Blame - Websites/bugs.webkit.org/quips.cgi - WebKit

blob: b2790be548f6abaf96f905d0590fdfdb8589394a [file] [log] [blame]

ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	1	#!/usr/bin/perl -T
				2	# This Source Code Form is subject to the terms of the Mozilla Public
				3	# License, v. 2.0. If a copy of the MPL was not distributed with this
				4	# file, You can obtain one at http://mozilla.org/MPL/2.0/.
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	5	#
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	6	# This Source Code Form is "Incompatible With Secondary Licenses", as
				7	# defined by the Mozilla Public License, v. 2.0.
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	8
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	9	use 5.10.1;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	10	use strict;
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	11	use warnings;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	12
ddkilzer@apple.com	097da08	2009-07-03 02:14:25 +0000	[diff] [blame]	13	use lib qw(. lib);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	14
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	15	use Bugzilla;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	16	use Bugzilla::Constants;
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	17	use Bugzilla::Util;
				18	use Bugzilla::Error;
				19	use Bugzilla::User;
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	20	use Bugzilla::Token;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	21
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	22	my $user = Bugzilla->login(LOGIN_REQUIRED);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	23
				24	my $cgi = Bugzilla->cgi;
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	25	my $dbh = Bugzilla->dbh;
				26	my $template = Bugzilla->template;
				27	my $vars = {};
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	28
				29	my $action = $cgi->param('action') \|\| "";
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	30	my $token = $cgi->param('token');
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	31
				32	if ($action eq "show") {
				33	# Read in the entire quip list
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	34	my $quipsref = $dbh->selectall_arrayref(
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	35	"SELECT quipid, userid, quip, approved FROM quips ORDER BY quipid");
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	36
				37	my $quips;
				38	my @quipids;
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	39	foreach my $quipref (@$quipsref) {
				40	my ($quipid, $userid, $quip, $approved) = @$quipref;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	41	$quips->{$quipid} = {'userid' => $userid, 'quip' => $quip,
				42	'approved' => $approved};
				43	push(@quipids, $quipid);
				44	}
				45
				46	my $users;
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	47	my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	48	foreach my $quipid (@quipids) {
				49	my $userid = $quips->{$quipid}{'userid'};
				50	if ($userid && not defined $users->{$userid}) {
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	51	($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	52	}
				53	}
				54	$vars->{'quipids'} = \@quipids;
				55	$vars->{'quips'} = $quips;
				56	$vars->{'users'} = $users;
				57	$vars->{'show_quips'} = 1;
				58	}
				59
				60	if ($action eq "add") {
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	61	(Bugzilla->params->{'quip_list_entry_control'} eq "closed") &&
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	62	ThrowUserError("no_new_quips");
				63
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	64	check_hash_token($token, ['create-quips']);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	65	# Add the quip
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	66	my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open")
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	67	\|\| $user->in_group('bz_quip_moderators') \|\| 0;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	68	my $comment = $cgi->param("quip");
				69	$comment \|\| ThrowUserError("need_quip");
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	70
				71	ThrowUserError("quip_too_long", { length => length($comment) })
				72	if length($comment) > MAX_QUIP_LENGTH;
				73
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	74	trick_taint($comment); # Used in a placeholder below
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	75
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	76	$dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
				77	undef, ($user->id, $comment, $approved));
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	78
				79	$vars->{'added_quip'} = $comment;
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	80	$vars->{'message'} = 'quips_added';
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	81	}
				82
				83	if ($action eq 'approve') {
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	84	$user->in_group('bz_quip_moderators')
				85	\|\| ThrowUserError("auth_failure", {group => "bz_quip_moderators",
ddkilzer@apple.com	097da08	2009-07-03 02:14:25 +0000	[diff] [blame]	86	action => "approve",
				87	object => "quips"});
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	88
				89	check_hash_token($token, ['approve-quips']);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	90	# Read in the entire quip list
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	91	my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
				92
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	93	my %quips;
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	94	foreach my $quipref (@$quipsref) {
				95	my ($quipid, $approved) = @$quipref;
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	96	$quips{$quipid} = $approved;
				97	}
				98
				99	my @approved;
				100	my @unapproved;
				101	foreach my $quipid (keys %quips) {
ddkilzer@apple.com	097da08	2009-07-03 02:14:25 +0000	[diff] [blame]	102	# Must check for each quipid being defined for concurrency and
				103	# automated usage where only one quipid might be defined.
				104	my $quip = $cgi->param("quipid_$quipid") ? 1 : 0;
				105	if(defined($cgi->param("defined_quipid_$quipid"))) {
				106	if($quips{$quipid} != $quip) {
				107	if($quip) {
				108	push(@approved, $quipid);
				109	} else {
				110	push(@unapproved, $quipid);
				111	}
				112	}
				113	}
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	114	}
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	115	$dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	116	join(",", @approved) . ")") if($#approved > -1);
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	117	$dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	118	join(",", @unapproved) . ")") if($#unapproved > -1);
				119	$vars->{ 'approved' } = \@approved;
				120	$vars->{ 'unapproved' } = \@unapproved;
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	121	$vars->{'message'} = 'quips_approved_unapproved';
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	122	}
				123
				124	if ($action eq "delete") {
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	125	$user->in_group('bz_quip_moderators')
				126	\|\| ThrowUserError("auth_failure", {group => "bz_quip_moderators",
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	127	action => "delete",
				128	object => "quips"});
				129	my $quipid = $cgi->param("quipid");
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	130	detaint_natural($quipid) \|\| ThrowUserError("need_quipid");
ddkilzer@apple.com	5777284	2014-10-16 16:00:58 +0000	[diff] [blame]	131	check_hash_token($token, ['quips', $quipid]);
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	132
ddkilzer@apple.com	f3615fc	2009-07-03 02:13:41 +0000	[diff] [blame]	133	($vars->{'deleted_quip'}) = $dbh->selectrow_array(
				134	"SELECT quip FROM quips WHERE quipid = ?",
				135	undef, $quipid);
				136	$dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
ddkilzer@apple.com	8040bb0	2017-03-21 16:27:49 +0000	[diff] [blame]	137	$vars->{'message'} = 'quips_deleted';
timothy@apple.com	f42518d	2008-02-06 20:19:16 +0000	[diff] [blame]	138	}
				139
				140	print $cgi->header();
				141	$template->process("list/quips.html.tmpl", $vars)
				142	\|\| ThrowTemplateError($template->error());