| #!/usr/bin/perl -wT |
| # -*- Mode: perl; indent-tabs-mode: nil -*- |
| # |
| # The contents of this file are subject to the Mozilla Public |
| # License Version 1.1 (the "License"); you may not use this file |
| # except in compliance with the License. You may obtain a copy of |
| # the License at http://www.mozilla.org/MPL/ |
| # |
| # Software distributed under the License is distributed on an "AS |
| # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or |
| # implied. See the License for the specific language governing |
| # rights and limitations under the License. |
| # |
| # The Original Code is the Bugzilla Bug Tracking System. |
| # |
| # The Initial Developer of the Original Code is Netscape Communications |
| # Corporation. Portions created by Netscape are |
| # Copyright (C) 1998 Netscape Communications Corporation. All |
| # Rights Reserved. |
| # |
| # Contributor(s): Myk Melez <myk@mozilla.org> |
| |
| ################################################################################ |
| # Script Initialization |
| ################################################################################ |
| |
| # Make it harder for us to do dangerous things in Perl. |
| use strict; |
| use lib "."; |
| |
| # Include the Bugzilla CGI and general utility library. |
| require "CGI.pl"; |
| |
| # Use Bugzilla's flag modules for handling flag types. |
| use Bugzilla; |
| use Bugzilla::Constants; |
| use Bugzilla::Flag; |
| use Bugzilla::FlagType; |
| use Bugzilla::User; |
| |
| use vars qw( $template $vars ); |
| |
| # Make sure the user is logged in and is an administrator. |
| Bugzilla->login(LOGIN_REQUIRED); |
| UserInGroup("editcomponents") |
| || ThrowUserError("auth_failure", {group => "editcomponents", |
| action => "edit", |
| object => "flagtypes"}); |
| |
| # Suppress "used only once" warnings. |
| use vars qw(@legal_product @legal_components %components); |
| |
| my $cgi = Bugzilla->cgi; |
| my $product_id; |
| my $component_id; |
| |
| ################################################################################ |
| # Main Body Execution |
| ################################################################################ |
| |
| # All calls to this script should contain an "action" variable whose value |
| # determines what the user wants to do. The code below checks the value of |
| # that variable and runs the appropriate code. |
| |
| # Determine whether to use the action specified by the user or the default. |
| my $action = $cgi->param('action') || 'list'; |
| my @categoryActions; |
| |
| if (@categoryActions = grep(/^categoryAction-.+/, $cgi->param())) { |
| $categoryActions[0] =~ s/^categoryAction-//; |
| processCategoryChange($categoryActions[0]); |
| exit; |
| } |
| |
| if ($action eq 'list') { list(); } |
| elsif ($action eq 'enter') { edit(); } |
| elsif ($action eq 'copy') { edit(); } |
| elsif ($action eq 'edit') { edit(); } |
| elsif ($action eq 'insert') { insert(); } |
| elsif ($action eq 'update') { update(); } |
| elsif ($action eq 'confirmdelete') { confirmDelete(); } |
| elsif ($action eq 'delete') { deleteType(); } |
| elsif ($action eq 'deactivate') { deactivate(); } |
| else { |
| ThrowCodeError("action_unrecognized", { action => $action }); |
| } |
| |
| exit; |
| |
| ################################################################################ |
| # Functions |
| ################################################################################ |
| |
| sub list { |
| # Define the variables and functions that will be passed to the UI template. |
| $vars->{'bug_types'} = |
| Bugzilla::FlagType::match({ 'target_type' => 'bug', |
| 'group' => scalar $cgi->param('group') }, 1); |
| $vars->{'attachment_types'} = |
| Bugzilla::FlagType::match({ 'target_type' => 'attachment', |
| 'group' => scalar $cgi->param('group') }, 1); |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("admin/flag-type/list.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| |
| sub edit { |
| $action eq 'enter' ? validateTargetType() : (my $id = validateID()); |
| |
| # Get this installation's products and components. |
| GetVersionTable(); |
| |
| # products and components and the function used to modify the components |
| # menu when the products menu changes; used by the template to populate |
| # the menus and keep the components menu consistent with the products menu |
| $vars->{'products'} = \@::legal_product; |
| $vars->{'components'} = \@::legal_components; |
| $vars->{'components_by_product'} = \%::components; |
| |
| $vars->{'last_action'} = $cgi->param('action'); |
| if ($cgi->param('action') eq 'enter' || $cgi->param('action') eq 'copy') { |
| $vars->{'action'} = "insert"; |
| } |
| else { |
| $vars->{'action'} = "update"; |
| } |
| |
| # If copying or editing an existing flag type, retrieve it. |
| if ($cgi->param('action') eq 'copy' || $cgi->param('action') eq 'edit') { |
| $vars->{'type'} = Bugzilla::FlagType::get($id); |
| $vars->{'type'}->{'inclusions'} = Bugzilla::FlagType::get_inclusions($id); |
| $vars->{'type'}->{'exclusions'} = Bugzilla::FlagType::get_exclusions($id); |
| # Users want to see group names, not IDs |
| foreach my $group ("grant_gid", "request_gid") { |
| my $gid = $vars->{'type'}->{$group}; |
| next if (!$gid); |
| SendSQL("SELECT name FROM groups WHERE id = $gid"); |
| $vars->{'type'}->{$group} = FetchOneColumn(); |
| } |
| } |
| # Otherwise set the target type (the minimal information about the type |
| # that the template needs to know) from the URL parameter and default |
| # the list of inclusions to all categories. |
| else { |
| my %inclusions; |
| $inclusions{"__Any__:__Any__"} = "0:0"; |
| $vars->{'type'} = { 'target_type' => scalar $cgi->param('target_type'), |
| 'inclusions' => \%inclusions }; |
| } |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("admin/flag-type/edit.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| sub processCategoryChange { |
| my $categoryAction = shift; |
| validateIsActive(); |
| validateIsRequestable(); |
| validateIsRequesteeble(); |
| validateAllowMultiple(); |
| |
| my @inclusions = $cgi->param('inclusions'); |
| my @exclusions = $cgi->param('exclusions'); |
| if ($categoryAction eq 'include') { |
| validateProduct(); |
| validateComponent(); |
| my $category = ($product_id || 0) . ":" . ($component_id || 0); |
| push(@inclusions, $category) unless grep($_ eq $category, @inclusions); |
| } |
| elsif ($categoryAction eq 'exclude') { |
| validateProduct(); |
| validateComponent(); |
| my $category = ($product_id || 0) . ":" . ($component_id || 0); |
| push(@exclusions, $category) unless grep($_ eq $category, @exclusions); |
| } |
| elsif ($categoryAction eq 'removeInclusion') { |
| my @inclusion_to_remove = $cgi->param('inclusion_to_remove'); |
| @inclusions = map {(lsearch(\@inclusion_to_remove, $_) < 0) ? $_ : ()} @inclusions; |
| } |
| elsif ($categoryAction eq 'removeExclusion') { |
| my @exclusion_to_remove = $cgi->param('exclusion_to_remove'); |
| @exclusions = map {(lsearch(\@exclusion_to_remove, $_) < 0) ? $_ : ()} @exclusions; |
| } |
| |
| # Convert the array @clusions('prod_ID:comp_ID') back to a hash of |
| # the form %clusions{'prod_name:comp_name'} = 'prod_ID:comp_ID' |
| my %inclusions = clusion_array_to_hash(\@inclusions); |
| my %exclusions = clusion_array_to_hash(\@exclusions); |
| |
| # Get this installation's products and components. |
| GetVersionTable(); |
| |
| # products and components; used by the template to populate the menus |
| # and keep the components menu consistent with the products menu |
| $vars->{'products'} = \@::legal_product; |
| $vars->{'components'} = \@::legal_components; |
| $vars->{'components_by_product'} = \%::components; |
| |
| $vars->{'action'} = $cgi->param('action'); |
| my $type = {}; |
| foreach my $key ($cgi->param()) { $type->{$key} = $cgi->param($key) } |
| $type->{'inclusions'} = \%inclusions; |
| $type->{'exclusions'} = \%exclusions; |
| $vars->{'type'} = $type; |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("admin/flag-type/edit.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| # Convert the array @clusions('prod_ID:comp_ID') back to a hash of |
