";
+ return Data::Dumper::Dumper($self);
}
1;
diff --git a/Bugzilla/Component.pm b/Bugzilla/Component.pm
index 9bc0a4493..d5a6ece5d 100644
--- a/Bugzilla/Component.pm
+++ b/Bugzilla/Component.pm
@@ -148,7 +148,8 @@ sub remove_from_db {
$dbh->bz_start_transaction();
# Products must have at least one component.
- if (scalar(@{$self->product->components}) == 1) {
+ my @components = @{ $self->product->components };
+ if (scalar(@components) == 1) {
ThrowUserError('component_is_last', { comp => $self });
}
@@ -165,6 +166,8 @@ sub remove_from_db {
ThrowUserError('component_has_bugs', {nb => $self->bug_count});
}
}
+ # Update the list of components in the product object.
+ $self->product->{components} = [grep { $_->id != $self->id } @components];
$self->SUPER::remove_from_db();
$dbh->bz_commit_transaction();
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index b4ff803bd..458616701 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -16,10 +16,9 @@ use autodie qw(:default);
use Bugzilla::Constants;
use Bugzilla::Hook;
-use Bugzilla::Util qw(trick_taint);
+use Bugzilla::Util qw(trick_taint read_text write_text);
use JSON::XS;
-use File::Slurp;
use File::Temp;
use File::Basename;
@@ -284,7 +283,7 @@ sub write_params {
my $param_file = bz_locations()->{'datadir'} . '/params.json';
my $json_data = JSON::XS->new->canonical->pretty->encode($param_data);
- write_file($param_file, { binmode => ':utf8', atomic => 1 }, \$json_data);
+ write_text($param_file, $json_data);
# It's not common to edit parameters and loading
# Bugzilla::Install::Filesystem is slow.
@@ -301,8 +300,8 @@ sub read_param_file {
my $file = bz_locations()->{'datadir'} . '/params.json';
if (-e $file) {
- my $data;
- read_file($file, binmode => ':utf8', buf_ref => \$data);
+ my $data = read_text($file);
+ trick_taint($data);
# If params.json has been manually edited and e.g. some quotes are
# missing, we don't want JSON::XS to leak the content of the file
@@ -315,7 +314,13 @@ sub read_param_file {
}
# JSON::XS doesn't detaint data for us.
foreach my $key (keys %params) {
- trick_taint($params{$key}) if defined $params{$key};
+ if (ref($params{$key}) eq "ARRAY") {
+ foreach my $item (@{$params{$key}}) {
+ trick_taint($item);
+ }
+ } else {
+ trick_taint($params{$key}) if defined $params{$key};
+ }
}
}
elsif ($ENV{'SERVER_SOFTWARE'}) {
diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm
index e8dfe3e9d..bd9b0bf84 100644
--- a/Bugzilla/Config/Common.pm
+++ b/Bugzilla/Config/Common.pm
@@ -45,7 +45,10 @@ sub check_multi {
return "";
}
elsif ($param->{'type'} eq 'm' || $param->{'type'} eq 'o') {
- foreach my $chkParam (split(',', $value)) {
+ if (ref($value) ne "ARRAY") {
+ $value = [split(',', $value)]
+ }
+ foreach my $chkParam (@$value) {
unless (scalar(grep {$_ eq $chkParam} (@{$param->{'choices'}}))) {
return "Invalid choice '$chkParam' for multi-select list param '$param->{'name'}'";
}
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 89198251d..0e50f82fc 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -200,11 +200,11 @@ use Memoize;
# CONSTANTS
#
# Bugzilla version
-use constant BUGZILLA_VERSION => "5.0.1";
+use constant BUGZILLA_VERSION => "5.0.4.1";
# A base link to the current REST Documentation. We place it here
# as it will need to be updated to whatever the current release is.
-use constant REST_DOC => "http://www.bugzilla.org/docs/tip/en/html/api/";
+use constant REST_DOC => 'https://bugzilla.readthedocs.org/en/5.0/api/';
# Location of the remote and local XML files to track new releases.
use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
@@ -508,16 +508,42 @@ use constant INSTALLATION_MODE_NON_INTERACTIVE => 1;
use constant DB_MODULE => {
# MySQL 5.0.15 was the first production 5.0.x release.
'mysql' => {db => 'Bugzilla::DB::Mysql', db_version => '5.0.15',
- dbd => {
+ db_blocklist => ['^[89]\.'],
+ # the following is a "human-readable" version to show in the
+ # release notes
+ db_blklst_str => '>= 8.0',
+ dbd => {
package => 'DBD-mysql',
module => 'DBD::mysql',
# Disallow development versions
- blacklist => ['_'],
+ blocklist => ['_'],
# For UTF-8 support. 4.001 makes sure that blobs aren't
# marked as UTF-8.
version => '4.001',
},
name => 'MySQL'},
+
+ # MariaDB is a drop-in replacement for MySQL and works with Bugzilla
+ 'mariadb' => {db => 'Bugzilla::DB::Mysql', db_version => '5.1',
+ # MariaDB is indistinguishable from MySQL, but skipped 8 and
+ # 9 so blocklist it anyway in case someone has the driver set
+ # to mariadb but actually has MySQL.
+ db_blocklist => ['^[89]\.'],
+ # no string to show the user on the release notes though.
+ dbd => {
+ package => 'DBD-mysql',
+ module => 'DBD::mysql',
+
+ # Disallow development versions
+ blocklist => ['_'],
+
+ # For UTF-8 support. 4.001 makes sure that blobs aren't
+ # marked as UTF-8.
+ version => '4.001',
+ },
+ name => 'MariaDB'
+ },
+
# Also see Bugzilla::DB::Pg::bz_check_server_version, which has special
# code to require DBD::Pg 2.17.2 for PostgreSQL 9 and above.
'pg' => {db => 'Bugzilla::DB::Pg', db_version => '8.03.0000',
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 6c9a29ebb..f59a32feb 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -204,17 +204,33 @@ sub bz_check_server_version {
$self->disconnect;
my $sql_want = $db->{db_version};
+ my $sql_dontwant = exists $db->{db_blocklist} ? $db->{db_blocklist} : [];
my $version_ok = vers_cmp($sql_vers, $sql_want) > -1 ? 1 : 0;
+ my $blocklisted;
+ if ($version_ok) {
+ $blocklisted = grep($sql_vers =~ /$_/, @$sql_dontwant);
+ $version_ok = 0 if $blocklisted;
+ }
my $sql_server = $db->{name};
if ($output) {
Bugzilla::Install::Requirements::_checking_for({
package => $sql_server, wanted => $sql_want,
- found => $sql_vers, ok => $version_ok });
+ found => $sql_vers, ok => $version_ok,
+ blocklisted => $blocklisted });
}
# Check what version of the database server is installed and let
# the user know if the version is too old to be used with Bugzilla.
+ if ($blocklisted) {
+ die <quote($fragment);
+
+ return $self->sql_position($quoted, $column) . " > 0";
+}
+
+sub sql_ilike {
+ my ($self, $fragment, $column) = @_;
+
+ my $quoted = $self->quote($fragment);
+
+ return $self->sql_iposition($quoted, $column) . " > 0";
+}
+
+sub sql_not_ilike {
+ my ($self, $fragment, $column) = @_;
+
+ my $quoted = $self->quote($fragment);
+
+ return $self->sql_iposition($quoted, $column) . " = 0";
+}
+
+
sub sql_group_by {
my ($self, $needed_columns, $optional_columns) = @_;
@@ -2014,6 +2055,73 @@ Formatted SQL for substring search (scalar)
Just like L, but case-insensitive.
+=item C
+
+=over
+
+=item B
+
+Outputs SQL to search for an instance of a string (fragment)
+in a table column (column).
