Skip to content

bugzilla
bugzilla
Commit bb13cb54 authored by bugreport%peshkin.net's avatar bugreport%peshkin.net
Browse files
Options

Bug 164623 - xml.cgi - attachments is broken and insiders not enforced

2xr=bbaetz
parent 64a4f61f
Hide whitespace changes
Inline Side-by-side
Showing with 118 additions and 108 deletions
Bug.pm
View file @ bb13cb54
...@@ -187,40 +187,39 @@ sub initBug { ...@@ -187,40 +187,39 @@ sub initBug {
} }
} }
&::SendSQL("select attach_id, creation_ts, description &::SendSQL("select attach_id, creation_ts, isprivate, description
from attachments from attachments
where bug_id = $bug_id"); where bug_id = $bug_id");
my @attachments; my @attachments;
while (&::MoreSQLData()) { while (&::MoreSQLData()) {
my ($attachid, $date, $desc) = (&::FetchSQLData()); my ($attachid, $date, $isprivate, $desc) = (&::FetchSQLData());
if ($date =~ /^(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/) { my %attach;
$date = "$3/$4/$2 $5:$6"; $attach{'attachid'} = $attachid;
my %attach; $attach{'isprivate'} = $isprivate;
$attach{'attachid'} = $attachid; $attach{'date'} = $date;
$attach{'date'} = $date; $attach{'desc'} = $desc;
$attach{'desc'} = $desc; push @attachments, \%attach;
push @attachments, \%attach; }
if (@attachments) {
$self->{'attachments'} = \@attachments;
} }
}
if (@attachments) {
$self->{'attachments'} = \@attachments;
}
&::SendSQL("select bug_id, who, bug_when, thetext &::SendSQL("select bug_id, who, bug_when, isprivate, thetext
from longdescs from longdescs
where bug_id = $bug_id"); where bug_id = $bug_id");
my @longdescs; my @longdescs;
while (&::MoreSQLData()) { while (&::MoreSQLData()) {
my ($bug_id, $who, $bug_when, $thetext) = (&::FetchSQLData()); my ($bug_id, $who, $bug_when, $isprivate, $thetext) = (&::FetchSQLData());
my %longdesc; my %longdesc;
$longdesc{'who'} = $who; $longdesc{'who'} = $who;
$longdesc{'bug_when'} = $bug_when; $longdesc{'bug_when'} = $bug_when;
$longdesc{'thetext'} = $thetext; $longdesc{'isprivate'} = $isprivate;
push @longdescs, \%longdesc; $longdesc{'thetext'} = $thetext;
} push @longdescs, \%longdesc;
if (@longdescs) { }
$self->{'longdescs'} = \@longdescs; if (@longdescs) {
} $self->{'longdescs'} = \@longdescs;
}
my @depends = EmitDependList("blocked", "dependson", $bug_id); my @depends = EmitDependList("blocked", "dependson", $bug_id);
if (@depends) { if (@depends) {
...@@ -271,34 +270,40 @@ sub emitXML { ...@@ -271,34 +270,40 @@ sub emitXML {
} }
} }
if (defined $self->{'longdescs'}) { if (defined $self->{'longdescs'}) {
for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) {
$xml .= " <long_desc>\n"; next if ($self->{'longdescs'}[$i]->{'isprivate'}
$xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) && &::Param("insidergroup")
. "</who>\n"; && !&::UserInGroup(&::Param("insidergroup")));
$xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} $xml .= " <long_desc>\n";
. "</bug_when>\n"; $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'})
$xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) . "</who>\n";
. "</thetext>\n"; $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'}
$xml .= " </long_desc>\n"; . "</bug_when>\n";
$xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'})
. "</thetext>\n";
$xml .= " </long_desc>\n";
}
} }
}
if (defined $self->{'attachments'}) { if (defined $self->{'attachments'}) {
for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) {
$xml .= " <attachment>\n"; next if ($self->{'attachments'}[$i]->{'isprivate'}
$xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} && &::Param("insidergroup")
. "</attachid>\n"; && !&::UserInGroup(&::Param("insidergroup")));
$xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; $xml .= " <attachment>\n";
$xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'}
# $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; . "</attachid>\n";
# $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n";
$xml .= " </attachment>\n"; $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n";
# $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n";
# $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n";
$xml .= " </attachment>\n";
}
} }
}
$xml .= "</bug>\n"; $xml .= "</bug>\n";
return $xml; return $xml;
} }
sub EmitDependList { sub EmitDependList {
......
Bugzilla/Bug.pm
View file @ bb13cb54
...@@ -187,40 +187,39 @@ sub initBug { ...@@ -187,40 +187,39 @@ sub initBug {
} }
} }
&::SendSQL("select attach_id, creation_ts, description &::SendSQL("select attach_id, creation_ts, isprivate, description
from attachments from attachments
where bug_id = $bug_id"); where bug_id = $bug_id");
my @attachments; my @attachments;
while (&::MoreSQLData()) { while (&::MoreSQLData()) {
my ($attachid, $date, $desc) = (&::FetchSQLData()); my ($attachid, $date, $isprivate, $desc) = (&::FetchSQLData());
if ($date =~ /^(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/) { my %attach;
$date = "$3/$4/$2 $5:$6"; $attach{'attachid'} = $attachid;
my %attach; $attach{'isprivate'} = $isprivate;
$attach{'attachid'} = $attachid; $attach{'date'} = $date;
$attach{'date'} = $date; $attach{'desc'} = $desc;
$attach{'desc'} = $desc; push @attachments, \%attach;
push @attachments, \%attach; }
if (@attachments) {
$self->{'attachments'} = \@attachments;
} }
}
if (@attachments) {
$self->{'attachments'} = \@attachments;
}
&::SendSQL("select bug_id, who, bug_when, thetext &::SendSQL("select bug_id, who, bug_when, isprivate, thetext
from longdescs from longdescs
where bug_id = $bug_id"); where bug_id = $bug_id");
my @longdescs; my @longdescs;
while (&::MoreSQLData()) { while (&::MoreSQLData()) {
my ($bug_id, $who, $bug_when, $thetext) = (&::FetchSQLData()); my ($bug_id, $who, $bug_when, $isprivate, $thetext) = (&::FetchSQLData());
my %longdesc; my %longdesc;
$longdesc{'who'} = $who; $longdesc{'who'} = $who;
$longdesc{'bug_when'} = $bug_when; $longdesc{'bug_when'} = $bug_when;
$longdesc{'thetext'} = $thetext; $longdesc{'isprivate'} = $isprivate;
push @longdescs, \%longdesc; $longdesc{'thetext'} = $thetext;
} push @longdescs, \%longdesc;
if (@longdescs) { }
$self->{'longdescs'} = \@longdescs; if (@longdescs) {
} $self->{'longdescs'} = \@longdescs;
}
my @depends = EmitDependList("blocked", "dependson", $bug_id); my @depends = EmitDependList("blocked", "dependson", $bug_id);
if (@depends) { if (@depends) {
...@@ -271,34 +270,40 @@ sub emitXML { ...@@ -271,34 +270,40 @@ sub emitXML {
} }
} }
if (defined $self->{'longdescs'}) { if (defined $self->{'longdescs'}) {
for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) { for (my $i=0 ; $i < @{$self->{'longdescs'}} ; $i++) {
$xml .= " <long_desc>\n"; next if ($self->{'longdescs'}[$i]->{'isprivate'}
$xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'}) && &::Param("insidergroup")
. "</who>\n"; && !&::UserInGroup(&::Param("insidergroup")));
$xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'} $xml .= " <long_desc>\n";
. "</bug_when>\n"; $xml .= " <who>" . &::DBID_to_name($self->{'longdescs'}[$i]->{'who'})
$xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'}) . "</who>\n";
. "</thetext>\n"; $xml .= " <bug_when>" . $self->{'longdescs'}[$i]->{'bug_when'}
$xml .= " </long_desc>\n"; . "</bug_when>\n";
$xml .= " <thetext>" . QuoteXMLChars($self->{'longdescs'}[$i]->{'thetext'})
. "</thetext>\n";
$xml .= " </long_desc>\n";
}
} }
}
if (defined $self->{'attachments'}) { if (defined $self->{'attachments'}) {
for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) { for (my $i=0 ; $i < @{$self->{'attachments'}} ; $i++) {
$xml .= " <attachment>\n"; next if ($self->{'attachments'}[$i]->{'isprivate'}
$xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'} && &::Param("insidergroup")
. "</attachid>\n"; && !&::UserInGroup(&::Param("insidergroup")));
$xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n"; $xml .= " <attachment>\n";
$xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n"; $xml .= " <attachid>" . $self->{'attachments'}[$i]->{'attachid'}
# $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n"; . "</attachid>\n";
# $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n"; $xml .= " <date>" . $self->{'attachments'}[$i]->{'date'} . "</date>\n";
$xml .= " </attachment>\n"; $xml .= " <desc>" . QuoteXMLChars($self->{'attachments'}[$i]->{'desc'}) . "</desc>\n";
# $xml .= " <type>" . $self->{'attachments'}[$i]->{'type'} . "</type>\n";
# $xml .= " <data>" . $self->{'attachments'}[$i]->{'data'} . "</data>\n";
$xml .= " </attachment>\n";
}
} }
}
$xml .= "</bug>\n"; $xml .= "</bug>\n";
return $xml; return $xml;
} }
sub EmitDependList { sub EmitDependList {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment