Bug 151053, ConnectToDatabase/quietly_check_login sometimes not called

early enough r=mattyt, jouni
2002-06-17 09:39:00 +00:00 · 2002-06-17 09:39:00 +00:00 · 693d63dda2
--- a/webtools/bugzilla/buglist.cgi
+++ b/webtools/bugzilla/buglist.cgi
@ -66,14 +66,28 @@ ConnectToDatabase();
 # Data and Security Validation
 ################################################################################

+# Whether or not the user wants to change multiple bugs.
+my $dotweak = $::FORM{'tweak'} ? 1 : 0;
+
+# Log the user in
+if ($dotweak) {
+    confirm_login();
+    if (!UserInGroup("editbugs")) {
+        DisplayError("Sorry, you do not have sufficient privileges to edit
+                      multiple bugs.");
+        exit;
+    }
+    GetVersionTable();
+}
+else {
+    quietly_check_login();
+}
+
 # Determine the format in which the user would like to receive the output.
 # Uses the default format if the user did not specify an output format;
 # otherwise validates the user's choice against the list of available formats.
 my $format = ValidateOutputFormat($::FORM{'format'}, "list");

-# Whether or not the user wants to change multiple bugs.
-my $dotweak = $::FORM{'tweak'} ? 1 : 0;
-
 # Use server push to display a "Please wait..." message for the user while
 # executing their query if their browser supports it and they are viewing
 # the bug list as HTML and they have not disabled it by adding &serverpush=0
@ -137,20 +151,6 @@ if ($::FORM{'cmdtype'} eq 'runnamed') {
    $filename =~ s/\s//;
 }

-if ($dotweak) {
-    confirm_login();
-    if (!UserInGroup("editbugs")) {
-        DisplayError("Sorry, you do not have sufficient privileges to edit
-                      multiple bugs.");
-        exit;
-    }
-    GetVersionTable();
-}
-else {
-    quietly_check_login();
-}
-
-
 ################################################################################
 # Utilities
 ################################################################################
--- a/webtools/bugzilla/colchange.cgi
+++ b/webtools/bugzilla/colchange.cgi
@ -34,6 +34,7 @@ use vars qw(

 require "CGI.pl";

+ConnectToDatabase();
 quietly_check_login();

 print "Content-type: text/html\n";
@ -41,7 +42,6 @@ print "Content-type: text/html\n";
 # The master list not only says what fields are possible, but what order
 # they get displayed in.

-ConnectToDatabase();
 GetVersionTable();

 my @masterlist = ("opendate", "changeddate", "severity", "priority",
--- a/webtools/bugzilla/createaccount.cgi
+++ b/webtools/bugzilla/createaccount.cgi
@ -42,6 +42,9 @@ ConnectToDatabase();

 # If we're using LDAP for login, then we can't create a new account here.
 if(Param('useLDAP')) {
+  # Just in case someone already has an account, let them get the correct
+  # footer on the error message
+  quietly_check_login();
  DisplayError("This site is using LDAP for authentication.  Please contact 
                an LDAP administrator to get a new account created.",
               "Can't create LDAP accounts");
--- a/webtools/bugzilla/describecomponents.cgi
+++ b/webtools/bugzilla/describecomponents.cgi
@ -34,10 +34,10 @@ use lib qw(.);
 require "CGI.pl";

 ConnectToDatabase();
-GetVersionTable();
-
 quietly_check_login();

+GetVersionTable();
+
 if (!defined $::FORM{'product'}) {
    # Reference to a subset of %::proddesc, which the user is allowed to see
    my %products;
--- a/webtools/bugzilla/doeditparams.cgi
+++ b/webtools/bugzilla/doeditparams.cgi
@ -33,7 +33,7 @@ use vars %::param,
    %::param_default,
    @::param_list;

-
+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editcomponents.cgi
+++ b/webtools/bugzilla/editcomponents.cgi
@ -188,6 +188,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editgroups.cgi
+++ b/webtools/bugzilla/editgroups.cgi
@ -29,6 +29,7 @@ use lib ".";

 require "CGI.pl";

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editkeywords.cgi
+++ b/webtools/bugzilla/editkeywords.cgi
@ -108,6 +108,7 @@ sub Validate ($$) {
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editmilestones.cgi
+++ b/webtools/bugzilla/editmilestones.cgi
@ -146,6 +146,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editparams.cgi
+++ b/webtools/bugzilla/editparams.cgi
@ -32,6 +32,7 @@ require "defparams.pl";
 use vars @::param_desc,
    @::param_list;

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editproducts.cgi
+++ b/webtools/bugzilla/editproducts.cgi
@ -175,6 +175,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editusers.cgi
+++ b/webtools/bugzilla/editusers.cgi
@ -231,6 +231,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/editversions.cgi
+++ b/webtools/bugzilla/editversions.cgi
@ -155,6 +155,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #

+ConnectToDatabase();
 confirm_login();

 print "Content-type: text/html\n\n";
--- a/webtools/bugzilla/move.pl
+++ b/webtools/bugzilla/move.pl
@ -37,6 +37,7 @@ unless ( Param("move-enabled") ) {
 }

 ConnectToDatabase();
+confirm_login();

 sub Log {
    my ($str) = (@_);
@ -80,7 +81,6 @@ if ( !defined $::FORM{'buglist'} ) {
  exit;
 }

-confirm_login();
 my $exporter = $::COOKIE{"Bugzilla_login"};
 my $movers = Param("movers");
 $movers =~ s/\w?,\w?/|/g;
--- a/webtools/bugzilla/post_bug.cgi
+++ b/webtools/bugzilla/post_bug.cgi
@ -50,6 +50,7 @@ sub sillyness {
 # Use global template variables.
 use vars qw($vars $template);

+ConnectToDatabase();
 confirm_login();


@ -89,7 +90,6 @@ if (defined $::FORM{'maketemplate'}) {
 }

 umask 0;
-ConnectToDatabase();

 # Some sanity checking
 if(Param("usebuggroupsentry") && GroupExists($product)) {
--- a/webtools/bugzilla/process_bug.cgi
+++ b/webtools/bugzilla/process_bug.cgi
@ -53,6 +53,7 @@ use vars qw(%versions
          %superusergroupset
          $next_bug);

+ConnectToDatabase();
 my $whoid = confirm_login();

 my $requiremilestone = 0;
@ -124,8 +125,6 @@ if ( Param("usetargetmilestone") ) {
  CheckFormFieldDefined(\%::FORM, 'target_milestone');
 }

-ConnectToDatabase();
-
 #
 # This function checks if there is a comment required for a specific
 # function and tests, if the comment was given.
--- a/webtools/bugzilla/queryhelp.cgi
+++ b/webtools/bugzilla/queryhelp.cgi
@ -32,6 +32,8 @@ use lib qw(.);
 require "CGI.pl";

 ConnectToDatabase();
+quietly_check_login();
+
 GetVersionTable();

 print "Content-type: text/html\n\n";
@ -558,8 +560,6 @@ user with the proper permissions can edit these keywords. The following is a lis
 stored on this version of Bugzilla:
 };

-ConnectToDatabase();
-
 my $tableheader = qq{
 <p><table border="1" cellpadding="4" cellspacing="0">
 <tr bgcolor="#6666FF">
@ -609,7 +609,6 @@ while (MoreSQLData()) {

 print "</table><p>\n";

-quietly_check_login();

 if (UserInGroup("editkeywords")) {
    print qq{<p><a href="editkeywords.cgi">Edit keywords</a>\n};
--- a/webtools/bugzilla/quips.cgi
+++ b/webtools/bugzilla/quips.cgi
@ -34,6 +34,11 @@ use lib qw(.);

 require "CGI.pl";

+# Even though quips aren't (yet) in the database, we need to check
+# logins for the footer
+ConnectToDatabase();
+quietly_check_login();
+
 my $action = $::FORM{'action'} || "";

 if ($action eq "show") {
--- a/webtools/bugzilla/sidebar.cgi
+++ b/webtools/bugzilla/sidebar.cgi
@ -29,13 +29,11 @@ use vars qw(
 );

 ConnectToDatabase();
+quietly_check_login();

 # Needed for $::anyvotesallowed
 GetVersionTable();

-# Check to see if the user has logged in yet.
-quietly_check_login();
-
 ###############################################################################
 # Main Body Execution
 ###############################################################################
--- a/webtools/bugzilla/token.cgi
+++ b/webtools/bugzilla/token.cgi
@ -37,6 +37,7 @@ require "CGI.pl";

 # Establish a connection to the database backend.
 ConnectToDatabase();
+quietly_check_login();

 # Use the "Token" module that contains functions for doing various
 # token-related tasks.
--- a/webtools/bugzilla/userprefs.cgi
+++ b/webtools/bugzilla/userprefs.cgi
@ -359,6 +359,8 @@ sub DoPermissions {
 ###############################################################################
 # Live code (not subroutine definitions) starts here
 ###############################################################################
+
+ConnectToDatabase();
 confirm_login();

 GetVersionTable();
--- a/webtools/bugzilla/xml.cgi
+++ b/webtools/bugzilla/xml.cgi
@ -32,6 +32,9 @@ require "CGI.pl";

 use vars qw($template $vars);

+ConnectToDatabase();
+quietly_check_login();
+
 if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
    print "Content-Type: text/html\n\n";
    $template->process("bug/choose-xml.html.tmpl", $vars)
@ -39,8 +42,6 @@ if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
    exit;
 }

-quietly_check_login();
-
 my $exporter = $::COOKIE{"Bugzilla_login"} || undef;

 my @ids = split (/[, ]+/, $::FORM{'id'});