+
+Note that the fragment must not be quoted. L will
+quote the fragment itself.
+
+This is a case sensitive search.
+
+Note: This does not necessarily generate an ANSI LIKE statement, but
+could be overridden to do so in a database subclass if required.
+
+=item B
+
+=over
+
+=item C<$fragment> - the string fragment that we are searching for (scalar)
+
+=item C<$column> - the column to search
+
+=back
+
+=item B
+
+Formatted SQL to return results from columns that contain the fragment.
+
+=back
+
+=item C
+
+Just like L, but case-insensitive.
+
+=item C
+
+=over
+
+=item B
+
+Outputs SQL to search for columns (column) that I contain
+instances of the string (fragment).
+
+Note that the fragment must not be quoted. L will
+quote the fragment itself.
+
+This is a case insensitive search.
+
+=item B
+
+=over
+
+=item C<$fragment> - the string fragment that we are searching for (scalar)
+
+=item C<$column> - the column to search
+
+=back
+
+=item B
+
+Formated sql to return results from columns that do not contain the fragment
+
+=back
+
=item C
=over
diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm
index a950c575f..cbf8d7af1 100644
--- a/Bugzilla/DB/Pg.pm
+++ b/Bugzilla/DB/Pg.pm
@@ -126,6 +126,36 @@ sub sql_position {
return "POSITION(${fragment}::text IN ${text}::text)";
}
+sub sql_like {
+ my ($self, $fragment, $column, $not) = @_;
+ $not //= '';
+
+ return "${column}::text $not LIKE " . $self->sql_like_escape($fragment) . " ESCAPE '|'";
+}
+
+sub sql_ilike {
+ my ($self, $fragment, $column, $not) = @_;
+ $not //= '';
+
+ return "${column}::text $not ILIKE " . $self->sql_like_escape($fragment) . " ESCAPE '|'";
+}
+
+sub sql_not_ilike {
+ return shift->sql_ilike(@_, 'NOT');
+}
+
+# Escapes any % or _ characters which are special in a LIKE match.
+# Also performs a $dbh->quote to escape any quote characters.
+sub sql_like_escape {
+ my ($self, $fragment) = @_;
+
+ $fragment =~ s/\|/\|\|/g; # escape the escape character if it appears
+ $fragment =~ s/%/\|%/g; # percent and underscore are the special match
+ $fragment =~ s/_/\|_/g; # characters in SQL.
+
+ return $self->quote("%$fragment%");
+}
+
sub sql_regexp {
my ($self, $expr, $pattern, $nocheck, $real_pattern) = @_;
$real_pattern ||= $pattern;
@@ -448,6 +478,39 @@ sub bz_table_list_real {
1;
+=head2 Functions
+
+=over
+
+=item C
+
+=over
+
+=item B
+
+The postgres versions of the sql_like methods use the ANSI SQL LIKE
+statements to perform substring searching. To prevent issues with
+users attempting to search for strings containing special characters
+associated with LIKE, we escape them out so they don't affect the search
+terms.
+
+=item B
+
+=over
+
+=item C<$fragment> - The string fragment in need of escaping and quoting
+
+=back
+
+=item B
+
+The fragment with any pre existing %,_,| characters escaped out, wrapped in
+percent characters and quoted.
+
+=back
+
+=back
+
=head1 B
=over
@@ -462,6 +525,12 @@ sub bz_table_list_real {
=item sql_position
+=item sql_like
+
+=item sql_ilike
+
+=item sql_not_ilike
+
=item sql_limit
=item sql_not_regexp
diff --git a/Bugzilla/DB/Schema/Mysql.pm b/Bugzilla/DB/Schema/Mysql.pm
index 0195fcb06..7ff8ade9f 100644
--- a/Bugzilla/DB/Schema/Mysql.pm
+++ b/Bugzilla/DB/Schema/Mysql.pm
@@ -316,7 +316,7 @@ sub column_info_to_column {
$default = 0 if $default =~ /^0\.0+$/;
# If we're not a number, we're a string and need to be
# quoted.
- $default = $dbh->quote($default) if !($default =~ /^(-)?(\d+)(.\d+)?$/);
+ $default = $dbh->quote($default) if !($default =~ /^(-)?([0-9]+)(\.[0-9]+)?$/);
$column->{DEFAULT} = $default;
}
}
diff --git a/Bugzilla/DB/Sqlite.pm b/Bugzilla/DB/Sqlite.pm
index ddafc1696..a56ed31ad 100644
--- a/Bugzilla/DB/Sqlite.pm
+++ b/Bugzilla/DB/Sqlite.pm
@@ -219,6 +219,7 @@ sub sql_date_format {
my ($self, $date, $format) = @_;
$format = "%Y.%m.%d %H:%M:%S" if !$format;
$format =~ s/\%i/\%M/g;
+ $format =~ s/\%s/\%S/g;
return "STRFTIME(" . $self->quote($format) . ", $date)";
}
diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index 07b78e366..f7a50f7f1 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -383,6 +383,7 @@ sub create {
my $dbh = Bugzilla->dbh;
my $silently = delete $params->{silently};
+ my $use_in_all_products = delete $params->{use_in_all_products};
if (Bugzilla->usage_mode == USAGE_MODE_CMDLINE and !$silently) {
print get_text('install_group_create', { name => $params->{name} }),
"\n";
@@ -406,6 +407,14 @@ sub create {
$sth->execute($admin->id, $group->id, GROUP_VISIBLE);
}
+ # Permit all existing products to use the new group if requested.
+ if ($use_in_all_products) {
+ $dbh->do('INSERT INTO group_control_map
+ (group_id, product_id, membercontrol, othercontrol)
+ SELECT ?, products.id, ?, ? FROM products',
+ undef, ($group->id, CONTROLMAPSHOWN, CONTROLMAPNA));
+ }
+
$group->_rederive_regexp() if $group->user_regexp;
Bugzilla::Hook::process('group_end_of_create', { group => $group });
@@ -524,8 +533,11 @@ provides, in addition to any methods documented below.
Note that in addition to what L
normally does, this function also makes the new group be inherited
-by the C group. That is, the C group will automatically
-be a member of this group.
+by the C group and optionally inserts access controls for
+this group into all existing products. That is, the C group
+will automatically be a member of this group and bugs for all
+products may optionally be restricted to this group by group
+members.
=item C
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index 96f14ec0f..ed2539251 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -729,6 +729,9 @@ sub update_table_definitions {
# 2014-11-10 dkl@mozilla.com - Bug 1093928
$dbh->bz_drop_column('longdescs', 'is_markdown');
+ # 2015-12-16 LpSolit@gmail.com - Bug 1232578
+ _sanitize_audit_log_table();
+
################################################################
# New --TABLE-- changes should go *** A B O V E *** this point #
################################################################
@@ -3914,6 +3917,30 @@ sub _update_alias {
$dbh->bz_drop_column('bugs', 'alias');
}
+sub _sanitize_audit_log_table {
+ my $dbh = Bugzilla->dbh;
+
+ # Replace hashed passwords by a generic comment.
+ my $class = 'Bugzilla::User';
+ my $field = 'cryptpassword';
+
+ my $hashed_passwd =
+ $dbh->selectcol_arrayref('SELECT added FROM audit_log WHERE class = ? AND field = ?
+ AND ' . $dbh->sql_not_ilike('hashed_with_', 'added'),
+ undef, ($class, $field));
+ if (@$hashed_passwd) {
+ say "Sanitizing hashed passwords stored in the 'audit_log' table...";
+ my $sth = $dbh->prepare('UPDATE audit_log SET added = ?
