Websites/bugs.webkit.org/process_bug.cgi - WebKit - Git at Google

 #!/usr/bin/perl -T
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.

 use 5.10.1;
 use strict;
 use warnings;

 use lib qw(. lib);

 use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Bug;
 use Bugzilla::User;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Flag;
 use Bugzilla::Status;
 use Bugzilla::Token;

 use List::MoreUtils qw(firstidx);
 use Storable qw(dclone);

 my $user = Bugzilla->login(LOGIN_REQUIRED);

 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

 ######################################################################
 # Subroutines
 ######################################################################

 # Tells us whether or not a field should be changed by process_bug.
 sub should_set {
     # check_defined is used for fields where there's another field
     # whose name starts with "defined_" and then the field name--it's used
     # to know when we did things like empty a multi-select or deselect
     # a checkbox.
     my ($field, $check_defined) = @_;
     my $cgi = Bugzilla->cgi;
     if ( defined $cgi->param($field)
          || ($check_defined && defined $cgi->param("defined_$field")) )
     {
         return 1;
     }
     return 0;
 }

 ######################################################################
 # Begin Data/Security Validation
 ######################################################################

 # Create a list of objects for all bugs being modified in this request.
 my @bug_objects;
 if (defined $cgi->param('id')) {
   my $bug = Bugzilla::Bug->check_for_edit(scalar $cgi->param('id'));
   $cgi->param('id', $bug->id);
   push(@bug_objects, $bug);
 } else {
     foreach my $i ($cgi->param()) {
         if ($i =~ /^id_([1-9][0-9]*)/) {
             my $id = $1;
             push(@bug_objects, Bugzilla::Bug->check_for_edit($id));
         }
     }
 }

 # Make sure there are bugs to process.
 scalar(@bug_objects) || ThrowUserError("no_bugs_chosen", {action => 'modify'});

 my $first_bug = $bug_objects[0]; # Used when we're only updating a single bug.

 # Delete any parameter set to 'dontchange'.
 if (defined $cgi->param('dontchange')) {
     foreach my $name ($cgi->param) {
         next if $name eq 'dontchange'; # But don't delete dontchange itself!
         # Skip ones we've already deleted (such as "defined_$name").
         next if !defined $cgi->param($name);
         if ($cgi->param($name) eq $cgi->param('dontchange')) {
             $cgi->delete($name);
             $cgi->delete("defined_$name");
         }
     }
 }

 # do a match on the fields if applicable
 Bugzilla::User::match_field({
     'qa_contact'                => { 'type' => 'single' },
     'newcc'                     => { 'type' => 'multi'  },
     'masscc'                    => { 'type' => 'multi'  },
     'assigned_to'               => { 'type' => 'single' },
 });

 print $cgi->header() unless Bugzilla->usage_mode == USAGE_MODE_EMAIL;

 # Check for a mid-air collision. Currently this only works when updating
 # an individual bug.
 my $delta_ts = $cgi->param('delta_ts') || '';

 if ($delta_ts) {
     my $delta_ts_z = datetime_from($delta_ts)
       or ThrowCodeError('invalid_timestamp', { timestamp => $delta_ts });

     my $first_delta_tz_z =  datetime_from($first_bug->delta_ts);

     if ($first_delta_tz_z ne $delta_ts_z) {
         ($vars->{'operations'}) = $first_bug->get_activity(undef, $delta_ts);

         # Always sort midair collision comments oldest to newest,
         # regardless of the user's personal preference.
         my $comments = $first_bug->comments({ order => 'oldest_to_newest',
                                               after => $delta_ts });

         # Show midair if previous changes made other than CC
         # and/or one or more comments were made
         my $do_midair = scalar @$comments ? 1 : 0;

         if (!$do_midair) {
             foreach my $operation (@{ $vars->{'operations'} }) {
                 foreach my $change (@{ $operation->{'changes'} }) {
                     if ($change->{'fieldname'} ne 'cc') {
                         $do_midair = 1;
                         last;
                     }
                 }
                 last if $do_midair;
             }
         }

         if ($do_midair) {
             $vars->{'title_tag'} = "mid_air";
             $vars->{'comments'} = $comments;
             $vars->{'bug'} = $first_bug;
             # The token contains the old delta_ts. We need a new one.
             $cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts]));

             # Warn the user about the mid-air collision and ask them what to do.
             $template->process("bug/process/midair.html.tmpl", $vars)
                 || ThrowTemplateError($template->error());
             exit;
         }
     }
 }

 # We couldn't do this check earlier as we first had to validate bug IDs
 # and display the mid-air collision page if delta_ts changed.
 # If we do a mass-change, we use session tokens.
 my $token = $cgi->param('token');

 if ($cgi->param('id')) {
     check_hash_token($token, [$first_bug->id, $delta_ts || $first_bug->delta_ts]);
 }
 else {
     check_token_data($token, 'buglist_mass_change', 'query.cgi');
 }

 ######################################################################
 # End Data/Security Validation
 ######################################################################

 $vars->{'title_tag'} = "bug_processed";

 my $action;
 if (defined $cgi->param('id')) {
     $action = $user->setting('post_bug_submit_action');

     if ($action eq 'next_bug') {
         my $bug_list_obj = $user->recent_search_for($first_bug);
         my @bug_list = $bug_list_obj ? @{$bug_list_obj->bug_list} : ();
         my $cur = firstidx { $_ eq $cgi->param('id') } @bug_list;
         if ($cur >= 0 && $cur < $#bug_list) {
             my $next_bug_id = $bug_list[$cur + 1];
             detaint_natural($next_bug_id);
             if ($next_bug_id and $user->can_see_bug($next_bug_id)) {
                 # We create an object here so that $bug->send_changes can use it
                 # when displaying the header.
                 $vars->{'bug'} = new Bugzilla::Bug($next_bug_id);
             }
         }
     }
     # Include both action = 'same_bug' and 'nothing'.
     else {
         $vars->{'bug'} = $first_bug;
     }
 }
 else {
     # param('id') is not defined when changing multiple bugs at once.
     $action = 'nothing';
 }

 # Component, target_milestone, and version are in here just in case
 # the 'product' field wasn't defined in the CGI. It doesn't hurt to set
 # them twice.
 my @set_fields = qw(op_sys rep_platform priority bug_severity
                     component target_milestone version
                     bug_file_loc status_whiteboard short_desc
                     deadline remaining_time estimated_time
                     work_time set_default_assignee set_default_qa_contact
                     cclist_accessible reporter_accessible
                     product confirm_product_change
                     bug_status resolution dup_id bug_ignored);
 push(@set_fields, 'assigned_to') if !$cgi->param('set_default_assignee');
 push(@set_fields, 'qa_contact')  if !$cgi->param('set_default_qa_contact');
 my %field_translation = (
     bug_severity => 'severity',
     rep_platform => 'platform',
     short_desc   => 'summary',
     bug_file_loc => 'url',
     set_default_assignee   => 'reset_assigned_to',
     set_default_qa_contact => 'reset_qa_contact',
     confirm_product_change => 'product_change_confirmed',
 );

 my %set_all_fields = ( other_bugs => \@bug_objects );
 foreach my $field_name (@set_fields) {
     if (should_set($field_name, 1)) {
         my $param_name = $field_translation{$field_name} || $field_name;
         $set_all_fields{$param_name} = $cgi->param($field_name);
     }
 }

 if (should_set('keywords')) {
     my $action = $cgi->param('keywordaction') || '';
     # Backward-compatibility for Bugzilla 3.x and older.
     $action = 'remove' if $action eq 'delete';
     $action = 'set'    if $action eq 'makeexact';
     $set_all_fields{keywords}->{$action} = $cgi->param('keywords');
 }
 if (should_set('comment')) {
     $set_all_fields{comment} = {
         body        => scalar $cgi->param('comment'),
         is_private  => scalar $cgi->param('comment_is_private'),
     };
 }
 if (should_set('see_also')) {
     $set_all_fields{'see_also'}->{add} =
         [split(/[\s]+/, $cgi->param('see_also'))];
 }
 if (should_set('remove_see_also')) {
     $set_all_fields{'see_also'}->{remove} = [$cgi->param('remove_see_also')];
 }
 foreach my $dep_field (qw(dependson blocked)) {
     if (should_set($dep_field)) {
         if (my $dep_action = $cgi->param("${dep_field}_action")) {
             $set_all_fields{$dep_field}->{$dep_action} =
                 [split(/[\s,]+/, $cgi->param($dep_field))];
         }
         else {
             $set_all_fields{$dep_field}->{set} = $cgi->param($dep_field);
         }
     }
 }
 # Formulate the CC data into two arrays of users involved in this CC change.
 if (defined $cgi->param('newcc')
     or defined $cgi->param('addselfcc')
     or defined $cgi->param('removecc')
     or defined $cgi->param('masscc'))
 {
     my (@cc_add, @cc_remove);
     # If masscc is defined, then we came from buglist and need to either add or
     # remove cc's... otherwise, we came from show_bug and may need to do both.
     if (defined $cgi->param('masscc')) {
         if ($cgi->param('ccaction') eq 'add') {
             @cc_add = $cgi->param('masscc');
         } elsif ($cgi->param('ccaction') eq 'remove') {
             @cc_remove = $cgi->param('masscc');
         }
     } else {
         @cc_add = $cgi->param('newcc');
         push(@cc_add, $user) if $cgi->param('addselfcc');

         # We came from show_bug which uses a select box to determine what cc's
         # need to be removed...
         if ($cgi->param('removecc') && $cgi->param('cc')) {
             @cc_remove = $cgi->param('cc');
         }
     }

     $set_all_fields{cc} = { add => \@cc_add, remove => \@cc_remove };
 }

 # Fields that can only be set on one bug at a time.
 if (defined $cgi->param('id')) {
     # Since aliases are unique (like bug numbers), they can only be changed
     # for one bug at a time.
     if (defined $cgi->param('newalias') || defined $cgi->param('removealias')) {
         my @alias_add = split /[, ]+/, $cgi->param('newalias');

         # We came from bug_form which uses a select box to determine what
         # aliases need to be removed...
         my @alias_remove = ();
         if ($cgi->param('removealias') && $cgi->param('alias')) {
             @alias_remove = $cgi->param('alias');
         }

         $set_all_fields{alias} = { add => \@alias_add, remove => \@alias_remove };
     }
 }

 my %is_private;
 foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
     if ($field =~ /(\d+)$/) {
         my $comment_id = $1;
         $is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
     }
 }
 $set_all_fields{comment_is_private} = \%is_private;

 my @check_groups = $cgi->param('defined_groups');
 my @set_groups = $cgi->param('groups');
 my ($removed_groups) = diff_arrays(\@check_groups, \@set_groups);
 $set_all_fields{groups} = { add => \@set_groups, remove => $removed_groups };

 my @custom_fields = Bugzilla->active_custom_fields;
 foreach my $field (@custom_fields) {
     my $fname = $field->name;
     if (should_set($fname, 1)) {
         $set_all_fields{$fname} = [$cgi->param($fname)];
     }
 }

 # We are going to alter the list of removed groups, so we keep a copy here.
 my @unchecked_groups = @$removed_groups;
 foreach my $b (@bug_objects) {
     # Don't blindly ask to remove unchecked groups available in the UI.
     # A group can be already unchecked, and the user didn't try to remove it.
     # In this case, we don't want remove_group() to complain.
     my @remove_groups;
     foreach my $g (@{$b->groups_in}) {
         push(@remove_groups, $g->name) if grep { $_ eq $g->name } @unchecked_groups;
     }
     local $set_all_fields{groups}->{remove} = \@remove_groups;
     $b->set_all(\%set_all_fields);
 }

 if (defined $cgi->param('id')) {
     # Flags should be set AFTER the bug has been moved into another
     # product/component. The structure of flags code doesn't currently
     # allow them to be set using set_all.
     my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi(
         $first_bug, undef, $vars);
     $first_bug->set_flags($flags, $new_flags);

     # Tags can only be set to one bug at once.
     if (should_set('tag')) {
         my @new_tags = grep { trim($_) } split(/,/, $cgi->param('tag'));
         my ($tags_removed, $tags_added) = diff_arrays($first_bug->tags, \@new_tags);
         $first_bug->remove_tag($_) foreach @$tags_removed;
         $first_bug->add_tag($_) foreach @$tags_added;
     }
 }
 else {
     # Update flags on multiple bugs. The cgi params are slightly different
     # than on a single bug, so we need to call a different sub. We also
     # need to call this per bug, since we might be updating a flag in one
     # bug, but adding it to a second bug
     foreach my $b (@bug_objects) {
         my ($flags, $new_flags)
             = Bugzilla::Flag->multi_extract_flags_from_cgi($b, $vars);
         $b->set_flags($flags, $new_flags);
     }
 }

 ##############################
 # Do Actual Database Updates #
 ##############################
 foreach my $bug (@bug_objects) {
     my $changes = $bug->update();

     if ($changes->{'bug_status'}) {
         my $new_status = $changes->{'bug_status'}->[1];
         # We may have zeroed the remaining time, if we moved into a closed
         # status, so we should inform the user about that.
         if (!is_open_state($new_status) && $changes->{'remaining_time'}) {
             $vars->{'message'} = "remaining_time_zeroed"
               if $user->is_timetracker;
         }
     }

     $bug->send_changes($changes, $vars);
 }

 # Delete the session token used for the mass-change.
 delete_token($token) unless $cgi->param('id');

 if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
     # Do nothing.
 }
 elsif ($action eq 'next_bug' or $action eq 'same_bug') {
     my $bug = $vars->{'bug'};
     if ($bug and $user->can_see_bug($bug)) {
         if ($action eq 'same_bug') {
             # $bug->update() does not update the internal structure of
             # the bug sufficiently to display the bug with the new values.
             # (That is, if we just passed in the old Bug object, we'd get
             # a lot of old values displayed.)
             $bug = new Bugzilla::Bug($bug->id);
             $vars->{'bug'} = $bug;
         }
         $vars->{'bugs'} = [$bug];
         if ($action eq 'next_bug') {
             $vars->{'nextbug'} = $bug->id;
         }
         # For performance reasons, preload visibility of dependencies
         # and duplicates related to this bug.
         Bugzilla::Bug->preload([$bug]);

         $template->process("bug/show.html.tmpl", $vars)
           || ThrowTemplateError($template->error());
         exit;
     }
 } elsif ($action ne 'nothing') {
     ThrowCodeError("invalid_post_bug_submit_action");
 }

 # End the response page.
 unless (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
     $template->process("bug/navigate.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
     $template->process("global/footer.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
 }

 1;
	#!/usr/bin/perl -T
	# This Source Code Form is subject to the terms of the Mozilla Public
	# License, v. 2.0. If a copy of the MPL was not distributed with this
	# file, You can obtain one at http://mozilla.org/MPL/2.0/.
	#
	# This Source Code Form is "Incompatible With Secondary Licenses", as
	# defined by the Mozilla Public License, v. 2.0.

	use 5.10.1;
	use strict;
	use warnings;

	use lib qw(. lib);

	use Bugzilla;
	use Bugzilla::Constants;
	use Bugzilla::Bug;
	use Bugzilla::User;
	use Bugzilla::Util;
	use Bugzilla::Error;
	use Bugzilla::Flag;
	use Bugzilla::Status;
	use Bugzilla::Token;

	use List::MoreUtils qw(firstidx);
	use Storable qw(dclone);

	my $user = Bugzilla->login(LOGIN_REQUIRED);

	my $cgi = Bugzilla->cgi;
	my $dbh = Bugzilla->dbh;
	my $template = Bugzilla->template;
	my $vars = {};

	######################################################################
	# Subroutines
	######################################################################

	# Tells us whether or not a field should be changed by process_bug.
	sub should_set {
	# check_defined is used for fields where there's another field
	# whose name starts with "defined_" and then the field name--it's used
	# to know when we did things like empty a multi-select or deselect
	# a checkbox.
	my ($field, $check_defined) = @_;
	my $cgi = Bugzilla->cgi;
	if ( defined $cgi->param($field)
	\|\| ($check_defined && defined $cgi->param("defined_$field")) )
	{
	return 1;
	}
	return 0;
	}

	######################################################################
	# Begin Data/Security Validation
	######################################################################

	# Create a list of objects for all bugs being modified in this request.
	my @bug_objects;
	if (defined $cgi->param('id')) {
	my $bug = Bugzilla::Bug->check_for_edit(scalar $cgi->param('id'));
	$cgi->param('id', $bug->id);
	push(@bug_objects, $bug);
	} else {
	foreach my $i ($cgi->param()) {
	if ($i =~ /^id_([1-9][0-9]*)/) {
	my $id = $1;
	push(@bug_objects, Bugzilla::Bug->check_for_edit($id));
	}
	}
	}

	# Make sure there are bugs to process.
	scalar(@bug_objects) \|\| ThrowUserError("no_bugs_chosen", {action => 'modify'});

	my $first_bug = $bug_objects[0]; # Used when we're only updating a single bug.

	# Delete any parameter set to 'dontchange'.
	if (defined $cgi->param('dontchange')) {
	foreach my $name ($cgi->param) {
	next if $name eq 'dontchange'; # But don't delete dontchange itself!
	# Skip ones we've already deleted (such as "defined_$name").
	next if !defined $cgi->param($name);
	if ($cgi->param($name) eq $cgi->param('dontchange')) {
	$cgi->delete($name);
	$cgi->delete("defined_$name");
	}
	}
	}

	# do a match on the fields if applicable
	Bugzilla::User::match_field({
	'qa_contact' => { 'type' => 'single' },
	'newcc' => { 'type' => 'multi' },
	'masscc' => { 'type' => 'multi' },
	'assigned_to' => { 'type' => 'single' },
	});

	print $cgi->header() unless Bugzilla->usage_mode == USAGE_MODE_EMAIL;

	# Check for a mid-air collision. Currently this only works when updating
	# an individual bug.
	my $delta_ts = $cgi->param('delta_ts') \|\| '';

	if ($delta_ts) {
	my $delta_ts_z = datetime_from($delta_ts)
	or ThrowCodeError('invalid_timestamp', { timestamp => $delta_ts });

	my $first_delta_tz_z = datetime_from($first_bug->delta_ts);

	if ($first_delta_tz_z ne $delta_ts_z) {
	($vars->{'operations'}) = $first_bug->get_activity(undef, $delta_ts);

	# Always sort midair collision comments oldest to newest,
	# regardless of the user's personal preference.
	my $comments = $first_bug->comments({ order => 'oldest_to_newest',
	after => $delta_ts });

	# Show midair if previous changes made other than CC
	# and/or one or more comments were made
	my $do_midair = scalar @$comments ? 1 : 0;

	if (!$do_midair) {
	foreach my $operation (@{ $vars->{'operations'} }) {
	foreach my $change (@{ $operation->{'changes'} }) {
	if ($change->{'fieldname'} ne 'cc') {
	$do_midair = 1;
	last;
	}
	}
	last if $do_midair;
	}
	}

	if ($do_midair) {
	$vars->{'title_tag'} = "mid_air";
	$vars->{'comments'} = $comments;
	$vars->{'bug'} = $first_bug;
	# The token contains the old delta_ts. We need a new one.
	$cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts]));

	# Warn the user about the mid-air collision and ask them what to do.
	$template->process("bug/process/midair.html.tmpl", $vars)
	\|\| ThrowTemplateError($template->error());
	exit;
	}
	}
	}

	# We couldn't do this check earlier as we first had to validate bug IDs
	# and display the mid-air collision page if delta_ts changed.
	# If we do a mass-change, we use session tokens.
	my $token = $cgi->param('token');

	if ($cgi->param('id')) {
	check_hash_token($token, [$first_bug->id, $delta_ts \|\| $first_bug->delta_ts]);
	}
	else {
	check_token_data($token, 'buglist_mass_change', 'query.cgi');
	}

	######################################################################
	# End Data/Security Validation
	######################################################################

	$vars->{'title_tag'} = "bug_processed";

	my $action;
	if (defined $cgi->param('id')) {
	$action = $user->setting('post_bug_submit_action');

	if ($action eq 'next_bug') {
	my $bug_list_obj = $user->recent_search_for($first_bug);
	my @bug_list = $bug_list_obj ? @{$bug_list_obj->bug_list} : ();
	my $cur = firstidx { $_ eq $cgi->param('id') } @bug_list;
	if ($cur >= 0 && $cur < $#bug_list) {
	my $next_bug_id = $bug_list[$cur + 1];
	detaint_natural($next_bug_id);
	if ($next_bug_id and $user->can_see_bug($next_bug_id)) {
	# We create an object here so that $bug->send_changes can use it
	# when displaying the header.
	$vars->{'bug'} = new Bugzilla::Bug($next_bug_id);
	}
	}
	}
	# Include both action = 'same_bug' and 'nothing'.
	else {
	$vars->{'bug'} = $first_bug;
	}
	}
	else {
	# param('id') is not defined when changing multiple bugs at once.
	$action = 'nothing';
	}

	# Component, target_milestone, and version are in here just in case
	# the 'product' field wasn't defined in the CGI. It doesn't hurt to set
	# them twice.
	my @set_fields = qw(op_sys rep_platform priority bug_severity
	component target_milestone version
	bug_file_loc status_whiteboard short_desc
	deadline remaining_time estimated_time
	work_time set_default_assignee set_default_qa_contact
	cclist_accessible reporter_accessible
	product confirm_product_change
	bug_status resolution dup_id bug_ignored);
	push(@set_fields, 'assigned_to') if !$cgi->param('set_default_assignee');
	push(@set_fields, 'qa_contact') if !$cgi->param('set_default_qa_contact');
	my %field_translation = (
	bug_severity => 'severity',
	rep_platform => 'platform',
	short_desc => 'summary',
	bug_file_loc => 'url',
	set_default_assignee => 'reset_assigned_to',
	set_default_qa_contact => 'reset_qa_contact',
	confirm_product_change => 'product_change_confirmed',
	);

	my %set_all_fields = ( other_bugs => \@bug_objects );
	foreach my $field_name (@set_fields) {
	if (should_set($field_name, 1)) {
	my $param_name = $field_translation{$field_name} \|\| $field_name;
	$set_all_fields{$param_name} = $cgi->param($field_name);
	}
	}

	if (should_set('keywords')) {
	my $action = $cgi->param('keywordaction') \|\| '';
	# Backward-compatibility for Bugzilla 3.x and older.
	$action = 'remove' if $action eq 'delete';
	$action = 'set' if $action eq 'makeexact';
	$set_all_fields{keywords}->{$action} = $cgi->param('keywords');
	}
	if (should_set('comment')) {
	$set_all_fields{comment} = {
	body => scalar $cgi->param('comment'),
	is_private => scalar $cgi->param('comment_is_private'),
	};
	}
	if (should_set('see_also')) {
	$set_all_fields{'see_also'}->{add} =
	[split(/[\s]+/, $cgi->param('see_also'))];
	}
	if (should_set('remove_see_also')) {
	$set_all_fields{'see_also'}->{remove} = [$cgi->param('remove_see_also')];
	}
	foreach my $dep_field (qw(dependson blocked)) {
	if (should_set($dep_field)) {
	if (my $dep_action = $cgi->param("${dep_field}_action")) {
	$set_all_fields{$dep_field}->{$dep_action} =
	[split(/[\s,]+/, $cgi->param($dep_field))];
	}
	else {
	$set_all_fields{$dep_field}->{set} = $cgi->param($dep_field);
	}
	}
	}
	# Formulate the CC data into two arrays of users involved in this CC change.
	if (defined $cgi->param('newcc')
	or defined $cgi->param('addselfcc')
	or defined $cgi->param('removecc')
	or defined $cgi->param('masscc'))
	{
	my (@cc_add, @cc_remove);
	# If masscc is defined, then we came from buglist and need to either add or
	# remove cc's... otherwise, we came from show_bug and may need to do both.
	if (defined $cgi->param('masscc')) {
	if ($cgi->param('ccaction') eq 'add') {
	@cc_add = $cgi->param('masscc');
	} elsif ($cgi->param('ccaction') eq 'remove') {
	@cc_remove = $cgi->param('masscc');
	}
	} else {
	@cc_add = $cgi->param('newcc');
	push(@cc_add, $user) if $cgi->param('addselfcc');

	# We came from show_bug which uses a select box to determine what cc's
	# need to be removed...
	if ($cgi->param('removecc') && $cgi->param('cc')) {
	@cc_remove = $cgi->param('cc');
	}
	}

	$set_all_fields{cc} = { add => \@cc_add, remove => \@cc_remove };
	}

	# Fields that can only be set on one bug at a time.
	if (defined $cgi->param('id')) {
	# Since aliases are unique (like bug numbers), they can only be changed
	# for one bug at a time.
	if (defined $cgi->param('newalias') \|\| defined $cgi->param('removealias')) {
	my @alias_add = split /[, ]+/, $cgi->param('newalias');

	# We came from bug_form which uses a select box to determine what
	# aliases need to be removed...
	my @alias_remove = ();
	if ($cgi->param('removealias') && $cgi->param('alias')) {
	@alias_remove = $cgi->param('alias');
	}

	$set_all_fields{alias} = { add => \@alias_add, remove => \@alias_remove };
	}
	}

	my %is_private;
	foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
	if ($field =~ /(\d+)$/) {
	my $comment_id = $1;
	$is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
	}
	}
	$set_all_fields{comment_is_private} = \%is_private;

	my @check_groups = $cgi->param('defined_groups');
	my @set_groups = $cgi->param('groups');
	my ($removed_groups) = diff_arrays(\@check_groups, \@set_groups);
	$set_all_fields{groups} = { add => \@set_groups, remove => $removed_groups };

	my @custom_fields = Bugzilla->active_custom_fields;
	foreach my $field (@custom_fields) {
	my $fname = $field->name;
	if (should_set($fname, 1)) {
	$set_all_fields{$fname} = [$cgi->param($fname)];
	}
	}

	# We are going to alter the list of removed groups, so we keep a copy here.
	my @unchecked_groups = @$removed_groups;
	foreach my $b (@bug_objects) {
	# Don't blindly ask to remove unchecked groups available in the UI.
	# A group can be already unchecked, and the user didn't try to remove it.
	# In this case, we don't want remove_group() to complain.
	my @remove_groups;
	foreach my $g (@{$b->groups_in}) {
	push(@remove_groups, $g->name) if grep { $_ eq $g->name } @unchecked_groups;
	}
	local $set_all_fields{groups}->{remove} = \@remove_groups;
	$b->set_all(\%set_all_fields);
	}

	if (defined $cgi->param('id')) {
	# Flags should be set AFTER the bug has been moved into another
	# product/component. The structure of flags code doesn't currently
	# allow them to be set using set_all.
	my ($flags, $new_flags) = Bugzilla::Flag->extract_flags_from_cgi(
	$first_bug, undef, $vars);
	$first_bug->set_flags($flags, $new_flags);

	# Tags can only be set to one bug at once.
	if (should_set('tag')) {
	my @new_tags = grep { trim($_) } split(/,/, $cgi->param('tag'));
	my ($tags_removed, $tags_added) = diff_arrays($first_bug->tags, \@new_tags);
	$first_bug->remove_tag($_) foreach @$tags_removed;
	$first_bug->add_tag($_) foreach @$tags_added;
	}
	}
	else {
	# Update flags on multiple bugs. The cgi params are slightly different
	# than on a single bug, so we need to call a different sub. We also
	# need to call this per bug, since we might be updating a flag in one
	# bug, but adding it to a second bug
	foreach my $b (@bug_objects) {
	my ($flags, $new_flags)
	= Bugzilla::Flag->multi_extract_flags_from_cgi($b, $vars);
	$b->set_flags($flags, $new_flags);
	}
	}

	##############################
	# Do Actual Database Updates #
	##############################
	foreach my $bug (@bug_objects) {
	my $changes = $bug->update();

	if ($changes->{'bug_status'}) {
	my $new_status = $changes->{'bug_status'}->[1];
	# We may have zeroed the remaining time, if we moved into a closed
	# status, so we should inform the user about that.
	if (!is_open_state($new_status) && $changes->{'remaining_time'}) {
	$vars->{'message'} = "remaining_time_zeroed"
	if $user->is_timetracker;
	}
	}

	$bug->send_changes($changes, $vars);
	}

	# Delete the session token used for the mass-change.
	delete_token($token) unless $cgi->param('id');

	if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
	# Do nothing.
	}
	elsif ($action eq 'next_bug' or $action eq 'same_bug') {
	my $bug = $vars->{'bug'};
	if ($bug and $user->can_see_bug($bug)) {
	if ($action eq 'same_bug') {
	# $bug->update() does not update the internal structure of
	# the bug sufficiently to display the bug with the new values.
	# (That is, if we just passed in the old Bug object, we'd get
	# a lot of old values displayed.)
	$bug = new Bugzilla::Bug($bug->id);
	$vars->{'bug'} = $bug;
	}
	$vars->{'bugs'} = [$bug];
	if ($action eq 'next_bug') {
	$vars->{'nextbug'} = $bug->id;
	}
	# For performance reasons, preload visibility of dependencies
	# and duplicates related to this bug.
	Bugzilla::Bug->preload([$bug]);

	$template->process("bug/show.html.tmpl", $vars)
	\|\| ThrowTemplateError($template->error());
	exit;
	}
	} elsif ($action ne 'nothing') {
	ThrowCodeError("invalid_post_bug_submit_action");
	}

	# End the response page.
	unless (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
	$template->process("bug/navigate.html.tmpl", $vars)
	\|\| ThrowTemplateError($template->error());
	$template->process("global/footer.html.tmpl", $vars)
	\|\| ThrowTemplateError($template->error());
	}

	1;