2003-03-27 03:07:02 +03:00
#!/usr/bin/perl -wT
1998-09-16 01:49:26 +04:00
# -*- Mode: perl; indent-tabs-mode: nil -*-
1998-08-26 10:14:20 +04:00
#
1999-11-02 02:33:56 +03:00
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
1998-08-26 10:14:20 +04:00
# The Original Code is the Bugzilla Bug Tracking System.
1999-11-02 02:33:56 +03:00
#
1998-08-26 10:14:20 +04:00
# The Initial Developer of the Original Code is Netscape Communications
1999-11-02 02:33:56 +03:00
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
1998-08-26 10:14:20 +04:00
# Contributor(s): Terry Weissman <terry@mozilla.org>
1999-12-03 02:21:42 +03:00
# Dan Mosedale <dmose@mozilla.org>
2001-04-07 07:30:59 +04:00
# Stephan Niemz <st.n@gmx.net>
2001-06-02 08:02:13 +04:00
# Andreas Franke <afranke@mathweb.org>
2002-03-12 16:55:07 +03:00
# Myk Melez <myk@mozilla.org>
2005-06-15 07:55:00 +04:00
# Max Kanat-Alexander <mkanat@bugzilla.org>
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Script Initialization
################################################################################
# Make it harder for us to do dangerous things in Perl.
1998-09-16 01:49:26 +04:00
use strict;
1998-08-26 10:14:20 +04:00
2002-01-20 04:44:52 +03:00
use lib qw(.);
2003-01-14 23:00:11 +03:00
use Bugzilla;
2002-08-10 02:12:14 +04:00
use Bugzilla::Search;
2005-08-21 22:16:43 +04:00
use Bugzilla::Search::Quicksearch;
2004-03-27 06:51:44 +03:00
use Bugzilla::Constants;
2005-03-16 01:10:14 +03:00
use Bugzilla::User;
2005-10-25 21:55:13 +04:00
use Bugzilla::Bug;
2002-03-12 16:55:07 +03:00
# Include the Bugzilla CGI and general utility library.
2005-08-10 05:30:41 +04:00
require "globals.pl";
1998-09-01 00:38:47 +04:00
2005-10-31 00:31:29 +03:00
use vars qw(@components
2002-08-10 02:12:14 +04:00
@legal_keywords
@legal_platform
@legal_priority
@legal_product
@legal_severity
@settable_resolution
@target_milestone
@versions);
1998-08-26 10:14:20 +04:00
2003-05-05 05:15:38 +04:00
my $cgi = Bugzilla->cgi;
2005-02-03 02:06:05 +03:00
my $dbh = Bugzilla->dbh;
2005-10-25 03:11:56 +04:00
my $template = Bugzilla->template;
my $vars = {};
2005-08-10 05:30:41 +04:00
my $buffer = $cgi->query_string();
2003-05-05 05:15:38 +04:00
2005-08-10 05:30:41 +04:00
if (length($buffer) == 0) {
2003-05-05 05:15:38 +04:00
print $cgi->header(-refresh=> '10; URL=query.cgi');
2002-09-11 18:12:12 +04:00
ThrowUserError("buglist_parameters_required");
2003-05-05 05:15:38 +04:00
}
2002-07-23 11:16:57 +04:00
2005-08-21 22:16:43 +04:00
# Determine whether this is a quicksearch query.
my $searchstring = $cgi->param('quicksearch');
if (defined($searchstring)) {
$buffer = quicksearch($searchstring);
# Quicksearch may do a redirect, in which case it does not return.
# If it does return, it has modified $cgi->params so we can use them here
# as if this had been a normal query from the beginning.
}
2002-03-12 16:55:07 +03:00
################################################################################
# Data and Security Validation
################################################################################
2000-01-28 04:01:40 +03:00
2002-06-17 13:39:00 +04:00
# Whether or not the user wants to change multiple bugs.
2005-04-09 03:57:33 +04:00
my $dotweak = $cgi->param('tweak') ? 1 : 0;
2002-06-17 13:39:00 +04:00
# Log the user in
if ($dotweak) {
2004-03-27 06:51:44 +03:00
Bugzilla->login(LOGIN_REQUIRED);
2005-03-09 19:18:03 +03:00
UserInGroup("editbugs")
|| ThrowUserError("auth_failure", {group => "editbugs",
action => "modify",
object => "multiple_bugs"});
2002-06-17 13:39:00 +04:00
GetVersionTable();
}
else {
2004-03-27 06:51:44 +03:00
Bugzilla->login();
2002-06-17 13:39:00 +04:00
}
2002-09-20 00:17:21 +04:00
# Hack to support legacy applications that think the RDF ctype is at format=rdf.
2005-04-09 03:57:33 +04:00
if (defined $cgi->param('format') && $cgi->param('format') eq "rdf"
&& !defined $cgi->param('ctype')) {
$cgi->param('ctype', "rdf");
$cgi->delete('format');
2002-09-20 00:17:21 +04:00
}
2003-11-08 21:04:36 +03:00
# The js ctype presents a security risk; a malicious site could use it
# to gather information about secure bugs. So, we only allow public bugs to be
# retrieved with this format.
#
# Note that if and when this call clears cookies or has other persistent
# effects, we'll need to do this another way instead.
2005-04-09 03:57:33 +04:00
if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
2003-11-27 04:01:00 +03:00
Bugzilla->logout_request();
2003-11-08 21:04:36 +03:00
}
2002-09-20 00:17:21 +04:00
2002-03-12 16:55:07 +03:00
# Determine the format in which the user would like to receive the output.
# Uses the default format if the user did not specify an output format;
# otherwise validates the user's choice against the list of available formats.
2005-08-25 18:02:41 +04:00
my $format = $template->get_format("list/list", scalar $cgi->param('format'),
scalar $cgi->param('ctype'));
2000-01-28 04:01:40 +03:00
2002-03-12 16:55:07 +03:00
# Use server push to display a "Please wait..." message for the user while
# executing their query if their browser supports it and they are viewing
# the bug list as HTML and they have not disabled it by adding &serverpush=0
# to the URL.
#
# Server push is a Netscape 3+ hack incompatible with MSIE, Lynx, and others.
# Even Communicator 4.51 has bugs with it, especially during page reload.
# http://www.browsercaps.org used as source of compatible browsers.
#
my $serverpush =
2003-01-23 10:37:15 +03:00
$format->{'extension'} eq "html"
&& exists $ENV{'HTTP_USER_AGENT'}
&& $ENV{'HTTP_USER_AGENT'} =~ /Mozilla.[3-9]/
&& $ENV{'HTTP_USER_AGENT'} !~ /[Cc]ompatible/
&& $ENV{'HTTP_USER_AGENT'} !~ /WebKit/
2005-04-09 03:57:33 +04:00
&& !defined($cgi->param('serverpush'))
|| $cgi->param('serverpush');
2002-03-12 16:55:07 +03:00
2005-04-09 03:57:33 +04:00
my $order = $cgi->param('order') || "";
2004-07-21 01:20:20 +04:00
my $order_from_cookie = 0; # True if $order set using the LASTORDER cookie
2002-03-12 16:55:07 +03:00
2002-11-10 01:18:47 +03:00
# The params object to use for the actual query itself
my $params;
2002-03-12 16:55:07 +03:00
# If the user is retrieving the last bug list they looked at, hack the buffer
# storing the query string so that it looks like a query retrieving those bugs.
2005-04-09 03:57:33 +04:00
if (defined $cgi->param('regetlastlist')) {
2004-07-21 01:20:20 +04:00
$cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie");
2002-09-29 01:44:27 +04:00
2002-03-12 16:55:07 +03:00
$order = "reuse last sort" unless $order;
2004-12-23 12:54:18 +03:00
my $bug_id = $cgi->cookie('BUGLIST');
$bug_id =~ s/:/,/g;
2002-11-10 01:18:47 +03:00
# set up the params for this new query
$params = new Bugzilla::CGI({
2004-12-23 12:54:18 +03:00
bug_id => $bug_id,
2002-11-10 01:18:47 +03:00
order => $order,
});
2000-01-28 04:01:40 +03:00
}
2005-08-10 05:30:41 +04:00
if ($buffer =~ /&cmd-/) {
my $url = "query.cgi?$buffer#chart";
2003-05-05 05:15:38 +04:00
print $cgi->redirect(-location => $url);
2002-03-12 16:55:07 +03:00
# Generate and return the UI (HTML page) from the appropriate template.
2002-08-15 11:14:34 +04:00
$vars->{'message'} = "buglist_adding_field";
2002-03-12 16:55:07 +03:00
$vars->{'url'} = $url;
$template->process("global/message.html.tmpl", $vars)
2002-04-24 11:24:50 +04:00
|| ThrowTemplateError($template->error());
2002-03-12 16:55:07 +03:00
exit;
}
2000-01-28 04:01:40 +03:00
2004-04-06 04:11:26 +04:00
# Figure out whether or not the user is doing a fulltext search. If not,
# we'll remove the relevance column from the lists of columns to display
# and order by, since relevance only exists when doing a fulltext search.
my $fulltext = 0;
2005-04-12 21:57:15 +04:00
if ($cgi->param('content')) { $fulltext = 1 }
2005-04-09 03:57:33 +04:00
my @charts = map(/^field(\d-\d-\d)$/ ? $1 : (), $cgi->param());
2004-04-06 04:11:26 +04:00
foreach my $chart (@charts) {
2005-04-09 03:57:33 +04:00
if ($cgi->param("field$chart") eq 'content' && $cgi->param("value$chart")) {
2004-04-06 04:11:26 +04:00
$fulltext = 1;
last;
}
}
2002-03-12 16:55:07 +03:00
################################################################################
# Utilities
################################################################################
my @weekday= qw( Sun Mon Tue Wed Thu Fri Sat );
sub DiffDate {
my ($datestr) = @_;
my $date = str2time($datestr);
my $age = time() - $date;
my ($s,$m,$h,$d,$mo,$y,$wd)= localtime $date;
if( $age < 18*60*60 ) {
$date = sprintf "%02d:%02d:%02d", $h,$m,$s;
} elsif( $age < 6*24*60*60 ) {
$date = sprintf "%s %02d:%02d", $weekday[$wd],$h,$m;
} else {
$date = sprintf "%04d-%02d-%02d", 1900+$y,$mo+1,$d;
}
return $date;
}
2000-01-28 04:01:40 +03:00
2002-03-12 16:55:07 +03:00
sub LookupNamedQuery {
my ($name) = @_;
2005-10-31 00:31:29 +03:00
my $user = Bugzilla->login(LOGIN_REQUIRED);
2005-02-03 02:06:05 +03:00
my $dbh = Bugzilla->dbh;
# $name is safe -- we only use it below in a SELECT placeholder and then
# in error messages (which are always HTML-filtered).
2005-10-25 21:55:13 +04:00
$name || ThrowUserError("query_name_missing");
2005-02-03 02:06:05 +03:00
trick_taint($name);
my $result = $dbh->selectrow_array("SELECT query FROM namedqueries"
. " WHERE userid = ? AND name = ?"
2005-10-31 00:31:29 +03:00
, undef, ($user->id, $name));
2004-03-15 02:21:01 +03:00
defined($result) || ThrowUserError("missing_query", {'queryname' => $name});
$result
|| ThrowUserError("buglist_parameters_required", {'queryname' => $name});
2002-03-12 16:55:07 +03:00
return $result;
}
2005-02-03 02:06:05 +03:00
# Inserts a Named Query (a "Saved Search") into the database, or
# updates a Named Query that already exists..
# Takes four arguments:
# userid - The userid who the Named Query will belong to.
# query_name - A string that names the new Named Query, or the name
# of an old Named Query to update. If this is blank, we
# will throw a UserError. Leading and trailing whitespace
# will be stripped from this value before it is inserted
# into the DB.
# query - The query part of the buglist.cgi URL, unencoded. Must not be
# empty, or we will throw a UserError.
# link_in_footer (optional) - 1 if the Named Query should be
# displayed in the user's footer, 0 otherwise.
2005-10-25 21:55:13 +04:00
# query_type (optional) - 1 if the Named Query contains a list of
# bug IDs only, 0 otherwise (default).
2005-02-03 02:06:05 +03:00
#
# All parameters are validated before passing them into the database.
#
# Returns: A boolean true value if the query existed in the database
# before, and we updated it. A boolean false value otherwise.
2005-08-13 16:27:04 +04:00
sub InsertNamedQuery {
2005-10-25 21:55:13 +04:00
my ($userid, $query_name, $query, $link_in_footer, $query_type) = @_;
2005-02-03 02:06:05 +03:00
$link_in_footer ||= 0;
2005-10-25 21:55:13 +04:00
$query_type ||= QUERY_LIST;
2005-02-03 02:06:05 +03:00
$query_name = trim($query_name);
Bugzilla->login(LOGIN_REQUIRED);
my $dbh = Bugzilla->dbh;
my $query_existed_before;
# Validate the query name.
$query_name || ThrowUserError("query_name_missing");
$query_name !~ /[<>&]/ || ThrowUserError("illegal_query_name");
2005-02-20 20:15:14 +03:00
(length($query_name) <= 64) || ThrowUserError("query_name_too_long");
2005-02-03 02:06:05 +03:00
trick_taint($query_name);
detaint_natural($userid);
detaint_natural($link_in_footer);
$query || ThrowUserError("buglist_parameters_required",
{'queryname' => $query});
# $query is safe, because we always urlencode or html_quote
# it when we display it to the user.
trick_taint($query);
2005-02-18 00:57:27 +03:00
$dbh->bz_lock_tables('namedqueries WRITE');
2005-02-03 02:06:05 +03:00
my $result = $dbh->selectrow_array("SELECT userid FROM namedqueries"
. " WHERE userid = ? AND name = ?"
, undef, ($userid, $query_name));
if ($result) {
$query_existed_before = 1;
$dbh->do("UPDATE namedqueries"
2005-10-25 21:55:13 +04:00
. " SET query = ?, linkinfooter = ?, query_type = ?"
2005-02-03 02:06:05 +03:00
. " WHERE userid = ? AND name = ?"
2005-10-25 21:55:13 +04:00
, undef, ($query, $link_in_footer, $query_type, $userid, $query_name));
2005-02-03 02:06:05 +03:00
} else {
$query_existed_before = 0;
$dbh->do("INSERT INTO namedqueries"
2005-10-25 21:55:13 +04:00
. " (userid, name, query, linkinfooter, query_type)"
. " VALUES (?, ?, ?, ?, ?)"
, undef, ($userid, $query_name, $query, $link_in_footer, $query_type));
2005-02-03 02:06:05 +03:00
}
2005-02-18 00:57:27 +03:00
$dbh->bz_unlock_tables();
2005-02-03 02:06:05 +03:00
return $query_existed_before;
}
2003-06-26 03:23:13 +04:00
sub LookupSeries {
my ($series_id) = @_;
detaint_natural($series_id) || ThrowCodeError("invalid_series_id");
my $dbh = Bugzilla->dbh;
my $result = $dbh->selectrow_array("SELECT query FROM series " .
2005-02-03 02:06:05 +03:00
"WHERE series_id = ?"
, undef, ($series_id));
2003-06-26 03:23:13 +04:00
$result
|| ThrowCodeError("invalid_series_id", {'series_id' => $series_id});
return $result;
}
2002-03-12 16:55:07 +03:00
sub GetQuip {
2005-02-03 02:06:05 +03:00
my $dbh = Bugzilla->dbh;
2004-02-27 14:18:45 +03:00
# COUNT is quick because it is cached for MySQL. We may want to revisit
# this when we support other databases.
2005-02-03 02:06:05 +03:00
my $count = $dbh->selectrow_array("SELECT COUNT(quip)"
. " FROM quips WHERE approved = 1");
2004-02-27 14:18:45 +03:00
my $random = int(rand($count));
2005-02-03 02:06:05 +03:00
my $quip =
2005-02-18 19:14:27 +03:00
$dbh->selectrow_array("SELECT quip FROM quips WHERE approved = 1 " .
$dbh->sql_limit(1, $random));
2002-03-12 16:55:07 +03:00
return $quip;
2000-01-28 04:01:40 +03:00
}
2001-01-25 08:30:35 +03:00
2005-08-23 00:48:44 +04:00
sub GetGroups {
2005-02-03 02:06:05 +03:00
my $dbh = Bugzilla->dbh;
2005-10-31 00:31:29 +03:00
my $user = Bugzilla->user;
2002-03-12 16:55:07 +03:00
2005-02-03 02:06:05 +03:00
# Create an array where each item is a hash. The hash contains
# as keys the name of the columns, which point to the value of
# the columns for that row.
2005-10-31 00:31:29 +03:00
my $grouplist = $user->groups_as_string;
2005-02-03 02:06:05 +03:00
my $groups = $dbh->selectall_arrayref(
2005-08-23 00:48:44 +04:00
"SELECT id, name, description, isactive
2005-04-05 01:52:06 +04:00
FROM groups
2005-08-23 00:48:44 +04:00
WHERE id IN ($grouplist)
2004-07-03 04:26:29 +04:00
AND isbuggroup = 1
2005-02-03 02:06:05 +03:00
ORDER BY description "
2005-08-23 00:48:44 +04:00
, {Slice => {}});
2002-03-12 16:55:07 +03:00
2005-02-03 02:06:05 +03:00
return $groups;
2002-03-12 16:55:07 +03:00
}
2001-01-25 08:30:35 +03:00
2000-01-28 04:01:40 +03:00
2002-03-12 16:55:07 +03:00
################################################################################
# Command Execution
################################################################################
2000-01-23 23:31:50 +03:00
2005-04-09 03:57:33 +04:00
$cgi->param('cmdtype', "") if !defined $cgi->param('cmdtype');
$cgi->param('remaction', "") if !defined $cgi->param('remaction');
2003-02-07 11:07:40 +03:00
2002-07-27 00:44:46 +04:00
# Backwards-compatibility - the old interface had cmdtype="runnamed" to run
# a named command, and we can't break this because it's in bookmarks.
2005-04-09 03:57:33 +04:00
if ($cgi->param('cmdtype') eq "runnamed") {
$cgi->param('cmdtype', "dorem");
$cgi->param('remaction', "run");
2002-07-27 00:44:46 +04:00
}
2002-11-10 01:18:47 +03:00
# Now we're going to be running, so ensure that the params object is set up,
# using ||= so that we only do so if someone hasn't overridden this
# earlier, for example by setting up a named query search.
# This will be modified, so make a copy.
$params ||= new Bugzilla::CGI($cgi);
2002-10-26 05:57:09 +04:00
2003-02-07 11:07:40 +03:00
# Generate a reasonable filename for the user agent to suggest to the user
# when the user saves the bug list. Uses the name of the remembered query
# if available. We have to do this now, even though we return HTTP headers
# at the end, because the fact that there is a remembered query gets
# forgotten in the process of retrieving it.
my @time = localtime(time());
my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
my $filename = "bugs-$date.$format->{extension}";
2005-04-09 03:57:33 +04:00
if ($cgi->param('cmdtype') eq "dorem" && $cgi->param('remaction') =~ /^run/) {
$filename = $cgi->param('namedcmd') . "-$date.$format->{extension}";
2003-02-07 11:07:40 +03:00
# Remove white-space from the filename so the user cannot tamper
# with the HTTP headers.
$filename =~ s/\s/_/g;
}
2002-07-27 00:44:46 +04:00
# Take appropriate action based on user's request.
2005-04-09 03:57:33 +04:00
if ($cgi->param('cmdtype') eq "dorem") {
if ($cgi->param('remaction') eq "run") {
2005-08-10 05:30:41 +04:00
$buffer = LookupNamedQuery(scalar $cgi->param("namedcmd"));
2005-04-09 03:57:33 +04:00
$vars->{'searchname'} = $cgi->param('namedcmd');
2004-02-13 01:33:07 +03:00
$vars->{'searchtype'} = "saved";
2005-08-10 05:30:41 +04:00
$params = new Bugzilla::CGI($buffer);
2002-10-26 05:57:09 +04:00
$order = $params->param('order') || $order;
2004-09-13 02:19:37 +04:00
2002-07-27 00:44:46 +04:00
}
2005-04-09 03:57:33 +04:00
elsif ($cgi->param('remaction') eq "runseries") {
2005-08-10 05:30:41 +04:00
$buffer = LookupSeries(scalar $cgi->param("series_id"));
2005-04-09 03:57:33 +04:00
$vars->{'searchname'} = $cgi->param('namedcmd');
2004-02-13 01:33:07 +03:00
$vars->{'searchtype'} = "series";
2005-08-10 05:30:41 +04:00
$params = new Bugzilla::CGI($buffer);
2003-06-26 03:23:13 +04:00
$order = $params->param('order') || $order;
}
2005-04-09 03:57:33 +04:00
elsif ($cgi->param('remaction') eq "forget") {
2005-10-31 00:31:29 +03:00
my $user = Bugzilla->login(LOGIN_REQUIRED);
2005-02-03 02:06:05 +03:00
# Copy the name into a variable, so that we can trick_taint it for
# the DB. We know it's safe, because we're using placeholders in
# the SQL, and the SQL is only a DELETE.
2005-04-09 03:57:33 +04:00
my $qname = $cgi->param('namedcmd');
2005-02-03 02:06:05 +03:00
trick_taint($qname);
2005-09-26 01:04:30 +04:00
# Do not forget the saved search if it is being used in a whine
my $whines_in_use =
$dbh->selectcol_arrayref('SELECT DISTINCT whine_events.subject
FROM whine_events
INNER JOIN whine_queries
ON whine_queries.eventid
= whine_events.id
WHERE whine_events.owner_userid
= ?
AND whine_queries.query_name
= ?
2005-10-31 00:31:29 +03:00
', undef, $user->id, $qname);
2005-09-26 01:04:30 +04:00
if (scalar(@$whines_in_use)) {
ThrowUserError('saved_search_used_by_whines',
{ subjects => join(',', @$whines_in_use),
search_name => $qname }
);
}
# If we are here, then we can safely remove the saved search
2005-02-03 02:06:05 +03:00
$dbh->do("DELETE FROM namedqueries"
. " WHERE userid = ? AND name = ?"
2005-10-31 00:31:29 +03:00
, undef, ($user->id, $qname));
2003-06-03 13:48:15 +04:00
# Now reset the cached queries
2005-10-31 00:31:29 +03:00
$user->flush_queries_cache();
2002-06-18 14:25:59 +04:00
2003-05-05 05:15:38 +04:00
print $cgi->header();
2002-03-12 16:55:07 +03:00
# Generate and return the UI (HTML page) from the appropriate template.
2002-08-15 11:14:34 +04:00
$vars->{'message'} = "buglist_query_gone";
2005-04-09 03:57:33 +04:00
$vars->{'namedcmd'} = $cgi->param('namedcmd');
2002-03-12 16:55:07 +03:00
$vars->{'url'} = "query.cgi";
$template->process("global/message.html.tmpl", $vars)
2002-04-24 11:24:50 +04:00
|| ThrowTemplateError($template->error());
1998-09-16 01:49:26 +04:00
exit;
2002-07-27 00:44:46 +04:00
}
}
2005-04-09 03:57:33 +04:00
elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) {
if ($cgi->param('remtype') eq "asdefault") {
2005-10-31 00:31:29 +03:00
my $user = Bugzilla->login(LOGIN_REQUIRED);
InsertNamedQuery($user->id, DEFAULT_QUERY_NAME, $buffer);
2002-08-15 11:14:34 +04:00
$vars->{'message'} = "buglist_new_default_query";
2002-07-27 00:44:46 +04:00
}
2005-04-09 03:57:33 +04:00
elsif ($cgi->param('remtype') eq "asnamed") {
2005-10-31 00:31:29 +03:00
my $user = Bugzilla->login(LOGIN_REQUIRED);
2005-04-09 03:57:33 +04:00
my $query_name = $cgi->param('newqueryname');
2005-10-25 21:55:13 +04:00
my $new_query = $cgi->param('newquery');
my $query_type = QUERY_LIST;
# If add_bugids is true, we are adding individual bugs to a saved
# search. We get the existing list of bug IDs (if any) and append
# the new ones.
if ($cgi->param('add_bugids')) {
my %bug_ids;
foreach my $bug_id (split(/[\s,]+/, $cgi->param('bug_ids'))) {
next unless $bug_id;
ValidateBugID($bug_id);
$bug_ids{$bug_id} = 1;
}
ThrowUserError("no_bug_ids") unless scalar(keys %bug_ids);
if (!trim($query_name)) {
# No new query name has been given. We append new bug IDs
# to the existing list.
$query_name = $cgi->param('oldqueryname');
my $old_query = LookupNamedQuery($query_name);
foreach my $bug_id (split(/[\s,=]+/, $old_query)) {
$bug_ids{$bug_id} = 1 if detaint_natural($bug_id);
}
}
$new_query = "bug_id=" . join(',', sort {$a <=> $b} keys %bug_ids);
$query_type = LIST_OF_BUGS;
}
2003-11-09 00:49:20 +03:00
my $tofooter = 1;
2005-10-31 00:31:29 +03:00
my $existed_before = InsertNamedQuery($user->id, $query_name, $new_query,
2005-10-25 21:55:13 +04:00
$tofooter, $query_type);
2005-02-03 02:06:05 +03:00
if ($existed_before) {
2003-06-03 13:48:15 +04:00
$vars->{'message'} = "buglist_updated_named_query";
}
2002-03-12 16:55:07 +03:00
else {
2005-02-03 02:06:05 +03:00
$vars->{'message'} = "buglist_new_named_query";
2002-03-12 16:55:07 +03:00
}
2003-06-03 13:48:15 +04:00
# Make sure to invalidate any cached query data, so that the footer is
# correctly displayed
2005-10-31 00:31:29 +03:00
$user->flush_queries_cache();
2003-06-03 13:48:15 +04:00
2005-02-03 02:06:05 +03:00
$vars->{'queryname'} = $query_name;
2003-11-09 00:49:20 +03:00
2004-04-01 07:26:48 +04:00
print $cgi->header();
2003-11-09 00:49:20 +03:00
$template->process("global/message.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
2002-07-27 00:44:46 +04:00
}
1998-08-26 10:14:20 +04:00
}
2004-12-23 12:54:18 +03:00
# backward compatibility hack: if the saved query doesn't say which
# form was used to create it, assume it was on the advanced query
# form - see bug 252295
if (!$params->param('query_format')) {
$params->param('query_format', 'advanced');
2005-08-10 05:30:41 +04:00
$buffer = $params->query_string;
2004-12-23 12:54:18 +03:00
}
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Column Definition
################################################################################
# Define the columns that can be selected in a query and/or displayed in a bug
# list. Column records include the following fields:
#
# 1. ID: a unique identifier by which the column is referred in code;
#
# 2. Name: The name of the column in the database (may also be an expression
# that returns the value of the column);
#
# 3. Title: The title of the column as displayed to users.
#
# Note: There are a few hacks in the code that deviate from these definitions.
# In particular, when the list is sorted by the "votes" field the word
# "DESC" is added to the end of the field to sort in descending order,
2002-12-08 03:42:55 +03:00
# and the redundant short_desc column is removed when the client
2002-03-12 16:55:07 +03:00
# requests "all" columns.
my $columns = {};
sub DefineColumn {
my ($id, $name, $title) = @_;
$columns->{$id} = { 'name' => $name , 'title' => $title };
1999-07-01 07:45:43 +04:00
}
2001-01-25 08:30:35 +03:00
2002-03-12 16:55:07 +03:00
# Column: ID Name Title
2002-12-08 03:42:55 +03:00
DefineColumn("bug_id" , "bugs.bug_id" , "ID" );
2003-05-13 08:59:35 +04:00
DefineColumn("alias" , "bugs.alias" , "Alias" );
2002-03-12 16:55:07 +03:00
DefineColumn("opendate" , "bugs.creation_ts" , "Opened" );
DefineColumn("changeddate" , "bugs.delta_ts" , "Changed" );
2002-12-08 03:42:55 +03:00
DefineColumn("bug_severity" , "bugs.bug_severity" , "Severity" );
2002-03-12 16:55:07 +03:00
DefineColumn("priority" , "bugs.priority" , "Priority" );
2002-12-08 03:42:55 +03:00
DefineColumn("rep_platform" , "bugs.rep_platform" , "Hardware" );
DefineColumn("assigned_to" , "map_assigned_to.login_name" , "Assignee" );
2002-03-12 16:55:07 +03:00
DefineColumn("reporter" , "map_reporter.login_name" , "Reporter" );
DefineColumn("qa_contact" , "map_qa_contact.login_name" , "QA Contact" );
2005-02-15 20:16:08 +03:00
if ($format->{'extension'} eq 'html') {
2005-03-16 03:27:15 +03:00
DefineColumn("assigned_to_realname", "CASE WHEN map_assigned_to.realname = '' THEN map_assigned_to.login_name ELSE map_assigned_to.realname END AS assigned_to_realname", "Assignee" );
DefineColumn("reporter_realname" , "CASE WHEN map_reporter.realname = '' THEN map_reporter.login_name ELSE map_reporter.realname END AS reporter_realname" , "Reporter" );
DefineColumn("qa_contact_realname" , "CASE WHEN map_qa_contact.realname = '' THEN map_qa_contact.login_name ELSE map_qa_contact.realname END AS qa_contact_realname" , "QA Contact");
2005-02-15 20:16:08 +03:00
} else {
DefineColumn("assigned_to_realname", "map_assigned_to.realname" , "Assignee" );
DefineColumn("reporter_realname" , "map_reporter.realname" , "Reporter" );
DefineColumn("qa_contact_realname" , "map_qa_contact.realname" , "QA Contact" );
}
2002-12-08 03:42:55 +03:00
DefineColumn("bug_status" , "bugs.bug_status" , "Status" );
2005-11-04 12:30:24 +03:00
DefineColumn("resolution" , "bugs.resolution" , "Resolution" );
2002-12-08 03:42:55 +03:00
DefineColumn("short_short_desc" , "bugs.short_desc" , "Summary" );
DefineColumn("short_desc" , "bugs.short_desc" , "Summary" );
2005-05-20 23:47:23 +04:00
DefineColumn("status_whiteboard" , "bugs.status_whiteboard" , "Whiteboard" );
2002-08-12 09:43:05 +04:00
DefineColumn("component" , "map_components.name" , "Component" );
DefineColumn("product" , "map_products.name" , "Product" );
2004-08-21 01:49:20 +04:00
DefineColumn("classification" , "map_classifications.name" , "Classification" );
2002-03-12 16:55:07 +03:00
DefineColumn("version" , "bugs.version" , "Version" );
2002-12-08 03:42:55 +03:00
DefineColumn("op_sys" , "bugs.op_sys" , "OS" );
2002-03-12 16:55:07 +03:00
DefineColumn("target_milestone" , "bugs.target_milestone" , "Target Milestone" );
DefineColumn("votes" , "bugs.votes" , "Votes" );
DefineColumn("keywords" , "bugs.keywords" , "Keywords" );
2002-12-08 03:42:55 +03:00
DefineColumn("estimated_time" , "bugs.estimated_time" , "Estimated Hours" );
DefineColumn("remaining_time" , "bugs.remaining_time" , "Remaining Hours" );
DefineColumn("actual_time" , "(SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time", "Actual Hours");
2002-10-13 08:26:24 +04:00
DefineColumn("percentage_complete","(100*((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))/((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id))+bugs.remaining_time))) AS percentage_complete", "% Complete");
2004-04-06 04:11:26 +04:00
DefineColumn("relevance" , "relevance" , "Relevance" );
2005-03-16 03:27:15 +03:00
DefineColumn("deadline" , $dbh->sql_date_format('bugs.deadline', '%Y-%m-%d') . " AS deadline", "Deadline");
2004-04-06 04:11:26 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Display Column Determination
