gecko-dev/webtools/bugzilla/quips.cgi

#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Owen Taylor <otaylor@redhat.com>
#                 Gervase Markham <gerv@gerv.net>
#                 David Fallon <davef@tetsubo.com>

use strict;

use vars qw(
  %FORM
  $userid
  $template
  $vars
);

use lib qw(.);

require "CGI.pl";

ConnectToDatabase();
confirm_login();

if (Param('enablequips') eq "off") {
    ThrowUserError("quips_disabled");
}
    
my $action = $::FORM{'action'} || "";

if ($action eq "show") {
    # Read in the entire quip list
    SendSQL("SELECT quipid,userid,quip FROM quips");

    my $quips;
    my @quipids;
    while (MoreSQLData()) {
        my ($quipid, $userid, $quip) = FetchSQLData();
        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip};
        push(@quipids, $quipid);
    }

    my $users;
    foreach my $quipid (@quipids) {
        if (not defined $users->{$userid}) {
            SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
            $users->{$userid} = FetchSQLData();
        }
    }
    $vars->{'quipids'} = \@quipids;
    $vars->{'quips'} = $quips;
    $vars->{'users'} = $users;
    $vars->{'show_quips'} = 1;
}

if ($action eq "add") {
    (Param('enablequips') eq "on") || ThrowUserError("no_new_quips");
    
    # Add the quip 
    my $comment = $::FORM{"quip"};
    $comment || ThrowUserError("need_quip");
    $comment !~ m/</ || ThrowUserError("no_html_in_quips");

    SendSQL("INSERT INTO quips (userid, quip) VALUES (". $userid . ", " . SqlQuote($comment) . ")");

    $vars->{'added_quip'} = $comment;
}

if ($action eq "delete") {
    if (!UserInGroup('admin')) {
        ThrowUserError("quips_edit_denied");
    }
    my $quipid = $::FORM{"quipid"};
    ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; 
    $quipid = $1;

    SendSQL("SELECT quip FROM quips WHERE quipid = $quipid");
    $vars->{'deleted_quip'} = FetchSQLData();
    SendSQL("DELETE FROM quips WHERE quipid = $quipid");
}

print "Content-type: text/html\n\n";
$template->process("list/quips.html.tmpl", $vars)
  || ThrowTemplateError($template->error());
Fix for bug 108982: enable taint mode for all user-facing CGI files. Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave 2002-01-20 04:44:52 +03:00			`#!/usr/bonsaitools/bin/perl -wT`
Landing quips.cgi (bug 73191) by Owen Taylor <otaylor@redhat.com> Submitted by Martin Baulig <baulig@suse.de> from bugzilla.gnome.org r= justdave@syndicomm.com 2001-05-29 08:01:48 +04:00			`# -- Mode: perl; indent-tabs-mode: nil --`
			`#`
			`# The contents of this file are subject to the Mozilla Public`
			`# License Version 1.1 (the "License"); you may not use this file`
			`# except in compliance with the License. You may obtain a copy of`
			`# the License at http://www.mozilla.org/MPL/`
			`#`
			`# Software distributed under the License is distributed on an "AS`
			`# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or`
			`# implied. See the License for the specific language governing`
			`# rights and limitations under the License.`
			`#`
			`# The Original Code is the Bugzilla Bug Tracking System.`
			`#`
			`# The Initial Developer of the Original Code is Netscape Communications`
			`# Corporation. Portions created by Netscape are`
			`# Copyright (C) 1998 Netscape Communications Corporation. All`
			`# Rights Reserved.`
			`#`
			`# Contributor(s): Owen Taylor <otaylor@redhat.com>`
quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`# Gervase Markham <gerv@gerv.net>`
Bug 67950 - Move the quip list into the database. Patch by davef@tetsubo.com; r=gerv, preed. 2002-07-25 03:23:00 +04:00			`# David Fallon <davef@tetsubo.com>`
Landing quips.cgi (bug 73191) by Owen Taylor <otaylor@redhat.com> Submitted by Martin Baulig <baulig@suse.de> from bugzilla.gnome.org r= justdave@syndicomm.com 2001-05-29 08:01:48 +04:00
			`use strict;`
Bug 100094 - use generic template handling code r=mattyt, afranke 2002-02-13 05:27:24 +03:00
			`use vars qw(`
			`%FORM`
Bug 67950c - make quips.cgi compile without warnings, by use vars-ing $userid. Patch by gerv. 2002-07-25 03:38:50 +04:00			`$userid`
Bug 100094 - use generic template handling code r=mattyt, afranke 2002-02-13 05:27:24 +03:00			`$template`
			`$vars`
			`);`
Landing quips.cgi (bug 73191) by Owen Taylor <otaylor@redhat.com> Submitted by Martin Baulig <baulig@suse.de> from bugzilla.gnome.org r= justdave@syndicomm.com 2001-05-29 08:01:48 +04:00
Fix for bug 108982: enable taint mode for all user-facing CGI files. Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave 2002-01-20 04:44:52 +03:00			`use lib qw(.);`

Landing quips.cgi (bug 73191) by Owen Taylor <otaylor@redhat.com> Submitted by Martin Baulig <baulig@suse.de> from bugzilla.gnome.org r= justdave@syndicomm.com 2001-05-29 08:01:48 +04:00			`require "CGI.pl";`

Bug 151053, ConnectToDatabase/quietly_check_login sometimes not called early enough r=mattyt, jouni 2002-06-17 13:39:00 +04:00			`ConnectToDatabase();`
Bug 159629 - make users login to add quips. Patch by gerv; r=burnus. 2002-07-27 02:21:56 +04:00			`confirm_login();`
Bug 151053, ConnectToDatabase/quietly_check_login sometimes not called early enough r=mattyt, jouni 2002-06-17 13:39:00 +04:00
Fix for bug 179380: if "enablequips" is off, quips.cgi now presents a message that the quips are disabled instead of letting you view or add quips. r=myk, a=me 2002-11-11 03:19:43 +03:00			`if (Param('enablequips') eq "off") {`
			`ThrowUserError("quips_disabled");`
			`}`

quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`my $action = $::FORM{'action'} \|\| "";`
Landing quips.cgi (bug 73191) by Owen Taylor <otaylor@redhat.com> Submitted by Martin Baulig <baulig@suse.de> from bugzilla.gnome.org r= justdave@syndicomm.com 2001-05-29 08:01:48 +04:00
quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`if ($action eq "show") {`
Bug 159627 quips should be editable and deleteable using the web interface patch by burnus r=timeless,a=justdave 2002-12-09 02:57:23 +03:00			`# Read in the entire quip list`
			`SendSQL("SELECT quipid,userid,quip FROM quips");`

			`my $quips;`
			`my @quipids;`
			`while (MoreSQLData()) {`
			`my ($quipid, $userid, $quip) = FetchSQLData();`
			`$quips->{$quipid} = {'userid' => $userid, 'quip' => $quip};`
			`push(@quipids, $quipid);`
			`}`

			`my $users;`
			`foreach my $quipid (@quipids) {`
			`if (not defined $users->{$userid}) {`
			`SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");`
			`$users->{$userid} = FetchSQLData();`
			`}`
			`}`
			`$vars->{'quipids'} = \@quipids;`
			`$vars->{'quips'} = $quips;`
			`$vars->{'users'} = $users;`
Bug 187837 - Unify showing and editing of quips. Patch by gerv; r=timeless, a=justdave. 2003-01-06 10:53:15 +03:00			`$vars->{'show_quips'} = 1;`
Bug 159627 quips should be editable and deleteable using the web interface patch by burnus r=timeless,a=justdave 2002-12-09 02:57:23 +03:00			`}`

quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`if ($action eq "add") {`
Bug 163114 - Templatise all calls to DisplayError. Patch C. Patch by gerv; r=burnus. 2002-10-02 02:41:09 +04:00			`(Param('enablequips') eq "on") \|\| ThrowUserError("no_new_quips");`

quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`# Add the quip`
			`my $comment = $::FORM{"quip"};`
Bug 163114 - Templatise all calls to DisplayError. Patch C. Patch by gerv; r=burnus. 2002-10-02 02:41:09 +04:00			`$comment \|\| ThrowUserError("need_quip");`
			`$comment !~ m/</ \|\| ThrowUserError("no_html_in_quips");`
quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00
Bug 67950c - make quips.cgi compile without warnings, by use vars-ing $userid. Patch by gerv. 2002-07-25 03:38:50 +04:00			`SendSQL("INSERT INTO quips (userid, quip) VALUES (". $userid . ", " . SqlQuote($comment) . ")");`
quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00
			`$vars->{'added_quip'} = $comment;`
			`}`

Bug 159627 quips should be editable and deleteable using the web interface patch by burnus r=timeless,a=justdave 2002-12-09 02:57:23 +03:00			`if ($action eq "delete") {`
			`if (!UserInGroup('admin')) {`
			`ThrowUserError("quips_edit_denied");`
			`}`
			`my $quipid = $::FORM{"quipid"};`
			`ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/;`
			`$quipid = $1;`

			`SendSQL("SELECT quip FROM quips WHERE quipid = $quipid");`
			`$vars->{'deleted_quip'} = FetchSQLData();`
			`SendSQL("DELETE FROM quips WHERE quipid = $quipid");`
			`}`

quips.cgi rewrite and templatisation. 2002-01-26 01:40:04 +03:00			`print "Content-type: text/html\n\n";`
Bug 138588 - change to use new template structure. Patch by gerv, r=myk, afranke. 2002-04-24 11:24:50 +04:00			`$template->process("list/quips.html.tmpl", $vars)`
			`\|\| ThrowTemplateError($template->error());`