| # the form %clusions{'prod_name:comp_name'} = 'prod_ID:comp_ID' |
| sub clusion_array_to_hash { |
| my $array = shift; |
| my %hash; |
| foreach my $ids (@$array) { |
| trick_taint($ids); |
| my ($product_id, $component_id) = split(":", $ids); |
| my $product_name = get_product_name($product_id) || "__Any__"; |
| my $component_name = get_component_name($component_id) || "__Any__"; |
| $hash{"$product_name:$component_name"} = $ids; |
| } |
| return %hash; |
| } |
| |
| sub insert { |
| validateName(); |
| validateDescription(); |
| validateCCList(); |
| validateTargetType(); |
| validateSortKey(); |
| validateIsActive(); |
| validateIsRequestable(); |
| validateIsRequesteeble(); |
| validateAllowMultiple(); |
| validateGroups(); |
| |
| my $dbh = Bugzilla->dbh; |
| |
| my $name = SqlQuote($cgi->param('name')); |
| my $description = SqlQuote($cgi->param('description')); |
| my $cc_list = SqlQuote($cgi->param('cc_list')); |
| my $target_type = $cgi->param('target_type') eq "bug" ? "b" : "a"; |
| |
| $dbh->bz_lock_tables('flagtypes WRITE', 'products READ', |
| 'components READ', 'flaginclusions WRITE', |
| 'flagexclusions WRITE'); |
| |
| # Determine the new flag type's unique identifier. |
| SendSQL("SELECT MAX(id) FROM flagtypes"); |
| my $id = FetchSQLData() + 1; |
| |
| # Insert a record for the new flag type into the database. |
| SendSQL("INSERT INTO flagtypes (id, name, description, cc_list, |
| target_type, sortkey, is_active, is_requestable, |
| is_requesteeble, is_multiplicable, |
| grant_group_id, request_group_id) |
| VALUES ($id, $name, $description, $cc_list, '$target_type', " . |
| $cgi->param('sortkey') . ", " . |
| $cgi->param('is_active') . ", " . |
| $cgi->param('is_requestable') . ", " . |
| $cgi->param('is_requesteeble') . ", " . |
| $cgi->param('is_multiplicable') . ", " . |
| $cgi->param('grant_gid') . ", " . |
| $cgi->param('request_gid') . ")"); |
| |
| # Populate the list of inclusions/exclusions for this flag type. |
| validateAndSubmit($id); |
| |
| $dbh->bz_unlock_tables(); |
| |
| $vars->{'name'} = $cgi->param('name'); |
| $vars->{'message'} = "flag_type_created"; |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("global/message.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| |
| sub update { |
| my $id = validateID(); |
| validateName(); |
| validateDescription(); |
| validateCCList(); |
| validateTargetType(); |
| validateSortKey(); |
| validateIsActive(); |
| validateIsRequestable(); |
| validateIsRequesteeble(); |
| validateAllowMultiple(); |
| validateGroups(); |
| |
| my $dbh = Bugzilla->dbh; |
| |
| my $name = SqlQuote($cgi->param('name')); |
| my $description = SqlQuote($cgi->param('description')); |
| my $cc_list = SqlQuote($cgi->param('cc_list')); |
| |
| $dbh->bz_lock_tables('flagtypes WRITE', 'products READ', |
| 'components READ', 'flaginclusions WRITE', |
| 'flagexclusions WRITE'); |
| SendSQL("UPDATE flagtypes |
| SET name = $name , |
| description = $description , |
| cc_list = $cc_list , |
| sortkey = " . $cgi->param('sortkey') . ", |
| is_active = " . $cgi->param('is_active') . ", |
| is_requestable = " . $cgi->param('is_requestable') . ", |
| is_requesteeble = " . $cgi->param('is_requesteeble') . ", |
| is_multiplicable = " . $cgi->param('is_multiplicable') . ", |
| grant_group_id = " . $cgi->param('grant_gid') . ", |
| request_group_id = " . $cgi->param('request_gid') . " |
| WHERE id = $id"); |
| |
| # Update the list of inclusions/exclusions for this flag type. |
| validateAndSubmit($id); |
| |
| $dbh->bz_unlock_tables(); |
| |
| # Clear existing flags for bugs/attachments in categories no longer on |
| # the list of inclusions or that have been added to the list of exclusions. |
| SendSQL(" |
| SELECT flags.id |
| FROM flags |
| INNER JOIN bugs |
| ON flags.bug_id = bugs.bug_id |
| LEFT OUTER JOIN flaginclusions AS i |
| ON (flags.type_id = i.type_id |
| AND (bugs.product_id = i.product_id OR i.product_id IS NULL) |
