Skip to content

bugzilla
bugzilla
Commit 6a51c4c3 authored by mkanat%bugzilla.org's avatar mkanat%bugzilla.org
Browse files
Options

Bug 502641: Fix various problems that would occur when you would log in from buglist.cgi

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
parent 23ac1fef
Hide whitespace changes
Inline Side-by-side
Showing with 26 additions and 12 deletions
Bugzilla/CGI.pm
View file @ 6a51c4c3
...@@ -141,7 +141,7 @@ sub canonicalise_query { ...@@ -141,7 +141,7 @@ sub canonicalise_query {
sub clean_search_url { sub clean_search_url {
my $self = shift; my $self = shift;
# Delete any empty URL parameter # Delete any empty URL parameter.
my @cgi_params = $self->param; my @cgi_params = $self->param;
foreach my $param (@cgi_params) { foreach my $param (@cgi_params) {
...@@ -161,6 +161,9 @@ sub clean_search_url { ...@@ -161,6 +161,9 @@ sub clean_search_url {
# Delete certain parameters if the associated parameter is empty. # Delete certain parameters if the associated parameter is empty.
$self->delete('bugidtype') if !$self->param('bug_id'); $self->delete('bugidtype') if !$self->param('bug_id');
# Delete leftovers from the login form
$self->delete('Bugzilla_remember', 'GoAheadAndLogIn');
foreach my $num (1,2) { foreach my $num (1,2) {
# If there's no value in the email field, delete the related fields. # If there's no value in the email field, delete the related fields.
if (!$self->param("email$num")) { if (!$self->param("email$num")) {
...@@ -299,6 +302,17 @@ sub param { ...@@ -299,6 +302,17 @@ sub param {
return wantarray ? @result : $result[0]; return wantarray ? @result : $result[0];
} }
# And for various other functions in CGI.pm, we need to correctly
# return the URL parameters in addition to the POST parameters when
# asked for the list of parameters.
elsif (!scalar(@_) && $self->request_method
&& $self->request_method eq 'POST')
{
my @post_params = $self->SUPER::param;
my @url_params = $self->url_param;
my %params = map { $_ => 1 } (@post_params, @url_params);
return keys %params;
}
return $self->SUPER::param(@_); return $self->SUPER::param(@_);
} }
......
buglist.cgi
View file @ 6a51c4c3
...@@ -407,14 +407,14 @@ sub _close_standby_message { ...@@ -407,14 +407,14 @@ sub _close_standby_message {
# Command Execution # Command Execution
################################################################################ ################################################################################
$cgi->param('cmdtype', "") if !defined $cgi->param('cmdtype'); my $cmdtype = $cgi->param('cmdtype') || '';
$cgi->param('remaction', "") if !defined $cgi->param('remaction'); my $remaction = $cgi->param('remaction') || '';
# Backwards-compatibility - the old interface had cmdtype="runnamed" to run # Backwards-compatibility - the old interface had cmdtype="runnamed" to run
# a named command, and we can't break this because it's in bookmarks. # a named command, and we can't break this because it's in bookmarks.
if ($cgi->param('cmdtype') eq "runnamed") { if ($cmdtype eq "runnamed") {
$cgi->param('cmdtype', "dorem"); $cmdtype = "dorem";
$cgi->param('remaction', "run"); $remaction = "run";
} }
# Now we're going to be running, so ensure that the params object is set up, # Now we're going to be running, so ensure that the params object is set up,
...@@ -432,7 +432,7 @@ $params ||= new Bugzilla::CGI($cgi); ...@@ -432,7 +432,7 @@ $params ||= new Bugzilla::CGI($cgi);
my @time = localtime(time()); my @time = localtime(time());
my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3]; my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
my $filename = "bugs-$date.$format->{extension}"; my $filename = "bugs-$date.$format->{extension}";
if ($cgi->param('cmdtype') eq "dorem" && $cgi->param('remaction') =~ /^run/) { if ($cmdtype eq "dorem" && $remaction =~ /^run/) {
$filename = $cgi->param('namedcmd') . "-$date.$format->{extension}"; $filename = $cgi->param('namedcmd') . "-$date.$format->{extension}";
# Remove white-space from the filename so the user cannot tamper # Remove white-space from the filename so the user cannot tamper
# with the HTTP headers. # with the HTTP headers.
...@@ -442,8 +442,8 @@ $filename =~ s/\\/\\\\/g; # escape backslashes ...@@ -442,8 +442,8 @@ $filename =~ s/\\/\\\\/g; # escape backslashes
$filename =~ s/"/\\"/g; # escape quotes $filename =~ s/"/\\"/g; # escape quotes
# Take appropriate action based on user's request. # Take appropriate action based on user's request.
if ($cgi->param('cmdtype') eq "dorem") { if ($cmdtype eq "dorem") {
if ($cgi->param('remaction') eq "run") { if ($remaction eq "run") {
my $query_id; my $query_id;
($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"), ($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"),
scalar $cgi->param('sharer_id')); scalar $cgi->param('sharer_id'));
...@@ -459,14 +459,14 @@ if ($cgi->param('cmdtype') eq "dorem") { ...@@ -459,14 +459,14 @@ if ($cgi->param('cmdtype') eq "dorem") {
$order = $params->param('order') || $order; $order = $params->param('order') || $order;
} }
elsif ($cgi->param('remaction') eq "runseries") { elsif ($remaction eq "runseries") {
$buffer = LookupSeries(scalar $cgi->param("series_id")); $buffer = LookupSeries(scalar $cgi->param("series_id"));
$vars->{'searchname'} = $cgi->param('namedcmd'); $vars->{'searchname'} = $cgi->param('namedcmd');
$vars->{'searchtype'} = "series"; $vars->{'searchtype'} = "series";
$params = new Bugzilla::CGI($buffer); $params = new Bugzilla::CGI($buffer);
$order = $params->param('order') || $order; $order = $params->param('order') || $order;
} }
elsif ($cgi->param('remaction') eq "forget") { elsif ($remaction eq "forget") {
my $user = Bugzilla->login(LOGIN_REQUIRED); my $user = Bugzilla->login(LOGIN_REQUIRED);
# Copy the name into a variable, so that we can trick_taint it for # Copy the name into a variable, so that we can trick_taint it for
# the DB. We know it's safe, because we're using placeholders in # the DB. We know it's safe, because we're using placeholders in
...@@ -530,7 +530,7 @@ if ($cgi->param('cmdtype') eq "dorem") { ...@@ -530,7 +530,7 @@ if ($cgi->param('cmdtype') eq "dorem") {
exit; exit;
} }
} }
elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
if ($cgi->param('remtype') eq "asdefault") { if ($cgi->param('remtype') eq "asdefault") {
my $user = Bugzilla->login(LOGIN_REQUIRED); my $user = Bugzilla->login(LOGIN_REQUIRED);
InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment