Skip to content

bugzilla
bugzilla
Commit 8f6ab920 authored by myk%mozilla.org's avatar myk%mozilla.org
Browse files
Options

Fix for bug 109048: fixes error when creating attachments without logging in.

Patch by Myk Melez <myk@mozilla.org>. r=bbaetz,gerv
parent 5e6e016a
Show whitespace changes
Inline Side-by-side
Showing with 4 additions and 3 deletions
attachment.cgi
View file @ 8f6ab920
...@@ -91,11 +91,13 @@ elsif ($action eq "viewall") ...@@ -91,11 +91,13 @@ elsif ($action eq "viewall")
} }
elsif ($action eq "enter") elsif ($action eq "enter")
{ {
confirm_login();
ValidateBugID($::FORM{'bugid'}); ValidateBugID($::FORM{'bugid'});
enter(); enter();
} }
elsif ($action eq "insert") elsif ($action eq "insert")
{ {
confirm_login();
ValidateBugID($::FORM{'bugid'}); ValidateBugID($::FORM{'bugid'});
validateFilename(); validateFilename();
validateData(); validateData();
...@@ -472,12 +474,11 @@ sub insert ...@@ -472,12 +474,11 @@ sub insert
my $filename = SqlQuote($::FILE{'data'}->{'filename'}); my $filename = SqlQuote($::FILE{'data'}->{'filename'});
my $description = SqlQuote($::FORM{'description'}); my $description = SqlQuote($::FORM{'description'});
my $contenttype = SqlQuote($::FORM{'contenttype'}); my $contenttype = SqlQuote($::FORM{'contenttype'});
my $submitterid = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'});
my $thedata = SqlQuote($::FORM{'data'}); my $thedata = SqlQuote($::FORM{'data'});
# Insert the attachment into the database. # Insert the attachment into the database.
SendSQL("INSERT INTO attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata) SendSQL("INSERT INTO attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata)
VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $submitterid, $thedata)"); VALUES ($::FORM{'bugid'}, $filename, $description, $contenttype, $::FORM{'ispatch'}, $::userid, $thedata)");
# Retrieve the ID of the newly created attachment record. # Retrieve the ID of the newly created attachment record.
SendSQL("SELECT LAST_INSERT_ID()"); SendSQL("SELECT LAST_INSERT_ID()");
...@@ -501,7 +502,7 @@ sub insert ...@@ -501,7 +502,7 @@ sub insert
foreach my $attachid (@{$::MFORM{'obsolete'}}) { foreach my $attachid (@{$::MFORM{'obsolete'}}) {
SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid"); SendSQL("UPDATE attachments SET isobsolete = 1 WHERE attach_id = $attachid");
SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) SendSQL("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added)
VALUES ($::FORM{'bugid'}, $attachid, $submitterid, NOW(), $fieldid, '0', '1')"); VALUES ($::FORM{'bugid'}, $attachid, $::userid, NOW(), $fieldid, '0', '1')");
} }
# Send mail to let people know the attachment has been created. Uses a # Send mail to let people know the attachment has been created. Uses a
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment