vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity
bugzilla-4intranet/attachment.cgi

905 lines
33 KiB
Perl
Executable File
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
# Myk Melez <myk@mozilla.org>
# Daniel Raichle <draichle@gmx.net>
# Dave Miller <justdave@syndicomm.com>
# Alexander J. Vincent <ajvincent@juno.com>
# Max Kanat-Alexander <mkanat@bugzilla.org>
# Greg Hendricks <ghendricks@novell.com>
# Frédéric Buclin <LpSolit@gmail.com>
# Marc Schumann <wurblzap@gmail.com>
# Byron Jones <bugzilla@glob.com.au>
################################################################################
# Script Initialization
################################################################################
# Make it harder for us to do dangerous things in Perl.
use strict;
use lib qw(. lib);
use Bugzilla;
use Bugzilla::BugMail;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Flag;
use Bugzilla::FlagType;
use Bugzilla::User;
use Bugzilla::Util;
use Bugzilla::Bug;
use Bugzilla::Field;
use Bugzilla::Attachment;
use Bugzilla::Attachment::PatchReader;
use Bugzilla::Token;
use Bugzilla::Keyword;
use Lingua::Translit;
use Archive::Zip qw ( :ERROR_CODES :CONSTANTS );
use Encode;
# For most scripts we don't make $cgi and $template global variables. But
# when preparing Bugzilla for mod_perl, this script used these
# variables in so many subroutines that it was easier to just
# make them globals.
local our $cgi = Bugzilla->cgi;
local our $template = Bugzilla->template;
local our $vars = {};
################################################################################
# Main Body Execution
################################################################################
# All calls to this script should contain an "action" variable whose
# value determines what the user wants to do. The code below checks
# the value of that variable and runs the appropriate code. If none is
# supplied, we default to 'view'.
# Determine whether to use the action specified by the user or the default.
my $action = $cgi->param('action') || 'view';
# You must use the appropriate urlbase/sslbase param when doing anything
# but viewing an attachment.
if ($action ne 'view') {
do_ssl_redirect_if_required();
if ($cgi->url_is_attachment_base) {
$cgi->redirect_to_urlbase;
}
Bugzilla->login();
}
# When viewing an attachment, do not request credentials if we are on
# the alternate host. Let view() decide when to call Bugzilla->login.
if ($action eq "view")
{
view();
}
elsif ($action eq "interdiff")
{
interdiff();
}
elsif ($action eq "diff")
{
diff();
}
elsif ($action eq "viewall")
{
viewall();
}
elsif ($action eq "enter")
{
Bugzilla->login(LOGIN_REQUIRED);
enter();
}
elsif ($action eq "insert")
{
Bugzilla->login(LOGIN_REQUIRED);
insert();
}
elsif ($action eq "edit")
{
edit();
}
elsif ($action eq "update")
{
Bugzilla->login(LOGIN_REQUIRED);
update();
}
elsif ($action eq "delete")
{
delete_attachment();
}
# Bug 129399
elsif ($action eq "zip")
{
all_attachments_in_zip();
}
# Bug 129398
elsif ($action eq "online_view")
{
view($action);
}
else
{
ThrowCodeError("unknown_action", { action => $action });
}
exit;
################################################################################
# Data Validation / Security Authorization
################################################################################
# Validates an attachment ID. Optionally takes a parameter of a form
# variable name that contains the ID to be validated. If not specified,
# uses 'id'.
# If the second parameter is true, the attachment ID will be validated,
# however the current user's access to the attachment will not be checked.
# Will throw an error if 1) attachment ID is not a valid number,
# 2) attachment does not exist, or 3) user isn't allowed to access the
# attachment.
#
# Returns an attachment object.
sub validateID {
my($param, $dont_validate_access) = @_;
$param ||= 'id';
# If we're not doing interdiffs, check if id wasn't specified and
# prompt them with a page that allows them to choose an attachment.
# Happens when calling plain attachment.cgi from the urlbar directly
if ($param eq 'id' && !$cgi->param('id')) {
$template->process("attachment/choose.html.tmpl", $vars) ||
ThrowTemplateError($template->error());
exit;
}
my $attach_id = $cgi->param($param);
# Validate the specified attachment id. detaint kills $attach_id if
# non-natural, so use the original value from $cgi in our exception
# message here.
detaint_natural($attach_id)
|| ThrowUserError("invalid_attach_id", { attach_id => $cgi->param($param) });
# Make sure the attachment exists in the database.
my $attachment = new Bugzilla::Attachment($attach_id)
|| ThrowUserError("invalid_attach_id", { attach_id => $attach_id });
return $attachment if ($dont_validate_access || check_can_access($attachment));
}
# Make sure the current user has access to the specified attachment.
sub check_can_access {
my $attachment = shift;
my $user = Bugzilla->user;
