Websites/bugs.webkit.org/quips.cgi - WebKit - Git at Google

 #!/usr/bin/perl -T
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 #
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.

 use 5.10.1;
 use strict;
 use warnings;

 use lib qw(. lib);

 use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::User;
 use Bugzilla::Token;

 my $user = Bugzilla->login(LOGIN_REQUIRED);

 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

 my $action = $cgi->param('action') || "";
 my $token = $cgi->param('token');

 if ($action eq "show") {
     # Read in the entire quip list
     my $quipsref = $dbh->selectall_arrayref(
                        "SELECT quipid, userid, quip, approved FROM quips ORDER BY quipid");

     my $quips;
     my @quipids;
     foreach my $quipref (@$quipsref) {
         my ($quipid, $userid, $quip, $approved) = @$quipref;
         $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip,
                              'approved' => $approved};
         push(@quipids, $quipid);
     }

     my $users;
     my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
     foreach my $quipid (@quipids) {
         my $userid = $quips->{$quipid}{'userid'};
         if ($userid && not defined $users->{$userid}) {
             ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
         }
     }
     $vars->{'quipids'} = \@quipids;
     $vars->{'quips'} = $quips;
     $vars->{'users'} = $users;
     $vars->{'show_quips'} = 1;
 }

 if ($action eq "add") {
     (Bugzilla->params->{'quip_list_entry_control'} eq "closed") &&
       ThrowUserError("no_new_quips");

     check_hash_token($token, ['create-quips']);
     # Add the quip
     my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open")
                    || $user->in_group('bz_quip_moderators') || 0;
     my $comment = $cgi->param("quip");
     $comment || ThrowUserError("need_quip");

     ThrowUserError("quip_too_long", { length => length($comment) })
         if length($comment) > MAX_QUIP_LENGTH;

     trick_taint($comment); # Used in a placeholder below

     $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
              undef, ($user->id, $comment, $approved));

     $vars->{'added_quip'} = $comment;
     $vars->{'message'} = 'quips_added';
 }

 if ($action eq 'approve') {
     $user->in_group('bz_quip_moderators')
       || ThrowUserError("auth_failure", {group  => "bz_quip_moderators",
                                          action => "approve",
                                          object => "quips"});

     check_hash_token($token, ['approve-quips']);
     # Read in the entire quip list
     my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");

     my %quips;
     foreach my $quipref (@$quipsref) {
         my ($quipid, $approved) = @$quipref;
         $quips{$quipid} = $approved;
     }

     my @approved;
     my @unapproved;
     foreach my $quipid (keys %quips) {
         # Must check for each quipid being defined for concurrency and
         # automated usage where only one quipid might be defined.
         my $quip = $cgi->param("quipid_$quipid") ? 1 : 0;
         if(defined($cgi->param("defined_quipid_$quipid"))) {
             if($quips{$quipid} != $quip) {
                 if($quip) {
                     push(@approved, $quipid);
                 } else {
                     push(@unapproved, $quipid);
                 }
             }
         }
     }
     $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
             join(",", @approved) . ")") if($#approved > -1);
     $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
             join(",", @unapproved) . ")") if($#unapproved > -1);
     $vars->{ 'approved' }   = \@approved;
     $vars->{ 'unapproved' } = \@unapproved;
     $vars->{'message'} = 'quips_approved_unapproved';
 }

 if ($action eq "delete") {
     $user->in_group('bz_quip_moderators')
       || ThrowUserError("auth_failure", {group  => "bz_quip_moderators",
                                          action => "delete",
                                          object => "quips"});
     my $quipid = $cgi->param("quipid");
     detaint_natural($quipid) || ThrowUserError("need_quipid");
     check_hash_token($token, ['quips', $quipid]);

     ($vars->{'deleted_quip'}) = $dbh->selectrow_array(
                                     "SELECT quip FROM quips WHERE quipid = ?",
                                     undef, $quipid);
     $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
     $vars->{'message'} = 'quips_deleted';
 }

 print $cgi->header();
 $template->process("list/quips.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
	#!/usr/bin/perl -T
	# This Source Code Form is subject to the terms of the Mozilla Public
	# License, v. 2.0. If a copy of the MPL was not distributed with this
	# file, You can obtain one at http://mozilla.org/MPL/2.0/.
	#
	# This Source Code Form is "Incompatible With Secondary Licenses", as
	# defined by the Mozilla Public License, v. 2.0.