| AND (bugs.component_id = i.component_id OR i.component_id IS NULL)) |
| WHERE flags.type_id = $id |
| AND flags.is_active = 1 |
| AND i.type_id IS NULL |
| "); |
| Bugzilla::Flag::clear(FetchOneColumn()) while MoreSQLData(); |
| |
| SendSQL(" |
| SELECT flags.id |
| FROM flags |
| INNER JOIN bugs |
| ON flags.bug_id = bugs.bug_id |
| INNER JOIN flagexclusions AS e |
| ON flags.type_id = e.type_id |
| WHERE flags.type_id = $id |
| AND flags.is_active = 1 |
| AND (bugs.product_id = e.product_id OR e.product_id IS NULL) |
| AND (bugs.component_id = e.component_id OR e.component_id IS NULL) |
| "); |
| Bugzilla::Flag::clear(FetchOneColumn()) while MoreSQLData(); |
| |
| $vars->{'name'} = $cgi->param('name'); |
| $vars->{'message'} = "flag_type_changes_saved"; |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("global/message.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| |
| sub confirmDelete |
| { |
| my $id = validateID(); |
| |
| # check if we need confirmation to delete: |
| |
| my $count = Bugzilla::Flag::count({ 'type_id' => $id, |
| 'is_active' => 1 }); |
| |
| if ($count > 0) { |
| $vars->{'flag_type'} = Bugzilla::FlagType::get($id); |
| $vars->{'flag_count'} = scalar($count); |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| else { |
| deleteType(); |
| } |
| } |
| |
| |
| sub deleteType { |
| my $id = validateID(); |
| my $dbh = Bugzilla->dbh; |
| |
| $dbh->bz_lock_tables('flagtypes WRITE', 'flags WRITE', |
| 'flaginclusions WRITE', 'flagexclusions WRITE'); |
| |
| # Get the name of the flag type so we can tell users |
| # what was deleted. |
| SendSQL("SELECT name FROM flagtypes WHERE id = $id"); |
| $vars->{'name'} = FetchOneColumn(); |
| |
| SendSQL("DELETE FROM flags WHERE type_id = $id"); |
| SendSQL("DELETE FROM flaginclusions WHERE type_id = $id"); |
| SendSQL("DELETE FROM flagexclusions WHERE type_id = $id"); |
| SendSQL("DELETE FROM flagtypes WHERE id = $id"); |
| $dbh->bz_unlock_tables(); |
| |
| $vars->{'message'} = "flag_type_deleted"; |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("global/message.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| |
| sub deactivate { |
| my $id = validateID(); |
| validateIsActive(); |
| |
| my $dbh = Bugzilla->dbh; |
| |
| $dbh->bz_lock_tables('flagtypes WRITE'); |
| SendSQL("UPDATE flagtypes SET is_active = 0 WHERE id = $id"); |
| $dbh->bz_unlock_tables(); |
| |
| $vars->{'message'} = "flag_type_deactivated"; |
| $vars->{'flag_type'} = Bugzilla::FlagType::get($id); |
| |
| # Return the appropriate HTTP response headers. |
| print $cgi->header(); |
| |
| # Generate and return the UI (HTML page) from the appropriate template. |
| $template->process("global/message.html.tmpl", $vars) |
| || ThrowTemplateError($template->error()); |
| } |
| |
| |
| ################################################################################ |
| # Data Validation / Security Authorization |
| ################################################################################ |
| |
| sub validateID { |
| # $flagtype_id is destroyed if detaint_natural fails. |
| my $flagtype_id = $cgi->param('id'); |
| detaint_natural($flagtype_id) |
| || ThrowCodeError("flag_type_id_invalid", |
| { id => scalar $cgi->param('id') }); |
| |
| SendSQL("SELECT 1 FROM flagtypes WHERE id = $flagtype_id"); |
| FetchOneColumn() |
| || ThrowCodeError("flag_type_nonexistent", { id => $flagtype_id }); |
| |
| return $flagtype_id; |
| } |
| |
| sub validateName { |
| $cgi->param('name') |
| && $cgi->param('name') !~ /[ ,]/ |
| && length($cgi->param('name')) <= 50 |
| || ThrowUserError("flag_type_name_invalid", |
| { name => scalar $cgi->param('name') }); |
| } |
| |
| sub validateDescription { |
| length($cgi->param('description')) < 2**16-1 |
| || ThrowUserError("flag_type_description_invalid"); |
| } |
| |
| sub validateCCList { |
| length($cgi->param('cc_list')) <= 200 |
| || ThrowUserError("flag_type_cc_list_invalid", |
| { cc_list => $cgi->param('cc_list') }); |
| |
| my @addresses = split(/[, ]+/, $cgi->param('cc_list')); |
| # We do not call Util::validate_email_syntax because these |
| # addresses do not require to match 'emailregexp' and do not |
| # depend on 'emailsuffix'. So we limit ourselves to a simple |
| # sanity check: |
| # - match the syntax of a fully qualified email address; |
| # - do not contain any illegal character. |
| foreach my $address (@addresses) { |
| ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/ |
| && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) |
| || ThrowUserError('illegal_email_address', |
| {addr => $address, default => 1}); |
| } |
| } |
| |
| sub validateProduct { |
| return if !$cgi->param('product'); |
| |
| $product_id = get_product_id($cgi->param('product')); |
| |
| defined($product_id) |
| || ThrowCodeError("flag_type_product_nonexistent", |
| { product => $cgi->param('product') }); |
| } |
| |
| sub validateComponent { |
| return if !$cgi->param('component'); |
| |
| $product_id |
| || ThrowCodeError("flag_type_component_without_product"); |
| |
| $component_id = get_component_id($product_id, $cgi->param('component')); |
| |
| defined($component_id) |
| || ThrowCodeError("flag_type_component_nonexistent", |
| { product => $cgi->param('product'), |
| name => $cgi->param('component') }); |
| } |
| |
| sub validateSortKey { |
| # $sortkey is destroyed if detaint_natural fails. |
| my $sortkey = $cgi->param('sortkey'); |
| detaint_natural($sortkey) |
| && $sortkey < 32768 |
| || ThrowUserError("flag_type_sortkey_invalid", |
| { sortkey => scalar $cgi->param('sortkey') }); |
| $cgi->param('sortkey', $sortkey); |
| } |
| |
| sub validateTargetType { |
| grep($cgi->param('target_type') eq $_, ("bug", "attachment")) |
| || ThrowCodeError("flag_type_target_type_invalid", |
| { target_type => scalar $cgi->param('target_type') }); |
| } |
| |
| sub validateIsActive { |
| $cgi->param('is_active', $cgi->param('is_active') ? 1 : 0); |
| } |
| |
| sub validateIsRequestable { |
| $cgi->param('is_requestable', $cgi->param('is_requestable') ? 1 : 0); |
| } |
| |
| sub validateIsRequesteeble { |
| $cgi->param('is_requesteeble', $cgi->param('is_requesteeble') ? 1 : 0); |
| } |
| |
| sub validateAllowMultiple { |
| $cgi->param('is_multiplicable', $cgi->param('is_multiplicable') ? 1 : 0); |
| } |
| |
| sub validateGroups { |
| # Convert group names to group IDs |
| foreach my $col ("grant_gid", "request_gid") { |
| my $name = $cgi->param($col); |
| $cgi->param($col, "NULL") unless $name; |
| next if (!$name); |
| SendSQL("SELECT id FROM groups WHERE name = " . SqlQuote($name)); |
| my $gid = FetchOneColumn(); |
| if (!$gid) { |
| ThrowUserError("group_unknown", { name => $name }); |
| } |
| $cgi->param($col, $gid); |
| } |
| } |
| |
| # At this point, values either come the DB itself or have been recently |
| # added by the user and have passed all validation tests. |
| # The only way to have invalid product/component combinations is to |
| # hack the URL. So we silently ignore them, if any. |
| sub validateAndSubmit ($) { |
| my ($id) = @_; |
| my $dbh = Bugzilla->dbh; |
| |
| foreach my $category_type ("inclusions", "exclusions") { |
| # Will be used several times below. |
| my $sth = $dbh->prepare("INSERT INTO flag$category_type " . |
| "(type_id, product_id, component_id) " . |
| "VALUES (?, ?, ?)"); |
| |
| $dbh->do("DELETE FROM flag$category_type WHERE type_id = ?", undef, $id); |
| foreach my $category ($cgi->param($category_type)) { |
| trick_taint($category); |
| my ($product_id, $component_id) = split(":", $category); |
| # The product does not exist. |
| next if ($product_id && !get_product_name($product_id)); |
| # A component was selected without a product being selected. |
| next if (!$product_id && $component_id); |
| # The component does not belong to this product. |
| next if ($component_id |
| && !$dbh->selectrow_array("SELECT id FROM components |
| WHERE id = ? AND product_id = ?", |
| undef, ($component_id, $product_id))); |
| $product_id ||= undef; |
| $component_id ||= undef; |
| $sth->execute($id, $product_id, $component_id); |
| } |
| } |
| } |