+ WHERE class = ? AND field = ? AND added = ?');
+
+ foreach my $passwd (@$hashed_passwd) {
+ my (undef, $sanitized_passwd) =
+ Bugzilla::Object::_sanitize_audit_log($class, $field, [undef, $passwd]);
+ $sth->execute($sanitized_passwd, $class, $field, $passwd);
+ }
+ }
+}
+
1;
__END__
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index cf0a5b0ca..d30ae18dc 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -31,7 +31,6 @@ use File::Path;
use File::Basename;
use File::Copy qw(move);
use File::Spec;
-use File::Slurp;
use IO::File;
use POSIX ();
@@ -52,12 +51,7 @@ use constant HT_DEFAULT_DENY => <= 2.4>
-
- Deny from all
-
-
- Require all denied
-
+ Require all denied
@@ -359,12 +353,7 @@ EOT
Allow from all
= 2.4>
-
- Allow from all
-
-
- Require all granted
-
+ Require all granted
@@ -378,12 +367,7 @@ EOT
Deny from all
= 2.4>
-
- Deny from all
-
-
- Require all denied
-
+ Require all denied
@@ -403,14 +387,8 @@ EOT
Deny from all
= 2.4>
-
- Allow from 192.20.225.0/24
- Deny from all
-
-
- Require ip 192.20.225.0/24
- Require all denied
-
+ Require ip 192.20.225.0/24
+ Require all denied
@@ -426,12 +404,7 @@ EOT
Allow from all
= 2.4>
-
- Allow from all
-
-
- Require all granted
-
+ Require all granted
@@ -445,12 +418,7 @@ EOT
Deny from all
= 2.4>
-
- Deny from all
-
-
- Require all denied
-
+ Require all denied
@@ -467,12 +435,7 @@ EOT
Allow from all
= 2.4>
-
- Allow from all
-
-
- Require all granted
-
+ Require all granted
@@ -486,12 +449,7 @@ EOT
Deny from all
= 2.4>
-
- Deny from all
-
-
- Require all denied
-
+ Require all denied
@@ -577,7 +535,7 @@ sub update_filesystem {
# Remove old assets htaccess file to force recreation with correct values.
if (-e "$assetsdir/.htaccess") {
- if (read_file("$assetsdir/.htaccess") =~ //) {
+ if (read_text("$assetsdir/.htaccess") =~ //) {
unlink("$assetsdir/.htaccess");
}
}
@@ -823,22 +781,21 @@ sub _update_old_charts {
# to product IDs.
sub _update_old_mining_filenames {
my ($miningdir) = @_;
+ my $dbh = Bugzilla->dbh;
my @conversion_errors;
- require Bugzilla::Product;
-
# We use a dummy product instance with ID 0, representing all products
my $product_all = {id => 0, name => '-All-'};
- bless($product_all, 'Bugzilla::Product');
print "Updating old charting data file names...";
- my @products = Bugzilla::Product->get_all();
+ my @products = @{ $dbh->selectall_arrayref('SELECT id, name FROM products
+ ORDER BY name', {Slice=>{}}) };
push(@products, $product_all);
foreach my $product (@products) {
- if (-e File::Spec->catfile($miningdir, $product->id)) {
+ if (-e File::Spec->catfile($miningdir, $product->{id})) {
push(@conversion_errors,
{ product => $product,
- message => 'A file named "' . $product->id .
+ message => 'A file named "' . $product->{id} .
'" already exists.' });
}
}
@@ -846,8 +803,8 @@ sub _update_old_mining_filenames {
if (! @conversion_errors) {
# Renaming mining files should work now without a hitch.
foreach my $product (@products) {
- if (! rename(File::Spec->catfile($miningdir, $product->name),
- File::Spec->catfile($miningdir, $product->id))) {
+ if (! rename(File::Spec->catfile($miningdir, $product->{name}),
+ File::Spec->catfile($miningdir, $product->{id}))) {
push(@conversion_errors,
{ product => $product,
message => $! });
@@ -863,7 +820,7 @@ sub _update_old_mining_filenames {
print " FAILED:\n";
foreach my $error (@conversion_errors) {
printf "Cannot rename charting data file for product %d (%s): %s\n",
- $error->{product}->id, $error->{product}->name,
+ $error->{product}->{id}, $error->{product}->{name},
$error->{message};