# Make sure the user is authorized to access this attachment's bug.
Bugzilla::Bug->check($attachment->bug_id);
if ($attachment->isprivate && $user->id != $attachment->attacher->id
&& !$user->is_insider)
{
ThrowUserError('auth_failure', {action => 'access',
object => 'attachment'});
}
return 1;
}
# Determines if the attachment is public -- that is, if users who are
# not logged in have access to the attachment
sub attachmentIsPublic {
my $attachment = shift;
return 0 if Bugzilla->params->{'requirelogin'};
return 0 if $attachment->isprivate;
my $anon_user = new Bugzilla::User;
return $anon_user->can_see_bug($attachment->bug_id);
}
# Validates format of a diff/interdiff. Takes a list as an parameter, which
# defines the valid format values. Will throw an error if the format is not
# in the list. Returns either the user selected or default format.
sub validateFormat
{
# receives a list of legal formats; first item is a default
my $format = $cgi->param('format') || $_[0];
if (!grep { $_ eq $format } @_)
{
ThrowUserError("invalid_format", { format => $format, formats => \@_ });
}
return $format;
}
# Validates context of a diff/interdiff. Will throw an error if the context
# is not number, "file" or "patch". Returns the validated, detainted context.
sub validateContext
{
my $context = $cgi->param('context') || "patch";
if ($context ne "file" && $context ne "patch") {
detaint_natural($context)
|| ThrowUserError("invalid_context", { context => $cgi->param('context') });
}
return $context;
}
################################################################################
# Functions
################################################################################
# Display an attachment.
sub view {
my $action = shift;
my $attachment;
if (use_attachbase()) {
$attachment = validateID(undef, 1);
my $path = 'attachment.cgi?id=' . $attachment->id;
# The user is allowed to override the content type of the attachment.
if (defined $cgi->param('content_type')) {
$path .= '&content_type=' . url_quote($cgi->param('content_type'));
}
# Make sure the attachment is served from the correct server.
my $bug_id = $attachment->bug_id;
if ($cgi->url_is_attachment_base($bug_id)) {
# No need to validate the token for public attachments. We cannot request
# credentials as we are on the alternate host.
if (!attachmentIsPublic($attachment)) {
my $token = $cgi->param('t');
my ($userid, undef, $token_attach_id) = Bugzilla::Token::GetTokenData($token);
unless ($userid
&& detaint_natural($token_attach_id)
&& ($token_attach_id == $attachment->id))
{
# Not a valid token.
print $cgi->redirect('-location' => correct_urlbase() . $path);
exit;
}
# Change current user without creating cookies.
Bugzilla->set_user(new Bugzilla::User($userid));
# Tokens are single use only, delete it.
delete_token($token);
}
}
elsif ($cgi->url_is_attachment_base) {
# If we come here, this means that each bug has its own host
# for attachments, and that we are trying to view one attachment
# using another bug's host. That's not desired.
$cgi->redirect_to_urlbase;
}
else {
# We couldn't call Bugzilla->login earlier as we first had to
# make sure we were not going to request credentials on the
# alternate host.
Bugzilla->login();
my $attachbase = Bugzilla->params->{'attachment_base'};
# Replace %bugid% by the ID of the bug the attachment
# belongs to, if present.
$attachbase =~ s/\%bugid\%/$bug_id/;
if (attachmentIsPublic($attachment)) {
# No need for a token; redirect to attachment base.
print $cgi->redirect(-location => $attachbase . $path);
exit;
} else {
# Make sure the user can view the attachment.
check_can_access($attachment);
# Create a token and redirect.
my $token = url_quote(issue_session_token($attachment->id));
print $cgi->redirect(-location => $attachbase . "$path&t=$token");
exit;
}
}
} else {
do_ssl_redirect_if_required();
# No alternate host is used. Request credentials if required.
Bugzilla->login();
$attachment = validateID();
}
# At this point, Bugzilla->login has been called if it had to.
my $contenttype = $attachment->contenttype;
my $filename = $attachment->filename;
# Bug 111522: allow overriding content-type manually in the posted form
# params.
if (defined $cgi->param('content_type')) {
$contenttype = $attachment->_check_content_type($cgi->param('content_type'));
}
# Return the appropriate HTTP response headers.
$attachment->datasize || ThrowUserError("attachment_removed");
$filename =~ s/^.*[\/\\]//;
# escape quotes and backslashes in the filename, per RFCs 2045/822
$filename =~ s/\\/\\\\/g; # escape backslashes
$filename =~ s/"/\\"/g; # escape quotes
# Bug 129398 - View office documents online
if (defined $action && $action eq 'online_view' && $attachment->isOfficeDocument())
{
Bugzilla->send_header();
print $attachment->_get_converted_html();
}
else
{
my $disposition = Bugzilla->params->{inline_attachment_mime};
$disposition = $disposition
&& Bugzilla->params->{allow_attachment_display}
&& $contenttype =~ /$disposition/is
? "inline" : "attachment";
if ($cgi->user_agent() =~ /MSIE/ && $cgi->user_agent() !~ /Opera/)
{
# Bug 57108 - russian filenames for MSIE
Encode::_utf8_off($filename);
Encode::from_to($filename, 'utf-8', 'cp1251');
}
# Don't send a charset header with attachments--they might not be UTF-8.
# However, we do allow people to explicitly specify a charset if they
# want.
my $data = $attachment->data;
if ($contenttype !~ /\bcharset=/i)
{
# Detect UTF-8 encoding
my $is_utf8 = 0;
if ($contenttype =~ m!^text/!iso)
{
Encode::_utf8_on($data);
$is_utf8 = utf8::valid($data);
Encode::_utf8_off($data);
}
# In order to prevent Apache from adding a charset, we have to send a
# charset that's a single space.
$cgi->charset($is_utf8 ? 'utf-8' : ' ');
}
$cgi->send_header(-type=>"$contenttype; name=\"$filename\"",
-content_disposition=> "$disposition; filename=\"$filename\"",
-content_length => $attachment->datasize);
disable_utf8();
print $data;
}
}
sub interdiff {
# Retrieve and validate parameters
my $old_attachment = validateID('oldid');
my $new_attachment = validateID('newid');
my $format = validateFormat('html', 'raw');
my $context = validateContext();
Bugzilla::Attachment::PatchReader::process_interdiff(
$old_attachment, $new_attachment, $format, $context);
}
sub diff {
# Retrieve and validate parameters
my $attachment = validateID();
my $format = validateFormat('html', 'raw');
my $context = validateContext();
# If it is not a patch, view normally.
if (!$attachment->ispatch) {
view();
return;
}
Bugzilla::Attachment::PatchReader::process_diff($attachment, $format, $context);
}
# Display all attachments for a given bug in a series of IFRAMEs within one
# HTML page.
sub viewall {
# Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id;
my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid);
# Ignore deleted attachments.
@$attachments = grep { $_->datasize } @$attachments;
# Define the variables and functions that will be passed to the UI template.
$vars->{'bug'} = $bug;
$vars->{'attachments'} = $attachments;
my $format = "";
if ($cgi->param('format')) {
$format = "-".$cgi->param('format');
}
$vars->{'show_obsolete'} = $cgi->param('show_obsolete');
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("attachment/show-multiple".$format.".html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
# Display a form for entering a new attachment.
sub enter {
# Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id;
Bugzilla::Attachment->_check_bug($bug);
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
# Retrieve the attachments the user can edit from the database and write
# them into an array of hashes where each hash represents one attachment.
my $canEdit = "";
if (!$user->in_group('editbugs', $bug->product_id)) {
$canEdit = "AND submitter_id = " . $user->id;
}
my $attach_ids = $dbh->selectcol_arrayref("SELECT attach_id FROM attachments
WHERE bug_id = ? AND isobsolete = 0 $canEdit
ORDER BY attach_id", undef, $bugid);
# Define the variables and functions that will be passed to the UI template.
$vars->{'bug'} = $bug;
$vars->{'attachments'} = Bugzilla::Attachment->new_from_list($attach_ids);
my $flag_types = Bugzilla::FlagType::match({'target_type' => 'attachment',
'product_id' => $bug->product_id,
'component_id' => $bug->component_id});
$vars->{'flag_types'} = $flag_types;
$vars->{'any_flags_requesteeble'} =
grep { $_->is_requestable && $_->is_requesteeble } @$flag_types;
$vars->{'token'} = issue_session_token('create_attachment:');
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("attachment/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
# Insert a new attachment into the database.
sub insert
{
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
$dbh->bz_start_transaction;
# Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id;
my ($timestamp) = $dbh->selectrow_array("SELECT NOW()");
# Detect if the user already used the same form to submit an attachment
my $token = trim($cgi->param('token'));
check_token_data($token, qr/^create_attachment:/s, "show_bug.cgi?id=$bugid");
my (undef, undef, $old_attach_id) = Bugzilla::Token::GetTokenData($token);
$old_attach_id =~ s/^create_attachment://;
if ($old_attach_id) {
$vars->{'bugid'} = $bugid;
$vars->{'attachid'} = $old_attach_id;
$template->process("attachment/cancel-create-dupe.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
}
# Check attachments the user tries to mark as obsolete.
my @obsolete_attachments;
if ($cgi->param('obsolete')) {
my @obsolete = $cgi->param('obsolete');
@obsolete_attachments = Bugzilla::Attachment->validate_obsolete($bug, \@obsolete);
}
# Must be called before create() as it may alter $cgi->param('ispatch').
my $content_type = Bugzilla::Attachment::get_content_type();
my $data = scalar $cgi->param('attachurl') || $cgi->upload('data');
my $filename = '';
$filename = scalar $cgi->upload('data') || $cgi->param('filename') unless $cgi->param('attachurl');
if (scalar $cgi->param('text_attachment') !~ /^\s*$/so)
{
$data = $cgi->param('text_attachment');
$filename = $cgi->param('description');
}
if (Bugzilla->params->{utf8})
{
# CGI::upload() will probably return non-UTF8 string, so set UTF8 flag on it.
# Trick taint as utf8::decode() and Encode::_utf8_on() don't work on scalars
# which were once tainted...
$filename = trick_taint_copy($filename);
Encode::_utf8_on($filename);
}
my $attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
data => $data,
description => scalar $cgi->param('description'),
filename => $filename,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
isurl => scalar $cgi->param('attachurl'),
mimetype => $content_type,
store_in_file => scalar $cgi->param('bigfile'),
base64_content => scalar $cgi->param('base64_content'),
});
foreach my $obsolete_attachment (@obsolete_attachments) {
$obsolete_attachment->set_is_obsolete(1);
$obsolete_attachment->update($timestamp);
}
my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi(
$bug, $attachment, $vars
);
$attachment->set_flags($flags, $new_flags);
$attachment->update($timestamp);
# Insert a comment about the new attachment into the database.
my $comment = $cgi->param('comment');
$comment = '' unless defined $comment;
$bug->add_comment($comment, { isprivate => $attachment->isprivate,
type => CMT_ATTACHMENT_CREATED,
work_time => scalar $cgi->param('work_time'),
extra_data => $attachment->id });
# When changing the bug status, we have to follow the workflow.
# Custis Bug 131574 - Update bug status, bug resolution, bug duplicate
if (defined $cgi->param('bug_status')) {
my $bug_status = $cgi->param('bug_status');
($bug_status) = grep { $_->name eq $bug_status } @{$bug->status->can_change_to};
if ($bug_status->comment_required_on_change_from($bug->status) && !$comment)
{
ThrowUserError('comment_required', { old => $bug->status,
new => $bug_status });
}
$bug->set_status(
scalar $cgi->param('bug_status'),
{
resolution => scalar $cgi->param('resolution'),
dupe_of => scalar $cgi->param('dup_id')
}
);
}
# Assign the bug to the user, if they are allowed to take it
my $owner = '';
if ($cgi->param('takebug'))
{
# Make sure the person we are taking the bug from gets mail.
$owner = $bug->assigned_to->login;
$bug->set_assigned_to($user);
}
$bug->update($timestamp);
if ($token) {
trick_taint($token);
$dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef,
("create_attachment:" . $attachment->id, $token));
}
$dbh->bz_commit_transaction;
# Define the variables and functions that will be passed to the UI template.
$vars->{'attachment'} = $attachment;
# We cannot reuse the $bug object as delta_ts has eventually been updated
# since the object was created.
$vars->{'bugs'} = [new Bugzilla::Bug($bugid)];
$vars->{'header_done'} = 1;
$vars->{'contenttypemethod'} = $cgi->param('contenttypemethod');
my $send_results = send_results({
mailrecipients => { 'changer' => $user->login, 'owner' => $owner },
bug_id => $bugid,
});
# Operation result to save into session (CustIS Bug 64562)
my $session_data = {
title => "Attachment ".$attachment->id." added to ".Bugzilla->messages->{terms}->{Bug}." ".$attachment->bug_id,
sent => [$send_results],
sent_attrs => {
added_attachments => [ {
id => $attachment->id,
bug_id => $attachment->bug_id,
description => $attachment->description,
contenttype => $attachment->contenttype,
ctype_auto => $vars->{contenttypemethod} eq 'autodetect',
} ],
},
};
Bugzilla::Hook::process('attachment_post_create_result', { session_data => $session_data, vars => $vars });
if (Bugzilla->usage_mode != USAGE_MODE_EMAIL)
{
if (Bugzilla->save_session_data($session_data))
{
print $cgi->redirect(-location => 'show_bug.cgi?id='.$attachment->bug_id);
exit;
}
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("attachment/created.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
}
# Displays a form for editing attachment properties.
# Any user is allowed to access this page, unless the attachment
# is private and the user does not belong to the insider group.
# Validations are done later when the user submits changes.
sub edit {
my $attachment = validateID();
my $bugattachments =
Bugzilla::Attachment->get_attachments_by_bug($attachment->bug_id);
# We only want attachment IDs.
@$bugattachments = map { $_->id } @$bugattachments;
my $any_flags_requesteeble =
grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types};
# Useful in case a flagtype is no longer requestable but a requestee
# has been set before we turned off that bit.
$any_flags_requesteeble ||= grep { $_->requestee_id } @{$attachment->flags};
$vars->{'any_flags_requesteeble'} = $any_flags_requesteeble;
$vars->{'attachment'} = $attachment;
$vars->{'attachments'} = $bugattachments;
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("attachment/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
# Updates an attachment record. Only users with "editbugs" privileges,
# (or the original attachment's submitter) can edit the attachment.
# Users cannot edit the content of the attachment itself.
sub update {
my $user = Bugzilla->user;
my $dbh = Bugzilla->dbh;
# Start a transaction in preparation for updating the attachment.
$dbh->bz_start_transaction();
# Retrieve and validate parameters
my $attachment = validateID();
my $bug = $attachment->bug;
$attachment->_check_bug;
my $can_edit = $attachment->validate_can_edit($bug->product_id);
if ($can_edit) {
$attachment->set_description(scalar $cgi->param('description'));
$attachment->set_is_patch(scalar $cgi->param('ispatch'));
$attachment->set_content_type(scalar $cgi->param('contenttypeentry'));
$attachment->set_is_obsolete(scalar $cgi->param('isobsolete'));
$attachment->set_is_private(scalar $cgi->param('isprivate'));
$attachment->set_filename(scalar $cgi->param('filename'));
# Now make sure the attachment has not been edited since we loaded the page.
if (defined $cgi->param('delta_ts')
&& $cgi->param('delta_ts') ne $attachment->modification_time)
{
($vars->{'operations'}) =
Bugzilla::Bug::GetBugActivity($bug->id, $attachment->id, $cgi->param('delta_ts'));
# The token contains the old modification_time. We need a new one.
$cgi->param('token', issue_hash_token([$attachment->id, $attachment->modification_time]));
# If the modification date changed but there is no entry in
# the activity table, this means someone commented only.
# In this case, there is no reason to midair.
if (scalar(@{$vars->{'operations'}})) {
$cgi->param('delta_ts', $attachment->modification_time);
$vars->{'attachment'} = $attachment;
# Warn the user about the mid-air collision and ask them what to do.
$template->process("attachment/midair.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
}
}
}
# We couldn't do this check earlier as we first had to validate attachment ID
# and display the mid-air collision page if modification_time changed.
my $token = $cgi->param('token');
check_hash_token($token, [$attachment->id, $attachment->modification_time]);
# If the user submitted a comment while editing the attachment,
# add the comment to the bug. Do this after having validated isprivate!
my $comment = $cgi->param('comment');
if (defined $comment && trim($comment) ne '') {
$bug->add_comment($comment, { isprivate => $attachment->isprivate,
type => CMT_ATTACHMENT_UPDATED,
work_time => scalar $cgi->param('work_time'),
extra_data => $attachment->id });
}
if ($can_edit) {
my ($flags, $new_flags) =
Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars);
$attachment->set_flags($flags, $new_flags);
}
# Figure out when the changes were made.
my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');
if ($can_edit) {
my $changes = $attachment->update($timestamp);
# If there are changes, we updated delta_ts in the DB. We have to
# reflect this change in the bug object.
$bug->{delta_ts} = $timestamp if scalar(keys %$changes);
}
# Commit the comment, if any.
$bug->update($timestamp);
# Commit the transaction now that we are finished updating the database.
$dbh->bz_commit_transaction();
# Define the variables and functions that will be passed to the UI template.
$vars->{'attachment'} = $attachment;
$vars->{'bugs'} = [$bug];
$vars->{'header_done'} = 1;
my $send_results = send_results({
bug_id => $bug->id,
mailrecipients => { 'changer' => $user->login },
});
$vars->{$_} = $send_results->{$_} for keys %$send_results;
# Operation result to save into session (CustIS Bug 64562)
my $session_data = {
sent => [ $send_results ],
sent_attrs => {
changed_attachment => {
id => $attachment->id,
bug_id => $attachment->bug_id,
description => $attachment->description,
},
},
};
if (Bugzilla->usage_mode != USAGE_MODE_EMAIL)
{
if (Bugzilla->save_session_data($session_data))
{
print $cgi->redirect(-location => 'show_bug.cgi?id='.$attachment->bug_id);
exit;
}
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("attachment/updated.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
}
# Only administrators can delete attachments.
sub delete_attachment {
my $user = Bugzilla->login(LOGIN_REQUIRED);
my $dbh = Bugzilla->dbh;
$user->in_group('admin')
|| ThrowUserError('auth_failure', {group => 'admin',
action => 'delete',
object => 'attachment'});
Bugzilla->params->{'allow_attachment_deletion'}
|| ThrowUserError('attachment_deletion_disabled');
# Make sure the administrator is allowed to edit this attachment.
my $attachment = validateID();
Bugzilla::Attachment->_check_bug($attachment->bug);
$attachment->datasize || ThrowUserError('attachment_removed');
# We don't want to let a malicious URL accidentally delete an attachment.
my $token = trim($cgi->param('token'));
if ($token) {
my ($creator_id, $date, $event) = Bugzilla::Token::GetTokenData($token);
unless ($creator_id
&& ($creator_id == $user->id)
&& ($event eq 'delete_attachment' . $attachment->id))
{
# The token is invalid.
ThrowUserError('token_does_not_exist');
}
my $bug = new Bugzilla::Bug($attachment->bug_id);
# The token is valid. Delete the content of the attachment.
my $msg;
$vars->{'attachment'} = $attachment;
$vars->{'date'} = $date;
$vars->{'reason'} = clean_text($cgi->param('reason') || '');
$template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg)
|| ThrowTemplateError($template->error());
# Paste the reason provided by the admin into a comment.
$bug->add_comment($msg);
# If the attachment is stored locally, remove it.
if (-e $attachment->_get_local_filename) {
unlink $attachment->_get_local_filename;
}
$attachment->remove_from_db();
# Now delete the token.
delete_token($token);
# Insert the comment.
$bug->update();
# Required to display the bug the deleted attachment belongs to.
$vars->{'bugs'} = [$bug];
$vars->{'header_done'} = 1;
# TODO save this into session and redirect
my $sent = send_results({
bug_id => $bug->id,
mailrecipients => { 'changer' => $user->login },
});
$vars->{$_} = $sent->{$_} for keys %$sent;
$template->process("attachment/updated.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
else {
# Create a token.
$token = issue_session_token('delete_attachment' . $attachment->id);
$vars->{'a'} = $attachment;
$vars->{'token'} = $token;
$template->process("attachment/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
}
# Bug 129399
# Action скачивания всех прикреплённых файлов к багу в одном zip-архиве
sub all_attachments_in_zip {
my $user = Bugzilla->login(LOGIN_REQUIRED);
# Retrieve and validate parameters
my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
my $bugid = $bug->id;
my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid);
# Ignore deleted attachments.
@$attachments = grep { $_->datasize } @$attachments;
# Create ZIP file
my $transliter = Lingua::Translit->new('GOST 7.79 RUS');
my $archive = Archive::Zip->new();
my $filename = "attachments_for_bug_$bugid.zip";
foreach my $file (@$attachments) {
my $fn = $file->{filename};
Encode::_utf8_off($fn);
$fn = $transliter->translit($fn);
my $path = $file->_get_local_filename;
my $member = $archive->addFile($path, $fn);
$member->desiredCompressionMethod(COMPRESSION_DEFLATED);
}
# FIXME We don't send Content-Length - is it always OK?
# We could use IO::Scalar for it.
$cgi->send_header(-type => "application/zip; name=\"$filename\"",
-content_disposition => "attachment; filename=\"$filename\"");
$archive->writeToFileHandle(*STDOUT);
}
Reference in New Issue View Git Blame Copy Permalink