################################################################################
# Determine the columns that will be displayed in the bug list via the
# columnlist CGI parameter, the user's preferences, or the default.
my @displaycolumns = ();
2002-10-26 05:57:09 +04:00
if (defined $params->param('columnlist')) {
if ($params->param('columnlist') eq "all") {
2002-03-12 16:55:07 +03:00
# If the value of the CGI parameter is "all", display all columns,
2002-12-08 03:42:55 +03:00
# but remove the redundant "short_desc" column.
@displaycolumns = grep($_ ne 'short_desc', keys(%$columns));
1998-08-26 10:14:20 +04:00
}
2002-03-12 16:55:07 +03:00
else {
2002-10-26 05:57:09 +04:00
@displaycolumns = split(/[ ,]+/, $params->param('columnlist'));
1998-09-16 01:49:26 +04:00
}
1998-08-26 10:14:20 +04:00
}
2004-07-21 01:20:20 +04:00
elsif (defined $cgi->cookie('COLUMNLIST')) {
2002-12-08 03:42:55 +03:00
# 2002-10-31 Rename column names (see bug 176461)
2004-07-21 01:20:20 +04:00
my $columnlist = $cgi->cookie('COLUMNLIST');
2004-01-26 10:58:26 +03:00
$columnlist =~ s/\bowner\b/assigned_to/;
$columnlist =~ s/\bowner_realname\b/assigned_to_realname/;
$columnlist =~ s/\bplatform\b/rep_platform/;
$columnlist =~ s/\bseverity\b/bug_severity/;
$columnlist =~ s/\bstatus\b/bug_status/;
$columnlist =~ s/\bsummaryfull\b/short_desc/;
$columnlist =~ s/\bsummary\b/short_short_desc/;
2002-12-08 03:42:55 +03:00
2002-03-12 16:55:07 +03:00
# Use the columns listed in the user's preferences.
2002-12-08 03:42:55 +03:00
@displaycolumns = split(/ /, $columnlist);
1998-08-26 10:14:20 +04:00
}
2002-03-12 16:55:07 +03:00
else {
# Use the default list of columns.
2005-01-16 23:27:24 +03:00
@displaycolumns = DEFAULT_COLUMN_LIST;
1999-10-08 18:41:17 +04:00
}
2002-03-12 16:55:07 +03:00
# Weed out columns that don't actually exist to prevent the user
# from hacking their column list cookie to grab data to which they
# should not have access. Detaint the data along the way.
@displaycolumns = grep($columns->{$_} && trick_taint($_), @displaycolumns);
1999-10-08 18:41:17 +04:00
2002-03-12 16:55:07 +03:00
# Remove the "ID" column from the list because bug IDs are always displayed
# and are hard-coded into the display templates.
2002-12-08 03:42:55 +03:00
@displaycolumns = grep($_ ne 'bug_id', @displaycolumns);
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# Add the votes column to the list of columns to be displayed
# in the bug list if the user is searching for bugs with a certain
# number of votes and the votes column is not already on the list.
2002-04-05 11:48:27 +04:00
# Some versions of perl will taint 'votes' if this is done as a single
2002-10-26 05:57:09 +04:00
# statement, because the votes param is tainted at this point
my $votes = $params->param('votes');
$votes ||= "";
if (trim($votes) && !grep($_ eq 'votes', @displaycolumns)) {
2002-04-05 11:48:27 +04:00
push(@displaycolumns, 'votes');
}
1998-08-26 10:14:20 +04:00
2002-10-13 08:26:24 +04:00
# Remove the timetracking columns if they are not a part of the group
# (happens if a user had access to time tracking and it was revoked/disabled)
if (!UserInGroup(Param("timetrackinggroup"))) {
@displaycolumns = grep($_ ne 'estimated_time', @displaycolumns);
@displaycolumns = grep($_ ne 'remaining_time', @displaycolumns);
@displaycolumns = grep($_ ne 'actual_time', @displaycolumns);
@displaycolumns = grep($_ ne 'percentage_complete', @displaycolumns);
2005-01-16 16:36:05 +03:00
@displaycolumns = grep($_ ne 'deadline', @displaycolumns);
2002-10-13 08:26:24 +04:00
}
1998-08-26 10:14:20 +04:00
2004-04-06 04:11:26 +04:00
# Remove the relevance column if the user is not doing a fulltext search.
if (grep('relevance', @displaycolumns) && !$fulltext) {
@displaycolumns = grep($_ ne 'relevance', @displaycolumns);
}
2002-03-12 16:55:07 +03:00
################################################################################
# Select Column Determination
################################################################################
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# Generate the list of columns that will be selected in the SQL query.
1998-08-26 10:14:20 +04:00
2003-07-21 23:42:53 +04:00
# The bug ID is always selected because bug IDs are always displayed.
2003-08-22 17:55:23 +04:00
# Severity, priority, resolution and status are required for buglist
# CSS classes.
my @selectcolumns = ("bug_id", "bug_severity", "priority", "bug_status",
"resolution");
1999-01-19 03:07:46 +03:00
2004-08-21 01:49:20 +04:00
# if using classification, we also need to look in product.classification_id
if (Param("useclassification")) {
push (@selectcolumns,"product");
}
2002-10-13 08:26:24 +04:00
# remaining and actual_time are required for precentage_complete calculation:
2002-10-22 10:00:52 +04:00
if (lsearch(\@displaycolumns, "percentage_complete") >= 0) {
2002-10-13 08:26:24 +04:00
push (@selectcolumns, "remaining_time");
push (@selectcolumns, "actual_time");
}
2002-03-12 16:55:07 +03:00
# Display columns are selected because otherwise we could not display them.
push (@selectcolumns, @displaycolumns);
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# If the user is editing multiple bugs, we also make sure to select the product
# and status because the values of those fields determine what options the user
# has for modifying the bugs.
if ($dotweak) {
push(@selectcolumns, "product") if !grep($_ eq 'product', @selectcolumns);
2002-12-08 03:42:55 +03:00
push(@selectcolumns, "bug_status") if !grep($_ eq 'bug_status', @selectcolumns);
2000-01-22 22:08:57 +03:00
}
2004-03-17 00:18:41 +03:00
if ($format->{'extension'} eq 'ics') {
push(@selectcolumns, "opendate") if !grep($_ eq 'opendate', @selectcolumns);
}
2000-01-25 05:50:37 +03:00
2005-03-15 20:22:14 +03:00
if ($format->{'extension'} eq 'rss') {
2005-11-19 04:29:23 +03:00
# The title of the RSS feed will be the same one as for the bug list.
$vars->{'title'} = $cgi->param('title');
2005-03-15 20:22:14 +03:00
# This is the list of fields that are needed by the rss filter.
my @required_rss_columns = (
'short_desc',
'opendate',
'changeddate',
'reporter_realname',
'priority',
'bug_severity',
'assigned_to_realname',
'bug_status'
);
foreach my $required (@required_rss_columns) {
push(@selectcolumns, $required) if !grep($_ eq $required,@selectcolumns);
}
}
2002-03-12 16:55:07 +03:00
################################################################################
# Query Generation
################################################################################
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# Convert the list of columns being selected into a list of column names.
my @selectnames = map($columns->{$_}->{'name'}, @selectcolumns);
2000-02-18 03:50:25 +03:00
2002-10-13 08:26:24 +04:00
# Remove columns with no names, such as percentage_complete
# (or a removed *_time column due to permissions)
@selectnames = grep($_ ne '', @selectnames);
2002-03-12 16:55:07 +03:00
################################################################################
# Sort Order Determination
################################################################################
2000-01-22 22:23:58 +03:00
2002-03-12 16:55:07 +03:00
# Add to the query some instructions for sorting the bug list.
2004-07-23 09:09:00 +04:00
# First check if we'll want to reuse the last sorting order; that happens if
# the order is not defined or its value is "reuse last sort"
if (!$order || $order =~ /^reuse/i) {
if ($cgi->cookie('LASTORDER')) {
$order = $cgi->cookie('LASTORDER');
2005-01-03 02:18:04 +03:00
# Cookies from early versions of Specific Search included this text,
# which is now invalid.
$order =~ s/ LIMIT 200//;
2004-07-23 09:09:00 +04:00
$order_from_cookie = 1;
}
else {
$order = ''; # Remove possible "reuse" identifier as unnecessary
}
2002-03-12 16:55:07 +03:00
}
2001-01-25 08:30:35 +03:00
2002-11-11 09:52:59 +03:00
my $db_order = ""; # Modified version of $order for use with SQL query
2002-03-12 16:55:07 +03:00
if ($order) {
# Convert the value of the "order" form field into a list of columns
# by which to sort the results.
ORDER: for ($order) {
2004-04-06 04:11:26 +04:00
/^Bug Number$/ && do {
$order = "bugs.bug_id";
last ORDER;
};
/^Importance$/ && do {
$order = "bugs.priority, bugs.bug_severity";
last ORDER;
};
/^Assignee$/ && do {
$order = "map_assigned_to.login_name, bugs.bug_status, bugs.priority, bugs.bug_id";
last ORDER;
};
/^Last Changed$/ && do {
$order = "bugs.delta_ts, bugs.bug_status, bugs.priority, map_assigned_to.login_name, bugs.bug_id";
last ORDER;
};
do {
my @order;
2002-06-08 07:06:10 +04:00
my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
2002-03-12 16:55:07 +03:00
# A custom list of columns. Make sure each column is valid.
2002-06-08 07:06:10 +04:00
foreach my $fragment (split(/,/, $order)) {
$fragment = trim($fragment);
# Accept an order fragment matching a column name, with
# asc|desc optionally following (to specify the direction)
2004-04-06 04:11:26 +04:00
if (grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) {
next if $fragment =~ /\brelevance\b/ && !$fulltext;
push(@order, $fragment);
}
else {
2003-09-14 10:05:23 +04:00
my $vars = { fragment => $fragment };
2002-04-04 08:28:27 +04:00
if ($order_from_cookie) {
2005-07-07 15:53:38 +04:00
$cgi->remove_cookie('LASTORDER');
2003-09-14 10:05:23 +04:00
ThrowCodeError("invalid_column_name_cookie", $vars);
2002-09-29 01:44:27 +04:00
}
else {
2003-09-14 10:05:23 +04:00
ThrowCodeError("invalid_column_name_form", $vars);
2002-04-04 08:28:27 +04:00
}
2002-03-12 16:55:07 +03:00
}
}
2004-04-06 04:11:26 +04:00
$order = join(",", @order);
2002-03-12 16:55:07 +03:00
# Now that we have checked that all columns in the order are valid,
# detaint the order string.
trick_taint($order);
1998-09-16 01:49:26 +04:00
};
1998-08-26 10:14:20 +04:00
}
2004-04-06 04:11:26 +04:00
}
else {
# DEFAULT
$order = "bugs.bug_status, bugs.priority, map_assigned_to.login_name, bugs.bug_id";
}
2002-04-04 08:28:27 +04:00
2004-04-06 04:11:26 +04:00
foreach my $fragment (split(/,/, $order)) {
$fragment = trim($fragment);
if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @selectnames)) {
# Add order columns to selectnames
# The fragment has already been validated
$fragment =~ s/\s+(asc|desc)$//;
2005-07-20 02:38:26 +04:00
# This fixes an issue where columns being used in the ORDER BY statement
# can have the SQL that generates the value changed to become invalid -
# mainly affects time tracking.
if ($fragment =~ / AS (\w+)/) {
$fragment = $columns->{$1}->{'name'};
}
else {
$fragment =~ tr/a-zA-Z\.0-9\-_//cd;
}
2004-04-06 04:11:26 +04:00
push @selectnames, $fragment;
}
}
1998-09-16 01:49:26 +04:00
2004-04-06 04:11:26 +04:00
$db_order = $order; # Copy $order into $db_order for use with SQL query
2002-10-13 08:26:24 +04:00
2004-04-06 04:11:26 +04:00
# If we are sorting by votes, sort in descending order if no explicit
# sort order was given
$db_order =~ s/bugs.votes\s*(,|$)/bugs.votes desc$1/i;
# the 'actual_time' field is defined as an aggregate function, but
# for order we just need the column name 'actual_time'
my $aggregate_search = quotemeta($columns->{'actual_time'}->{'name'});
$db_order =~ s/$aggregate_search/actual_time/g;
2002-10-13 08:26:24 +04:00
2004-04-06 04:11:26 +04:00
# the 'percentage_complete' field is defined as an aggregate too
$aggregate_search = quotemeta($columns->{'percentage_complete'}->{'name'});
$db_order =~ s/$aggregate_search/percentage_complete/g;
2000-01-23 05:22:11 +03:00
2005-01-18 20:25:02 +03:00
# Now put $db_order into a format that Bugzilla::Search can use.
# (We create $db_order as a string first because that's the way
# we did it before Bugzilla::Search took an "order" argument.)
my @orderstrings = split(',', $db_order);
2002-11-11 09:52:59 +03:00
# Generate the basic SQL query that will be used to generate the bug list.
my $search = new Bugzilla::Search('fields' => \@selectnames,
2005-01-18 20:25:02 +03:00
'params' => $params,
'order' => \@orderstrings);
2002-11-11 09:52:59 +03:00
my $query = $search->getSQL();
2005-04-09 03:57:33 +04:00
if (defined $cgi->param('limit')) {
my $limit = $cgi->param('limit');
if (detaint_natural($limit)) {
$query .= " " . $dbh->sql_limit($limit);
}
2004-04-06 05:19:15 +04:00
}
elsif ($fulltext) {
2005-06-25 16:28:48 +04:00
$query .= " " . $dbh->sql_limit(FULLTEXT_BUGLIST_LIMIT);
2005-06-21 00:32:35 +04:00
$vars->{'sorted_by_relevance'} = 1;
2004-04-06 04:11:26 +04:00
}
2000-01-23 05:22:11 +03:00
2002-03-12 16:55:07 +03:00
################################################################################
# Query Execution
################################################################################
2001-10-23 19:44:53 +04:00
2005-04-09 03:57:33 +04:00
if ($cgi->param('debug')) {
2003-08-28 02:12:26 +04:00
$vars->{'debug'} = 1;
$vars->{'query'} = $query;
2005-10-26 20:52:28 +04:00
$vars->{'debugdata'} = $search->getDebugData();
2003-08-28 02:12:26 +04:00
}
2002-03-12 16:55:07 +03:00
# Time to use server push to display an interim message to the user until
# the query completes and we can display the bug list.
2005-01-12 20:06:10 +03:00
my $disposition = '';
2002-03-12 16:55:07 +03:00
if ($serverpush) {
2005-01-12 20:06:10 +03:00
$filename =~ s/\\/\\\\/g; # escape backslashes
$filename =~ s/"/\\"/g; # escape quotes
$disposition = qq#inline; filename="$filename"#;
2003-05-05 05:15:38 +04:00
2005-01-12 20:06:10 +03:00
print $cgi->multipart_init(-content_disposition => $disposition);
2003-05-05 05:15:38 +04:00
print $cgi->multipart_start();
1998-09-16 01:49:26 +04:00
2002-03-12 16:55:07 +03:00
# Generate and return the UI (HTML page) from the appropriate template.
2002-04-24 11:24:50 +04:00
$template->process("list/server-push.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
2003-05-05 05:15:38 +04:00
2004-09-11 10:24:43 +04:00
# Don't do multipart_end() until we're ready to display the replacement
# page, otherwise any errors that happen before then (like SQL errors)
# will result in a blank page being shown to the user instead of the error.
1998-08-26 10:14:20 +04:00
}
2002-03-12 16:55:07 +03:00
# Connect to the shadow database if this installation is using one to improve
# query performance.
2005-11-13 20:50:47 +03:00
$dbh = Bugzilla->switch_to_shadow_db();
1998-08-26 10:14:20 +04:00
2002-03-28 10:57:05 +03:00
# Normally, we ignore SIGTERM and SIGPIPE (see globals.pl) but we need to
# respond to them here to prevent someone DOSing us by reloading a query
# a large number of times.
$::SIG{TERM} = 'DEFAULT';
$::SIG{PIPE} = 'DEFAULT';
2002-03-12 16:55:07 +03:00
# Execute the query.
2005-02-03 02:06:05 +03:00
my $buglist_sth = $dbh->prepare($query);
$buglist_sth->execute();
1998-09-16 01:49:26 +04:00
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Results Retrieval
################################################################################
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# Retrieve the query results one row at a time and write the data into a list
# of Perl records.
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
my $bugowners = {};
my $bugproducts = {};
my $bugstatuses = {};
2002-11-09 04:58:07 +03:00
my @bugidlist;
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
my @bugs; # the list of records
2000-02-04 17:08:00 +03:00
2005-02-03 02:06:05 +03:00
while (my @row = $buglist_sth->fetchrow_array()) {
2002-03-12 16:55:07 +03:00
my $bug = {}; # a record
2000-02-04 17:08:00 +03:00
2002-03-12 16:55:07 +03:00
# Slurp the row of data into the record.
2002-09-27 20:44:58 +04:00
# The second from last column in the record is the number of groups
# to which the bug is restricted.
2002-11-09 04:58:07 +03:00
foreach my $column (@selectcolumns) {
2002-03-12 16:55:07 +03:00
$bug->{$column} = shift @row;
2000-02-04 17:08:00 +03:00
}
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
# Process certain values further (i.e. date format conversion).
if ($bug->{'changeddate'}) {
$bug->{'changeddate'} =~
2004-03-17 00:18:41 +03:00
s/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/$1-$2-$3 $4:$5:$6/;
2005-03-15 20:22:14 +03:00
# Put in the change date as a time, so that the template date plugin
# can format the date in any way needed by the template. ICS and RSS
# have specific, and different, date and time formatting.
$bug->{'changedtime'} = str2time($bug->{'changeddate'});
$bug->{'changeddate'} = DiffDate($bug->{'changeddate'});
2004-03-17 00:18:41 +03:00
}
if ($bug->{'opendate'}) {
2005-03-15 20:22:14 +03:00
# Put in the open date as a time for the template date plugin.
$bug->{'opentime'} = str2time($bug->{'opendate'});
$bug->{'opendate'} = DiffDate($bug->{'opendate'});
2002-03-12 16:55:07 +03:00
}
1998-08-26 10:14:20 +04:00
2005-06-20 23:16:34 +04:00
# Record the assignee, product, and status in the big hashes of those things.
2002-12-08 03:42:55 +03:00
$bugowners->{$bug->{'assigned_to'}} = 1 if $bug->{'assigned_to'};
2002-03-12 16:55:07 +03:00
$bugproducts->{$bug->{'product'}} = 1 if $bug->{'product'};
2002-12-08 03:42:55 +03:00
$bugstatuses->{$bug->{'bug_status'}} = 1 if $bug->{'bug_status'};
1998-08-26 10:14:20 +04:00
2004-09-23 23:05:20 +04:00
$bug->{'secure_mode'} = undef;
2002-11-09 04:58:07 +03:00
2002-03-12 16:55:07 +03:00
# Add the record to the list.
push(@bugs, $bug);
2002-11-09 04:58:07 +03:00
# Add id to list for checking for bug privacy later
2002-12-08 03:42:55 +03:00
push(@bugidlist, $bug->{'bug_id'});
2000-01-15 01:35:49 +03:00
}
2004-09-23 23:05:20 +04:00
# Check for bug privacy and set $bug->{'secure_mode'} to 'implied' or 'manual'
# based on whether the privacy is simply product implied (by mandatory groups)
# or because of human choice
my %min_membercontrol;
2002-11-09 04:58:07 +03:00
if (@bugidlist) {
2005-07-20 02:38:26 +04:00
my $sth = $dbh->prepare(
2005-04-05 01:52:06 +04:00
"SELECT DISTINCT bugs.bug_id, MIN(group_control_map.membercontrol) " .
"FROM bugs " .
"INNER JOIN bug_group_map " .
"ON bugs.bug_id = bug_group_map.bug_id " .
"LEFT JOIN group_control_map " .
"ON group_control_map.product_id = bugs.product_id " .
"AND group_control_map.group_id = bug_group_map.group_id " .
"WHERE bugs.bug_id IN (" . join(',',@bugidlist) . ") " .
2005-03-16 03:27:15 +03:00
$dbh->sql_group_by('bugs.bug_id'));
2005-02-03 02:06:05 +03:00
$sth->execute();
while (my ($bug_id, $min_membercontrol) = $sth->fetchrow_array()) {
2005-06-25 16:10:28 +04:00
$min_membercontrol{$bug_id} = $min_membercontrol || CONTROLMAPNA;
2002-11-09 04:58:07 +03:00
}
foreach my $bug (@bugs) {
2004-09-30 02:37:17 +04:00
next unless defined($min_membercontrol{$bug->{'bug_id'}});
2005-06-25 16:10:28 +04:00
if ($min_membercontrol{$bug->{'bug_id'}} == CONTROLMAPMANDATORY) {
2004-09-23 23:05:20 +04:00
$bug->{'secure_mode'} = 'implied';
2002-11-09 04:58:07 +03:00
}
2005-06-25 16:10:28 +04:00
else {
$bug->{'secure_mode'} = 'manual';
}
2002-11-09 04:58:07 +03:00
}
}
2000-06-03 01:34:37 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Template Variable Definition
################################################################################
1998-09-16 01:49:26 +04:00
2002-03-12 16:55:07 +03:00
# Define the variables and functions that will be passed to the UI template.
1998-09-16 01:49:26 +04:00
2002-03-12 16:55:07 +03:00
$vars->{'bugs'} = \@bugs;
2005-01-24 19:39:27 +03:00
$vars->{'buglist'} = \@bugidlist;
2005-02-28 20:53:19 +03:00
$vars->{'buglist_joined'} = join(',', @bugidlist);
2002-03-12 16:55:07 +03:00
$vars->{'columns'} = $columns;
$vars->{'displaycolumns'} = \@displaycolumns;
1999-07-01 07:45:43 +04:00
2002-03-12 16:55:07 +03:00
my @openstates = OpenStates();
$vars->{'openstates'} = \@openstates;
$vars->{'closedstates'} = ['CLOSED', 'VERIFIED', 'RESOLVED'];
2001-01-25 08:30:35 +03:00
2002-03-12 16:55:07 +03:00
# The list of query fields in URL query string format, used when creating
# URLs to the same query results page with different parameters (such as
# a different sort order or when taking some action on the set of query
2005-08-10 13:47:58 +04:00
# results). To get this string, we call the Bugzilla::CGI::canoncalise_query
# function with a list of elements to be removed from the URL.
$vars->{'urlquerypart'} = $params->canonicalise_query('order',
'cmdtype',
'query_based_on');
2002-03-12 16:55:07 +03:00
$vars->{'order'} = $order;
$vars->{'caneditbugs'} = UserInGroup('editbugs');
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
my @bugowners = keys %$bugowners;
if (scalar(@bugowners) > 1 && UserInGroup('editbugs')) {
my $suffix = Param('emailsuffix');
map(s/$/$suffix/, @bugowners) if $suffix;
my $bugowners = join(",", @bugowners);
$vars->{'bugowners'} = $bugowners;
1998-08-26 10:14:20 +04:00
}
2002-03-12 16:55:07 +03:00
# Whether or not to split the column titles across two rows to make
# the list more compact.
2004-07-21 01:20:20 +04:00
$vars->{'splitheader'} = $cgi->cookie('SPLITHEADER') ? 1 : 0;
1998-08-26 10:14:20 +04:00
2002-07-25 03:23:00 +04:00
$vars->{'quip'} = GetQuip();
2002-07-26 22:16:39 +04:00
$vars->{'currenttime'} = time();
2002-03-12 16:55:07 +03:00
# The following variables are used when the user is making changes to multiple bugs.
1998-09-16 01:49:26 +04:00
if ($dotweak) {
2002-03-12 16:55:07 +03:00
$vars->{'dotweak'} = 1;
$vars->{'use_keywords'} = 1 if @::legal_keywords;
2005-10-12 06:08:57 +04:00
$vars->{'products'} = Bugzilla->user->get_enterable_products;
2002-03-12 16:55:07 +03:00
$vars->{'platforms'} = \@::legal_platform;
2005-08-31 04:56:11 +04:00
$vars->{'op_sys'} = \@::legal_opsys;
2002-03-12 16:55:07 +03:00
$vars->{'priorities'} = \@::legal_priority;
$vars->{'severities'} = \@::legal_severity;
$vars->{'resolutions'} = \@::settable_resolution;
2005-02-08 19:22:26 +03:00
$vars->{'unconfirmedstate'} = 'UNCONFIRMED';
2002-03-12 16:55:07 +03:00
$vars->{'bugstatuses'} = [ keys %$bugstatuses ];
# The groups to which the user belongs.
2005-08-23 00:48:44 +04:00
$vars->{'groups'} = GetGroups();
2002-03-12 16:55:07 +03:00
# If all bugs being changed are in the same product, the user can change
# their version and component, so generate a list of products, a list of
# versions for the product (if there is only one product on the list of
# products), and a list of components for the product.
$vars->{'bugproducts'} = [ keys %$bugproducts ];
if (scalar(@{$vars->{'bugproducts'}}) == 1) {
my $product = $vars->{'bugproducts'}->[0];
$vars->{'versions'} = $::versions{$product};
$vars->{'components'} = $::components{$product};
$vars->{'targetmilestones'} = $::target_milestone{$product} if Param('usetargetmilestone');
1998-08-26 10:14:20 +04:00
}
}
2001-07-20 19:18:30 +04:00
2004-07-22 09:14:14 +04:00
# If we're editing a stored query, use the existing query name as default for
# the "Remember search as" field.
$vars->{'defaultsavename'} = $cgi->param('query_based_on');
2000-01-07 00:16:15 +03:00
2002-03-12 16:55:07 +03:00
################################################################################
# HTTP Header Generation
################################################################################
2000-01-07 00:16:15 +03:00
2002-03-12 16:55:07 +03:00
# Generate HTTP headers
1998-08-26 10:14:20 +04:00
2003-05-05 05:15:38 +04:00
my $contenttype;
2004-04-06 01:53:10 +04:00
my $disp = "inline";
1998-08-26 10:14:20 +04:00
2002-03-12 16:55:07 +03:00
if ($format->{'extension'} eq "html") {
if ($order) {
2003-05-05 05:15:38 +04:00
$cgi->send_cookie(-name => 'LASTORDER',
2003-05-09 06:32:21 +04:00
-value => $order,
2003-05-05 05:15:38 +04:00
-expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
2001-07-22 04:22:36 +04:00
}
2002-11-09 04:58:07 +03:00
my $bugids = join(":", @bugidlist);
2002-04-04 08:28:27 +04:00
# See also Bug 111999
2005-07-08 07:39:19 +04:00
if (length($bugids) == 0) {
$cgi->remove_cookie('BUGLIST');
}
elsif (length($bugids) < 4000) {
2003-05-05 05:15:38 +04:00
$cgi->send_cookie(-name => 'BUGLIST',
-value => $bugids,
-expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
2001-07-22 04:22:36 +04:00
}
2002-03-12 16:55:07 +03:00
else {
2005-07-07 15:53:38 +04:00
$cgi->remove_cookie('BUGLIST');
2002-03-12 16:55:07 +03:00
$vars->{'toolong'} = 1;
1998-08-26 10:14:20 +04:00
}
2003-05-05 05:15:38 +04:00
$contenttype = "text/html";
2002-03-12 16:55:07 +03:00
}
else {
2003-05-05 05:15:38 +04:00
$contenttype = $format->{'ctype'};
1998-08-26 10:14:20 +04:00
}
2004-04-06 01:53:10 +04:00
if ($format->{'extension'} eq "csv") {
# We set CSV files to be downloaded, as they are designed for importing
# into other programs.
$disp = "attachment";
}
2003-05-05 05:15:38 +04:00
if ($serverpush) {
2004-09-11 10:24:43 +04:00
# close the "please wait" page, then open the buglist page
print $cgi->multipart_end();
2005-10-08 00:48:56 +04:00
my @extra;
push @extra, (-charset => "utf8") if Param("utf8");
print $cgi->multipart_start(-type => $contenttype,
-content_disposition => $disposition,
@extra);
2003-05-05 05:15:38 +04:00
} else {
# Suggest a name for the bug list if the user wants to save it as a file.
# If we are doing server push, then we did this already in the HTTP headers
# that started the server push, so we don't have to do it again here.
print $cgi->header(-type => $contenttype,
2004-04-06 01:53:10 +04:00
-content_disposition => "$disp; filename=$filename");
2003-05-05 05:15:38 +04:00
}
1998-08-26 10:14:20 +04:00
2000-07-14 03:12:52 +04:00
2002-03-12 16:55:07 +03:00
################################################################################
# Content Generation
################################################################################
2000-07-14 03:12:52 +04:00
2002-03-12 16:55:07 +03:00
# Generate and return the UI (HTML page) from the appropriate template.
2002-09-18 03:28:24 +04:00
$template->process($format->{'template'}, $vars)
2002-04-24 11:24:50 +04:00
|| ThrowTemplateError($template->error());
2001-06-21 06:02:30 +04:00
2000-01-15 01:35:49 +03:00
2002-03-12 16:55:07 +03:00
################################################################################
# Script Conclusion
################################################################################
2003-05-05 05:15:38 +04:00
print $cgi->multipart_final() if $serverpush;