "";
-print "Status: 301 Permanent Redirect\n";
-print "Location: attachment.cgi?id=$id&action=view\n\n";
 exit;
- 

showdependencygraph.cgi

@@ -26,6 +26,7 @@ use strict;
 use lib qw(.);
 
 use File::Temp;
+use Bugzilla;
 
 require "CGI.pl";
 
@@ -33,6 +34,8 @@ ConnectToDatabase();
 
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 # Connect to the shadow database if this installation is using one to improve
 # performance.
 Bugzilla->switch_to_shadow_db();
@@ -228,6 +231,6 @@ $vars->{'rankdir'} = $::FORM{'rankdir'};
 $vars->{'showsummary'} = $::FORM{'showsummary'};
 
 # Generate and return the UI (HTML page) from the appropriate template.
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $template->process("bug/dependency-graph.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

showdependencytree.cgi

@@ -37,6 +37,8 @@ ConnectToDatabase();
 
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 # Connect to the shadow database if this installation is using one to improve
 # performance.
 Bugzilla->switch_to_shadow_db();
@@ -95,7 +97,7 @@ $vars->{'maxdepth'}       = $maxdepth;
 $vars->{'hide_resolved'}  = $hide_resolved;
 $vars->{'canedit'}        = UserInGroup("editbugs");
 
-print "Content-Type: text/html\n\n";
+print $cgi->header();
 $template->process("bug/dependency-tree.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
 

sidebar.cgi

@@ -29,6 +29,8 @@ use vars qw(
 ConnectToDatabase();
 quietly_check_login();
 
+my $cgi = Bugzilla->cgi;
+
 ###############################################################################
 # Main Body Execution
 ###############################################################################
@@ -63,13 +65,10 @@ if (defined $::COOKIE{'Bugzilla_login'}) {
 
 my $useragent = $ENV{HTTP_USER_AGENT};
 if ($useragent =~ m:Mozilla/([1-9][0-9]*):i && $1 >= 5 && $useragent !~ m/compatible/i) {
-    print "Content-type: application/vnd.mozilla.xul+xml\n\n";
+    print $cgi->header("application/vnd.mozilla.xul+xml");
     # Generate and return the XUL from the appropriate template.
     $template->process("sidebar.xul.tmpl", $vars)
       || ThrowTemplateError($template->error());
 } else {
     ThrowUserError("sidebar_supports_mozilla_only");
 }
-
-
-

template/en/default/global/code-error.html.tmpl

@@ -61,11 +61,6 @@
   [% ELSIF error == "bug_error" %]
     Trying to retrieve bug [% bug.bug_id %] returned the error
     [% bug.error FILTER html %]
-
-  [% ELSIF error == "cgi_error" %]
-    [% title = "CGI Error" %]
-    Bugzilla has had trouble interpreting your CGI request;
-    [%+ Param('browserbugmessage') %]
     
   [% ELSIF error == "chart_data_not_generated" %]
     The tool which gathers bug counts has not been run yet.

token.cgi

@@ -31,6 +31,8 @@ use lib qw(.);
 
 use vars qw($template $vars);
 
+use Bugzilla;
+
 # Include the Bugzilla CGI and general utility library.
 require "CGI.pl";
 
@@ -156,7 +158,7 @@ sub requestChangePassword {
 
     $vars->{'message'} = "password_change_request";
 
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
@@ -164,7 +166,7 @@ sub requestChangePassword {
 sub confirmChangePassword {
     $vars->{'token'} = $::token;
     
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("account/password/set-forgotten-password.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
@@ -173,7 +175,7 @@ sub cancelChangePassword {
     $vars->{'message'} = "password_change_canceled";
     Token::Cancel($::token, $vars->{'message'});
 
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
@@ -200,14 +202,14 @@ sub changePassword {
 
     $vars->{'message'} = "password_changed";
 
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
 
 sub confirmChangeEmail {
     # Return HTTP response headers.
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     $vars->{'token'} = $::token;
 
@@ -249,7 +251,7 @@ sub changeEmail {
     DeriveGroup($userid);
 
     # Return HTTP response headers.
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     # Let the user know their email address has been changed.
 