	use 5.10.1;
	use strict;
	use warnings;

	use lib qw(. lib);

	use Bugzilla;
	use Bugzilla::Constants;
	use Bugzilla::Util;
	use Bugzilla::Error;
	use Bugzilla::User;
	use Bugzilla::Token;

	my $user = Bugzilla->login(LOGIN_REQUIRED);

	my $cgi = Bugzilla->cgi;
	my $dbh = Bugzilla->dbh;
	my $template = Bugzilla->template;
	my $vars = {};

	my $action = $cgi->param('action') \|\| "";
	my $token = $cgi->param('token');

	if ($action eq "show") {
	# Read in the entire quip list
	my $quipsref = $dbh->selectall_arrayref(
	"SELECT quipid, userid, quip, approved FROM quips ORDER BY quipid");

	my $quips;
	my @quipids;
	foreach my $quipref (@$quipsref) {
	my ($quipid, $userid, $quip, $approved) = @$quipref;
	$quips->{$quipid} = {'userid' => $userid, 'quip' => $quip,
	'approved' => $approved};
	push(@quipids, $quipid);
	}

	my $users;
	my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
	foreach my $quipid (@quipids) {
	my $userid = $quips->{$quipid}{'userid'};
	if ($userid && not defined $users->{$userid}) {
	($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
	}
	}
	$vars->{'quipids'} = \@quipids;
	$vars->{'quips'} = $quips;
	$vars->{'users'} = $users;
	$vars->{'show_quips'} = 1;
	}

	if ($action eq "add") {
	(Bugzilla->params->{'quip_list_entry_control'} eq "closed") &&
	ThrowUserError("no_new_quips");

	check_hash_token($token, ['create-quips']);
	# Add the quip
	my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open")
	\|\| $user->in_group('bz_quip_moderators') \|\| 0;
	my $comment = $cgi->param("quip");
	$comment \|\| ThrowUserError("need_quip");

	ThrowUserError("quip_too_long", { length => length($comment) })
	if length($comment) > MAX_QUIP_LENGTH;

	trick_taint($comment); # Used in a placeholder below

	$dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
	undef, ($user->id, $comment, $approved));

	$vars->{'added_quip'} = $comment;
	$vars->{'message'} = 'quips_added';
	}

	if ($action eq 'approve') {
	$user->in_group('bz_quip_moderators')
	\|\| ThrowUserError("auth_failure", {group => "bz_quip_moderators",
	action => "approve",
	object => "quips"});

	check_hash_token($token, ['approve-quips']);
	# Read in the entire quip list
	my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");

	my %quips;
	foreach my $quipref (@$quipsref) {
	my ($quipid, $approved) = @$quipref;
	$quips{$quipid} = $approved;
	}

	my @approved;
	my @unapproved;
	foreach my $quipid (keys %quips) {
	# Must check for each quipid being defined for concurrency and
	# automated usage where only one quipid might be defined.
	my $quip = $cgi->param("quipid_$quipid") ? 1 : 0;
	if(defined($cgi->param("defined_quipid_$quipid"))) {
	if($quips{$quipid} != $quip) {
	if($quip) {
	push(@approved, $quipid);
	} else {
	push(@unapproved, $quipid);
	}
	}
	}
	}
	$dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
	join(",", @approved) . ")") if($#approved > -1);
	$dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
	join(",", @unapproved) . ")") if($#unapproved > -1);
	$vars->{ 'approved' } = \@approved;
	$vars->{ 'unapproved' } = \@unapproved;
	$vars->{'message'} = 'quips_approved_unapproved';
	}

	if ($action eq "delete") {
	$user->in_group('bz_quip_moderators')
	\|\| ThrowUserError("auth_failure", {group => "bz_quip_moderators",
	action => "delete",
	object => "quips"});
	my $quipid = $cgi->param("quipid");
	detaint_natural($quipid) \|\| ThrowUserError("need_quipid");
	check_hash_token($token, ['quips', $quipid]);

	($vars->{'deleted_quip'}) = $dbh->selectrow_array(
	"SELECT quip FROM quips WHERE quipid = ?",
	undef, $quipid);
	$dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
	$vars->{'message'} = 'quips_deleted';
	}

	print $cgi->header();
	$template->process("list/quips.html.tmpl", $vars)
	\|\| ThrowTemplateError($template->error());