@@ -300,7 +302,7 @@ sub cancelChangeEmail {
     SendSQL("UNLOCK TABLES");
 
     # Return HTTP response headers.
-    print "Content-Type: text/html\n\n";
+    print Bugzilla->cgi->header();
 
     $template->process("global/message.html.tmpl", $vars)
       || ThrowTemplateError($template->error());

userprefs.cgi

@@ -24,6 +24,8 @@ use strict;
 
 use lib qw(.);
 
+use Bugzilla;
+
 require "CGI.pl";
 
 use RelationSet;
@@ -354,6 +356,8 @@ confirm_login();
 
 GetVersionTable();
 
+my $cgi = Bugzilla->cgi;
+
 $vars->{'login'} = $::COOKIE{'Bugzilla_login'};
 $vars->{'changes_saved'} = $::FORM{'dosave'};
 
@@ -390,7 +394,7 @@ SWITCH: for ($current_tab_name) {
 }
 
 # Generate and return the UI (HTML page) from the appropriate template.
-print "Content-type: text/html\n\n";
+print $cgi->header();
 $template->process("account/prefs/prefs.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
 

votes.cgi

@@ -26,14 +26,17 @@
 use strict;
 use lib ".";
 
-require "CGI.pl";
+use Bugzilla;
 
+require "CGI.pl";
 
 # Use global template variables
 use vars qw($template $vars);
 
 ConnectToDatabase();
 
+my $cgi = Bugzilla->cgi;
+
 # If the action is show_bug, you need a bug_id.
 # If the action is show_user, you can supply a userid to show the votes for
 # another user, otherwise you see your own.
@@ -86,6 +89,8 @@ exit;
 
 # Display the names of all the people voting for this one bug.
 sub show_bug {
+    my $cgi = Bugzilla->cgi;
+
     my $bug_id = $::FORM{'bug_id'} 
       || ThrowCodeError("missing_bug_id");
       
@@ -107,7 +112,7 @@ sub show_bug {
     $vars->{'users'} = \@users;
     $vars->{'total'} = $total;
     
-    print "Content-type: text/html\n\n";
+    print $cgi->header();
     $template->process("bug/votes/list-for-bug.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
@@ -117,6 +122,8 @@ sub show_bug {
 sub show_user {
     GetVersionTable();
     
+    my $cgi = Bugzilla->cgi;
+
     # If a bug_id is given, and we're editing, we'll add it to the votes list.
     my $bug_id = $::FORM{'bug_id'} || "";
         
@@ -213,7 +220,7 @@ sub show_user {
     $vars->{'voting_user'} = { "login" => $name };
     $vars->{'products'} = \@products;
 
-    print "Content-type: text/html\n\n";
+    print $cgi->header();
     $template->process("bug/votes/list-for-user.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 }
@@ -224,6 +231,8 @@ sub record_votes {
     # Begin Data/Security Validation
     ############################################################################
 
+    my $cgi = Bugzilla->cgi;
+
     # Build a list of bug IDs for which votes have been submitted.  Votes
     # are submitted in form fields in which the field names are the bug 
     # IDs and the field values are the number of votes.
@@ -233,13 +242,13 @@ sub record_votes {
     # that their votes will get nuked if they continue.
     if (scalar(@buglist) == 0) {
         if (!defined($::FORM{'delete_all_votes'})) {
-            print "Content-type: text/html\n\n";
+            print $cgi->header();
             $template->process("bug/votes/delete-all.html.tmpl", $vars)
               || ThrowTemplateError($template->error());
             exit();
         }
         elsif ($::FORM{'delete_all_votes'} == 0) {
-            print "Location: votes.cgi\n\n";
+            print $cgi->redirect("votes.cgi");
             exit();
         }
     }