}
print "You need to empty the \"$miningdir\" directory, then run\n",
diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm
index a688a0ffa..8d7ccfbc7 100644
--- a/Bugzilla/Install/Requirements.pm
+++ b/Bugzilla/Install/Requirements.pm
@@ -78,8 +78,8 @@ use constant APACHE_PATH => [qw(
# installed or not. "version" is the version we need, or 0 if we'll accept
# any version.
#
-# "blacklist" is an arrayref of regular expressions that describe versions that
-# are 'blacklisted'--that is, even if the version is high enough, Bugzilla
+# "blocklist" is an arrayref of regular expressions that describe versions that
+# are 'blocklisted'--that is, even if the version is high enough, Bugzilla
# will refuse to say that it's OK to run with that version.
sub REQUIRED_MODULES {
my @modules = (
@@ -121,10 +121,12 @@ sub REQUIRED_MODULES {
version => ($^V >= v5.13.3) ? '1.614' : '1.54'
},
# 2.24 contains several useful text virtual methods.
+ # 2.28-3.007 are broken, see https://bugzilla.mozilla.org/show_bug.cgi?id=1560873
{
package => 'Template-Toolkit',
module => 'Template',
- version => '2.24'
+ version => '2.24',
+ blacklist => ['^2.2[89]$', '^3.00[0-7]$']
},
# 1.300011 has a debug mode for SMTP and automatically pass -i to sendmail.
{
@@ -138,6 +140,11 @@ sub REQUIRED_MODULES {
# This fixes a memory leak in walk_parts that affected jobqueue.pl.
version => '1.904'
},
+ {
+ package => 'Email-Address',
+ module => 'Email::Address',
+ version => 0,
+ },
{
package => 'URI',
module => 'URI',
@@ -155,11 +162,6 @@ sub REQUIRED_MODULES {
module => 'Math::Random::ISAAC',
version => '1.0.1',
},
- {
- package => 'File-Slurp',
- module => 'File::Slurp',
- version => '9999.13',
- },
{
package => 'JSON-XS',
module => 'JSON::XS',
@@ -291,7 +293,7 @@ sub OPTIONAL_MODULES {
# throwing warnings with Perl 5.12.
version => '0.712',
# SOAP::Transport::HTTP 1.12 is bogus.
- blacklist => ['^1\.12$'],
+ blocklist => ['^1\.12$'],
feature => ['xmlrpc'],
},
# Since SOAP::Lite 1.0, XMLRPC::Lite is no longer included
@@ -734,16 +736,16 @@ sub have_vers {
# Must do a string comparison as $vnum may be of the form 5.10.1.
my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0;
- my $blacklisted;
- if ($vok && $params->{blacklist}) {
- $blacklisted = grep($vnum =~ /$_/, @{$params->{blacklist}});
- $vok = 0 if $blacklisted;
+ my $blocklisted;
+ if ($vok && $params->{blocklist}) {
+ $blocklisted = grep($vnum =~ /$_/, @{$params->{blocklist}});
+ $vok = 0 if $blocklisted;
}
if ($output) {
_checking_for({
package => $package, ok => $vok, wanted => $wanted,
- found => $vnum, blacklisted => $blacklisted
+ found => $vnum, blocklisted => $blocklisted
});
}
@@ -752,8 +754,8 @@ sub have_vers {
sub _checking_for {
my ($params) = @_;
- my ($package, $ok, $wanted, $blacklisted, $found) =
- @$params{qw(package ok wanted blacklisted found)};
+ my ($package, $ok, $wanted, $blocklisted, $found) =
+ @$params{qw(package ok wanted blocklisted found)};
my $ok_string = $ok ? install_string('module_ok') : '';
@@ -780,10 +782,10 @@ sub _checking_for {
$ok_string = install_string('module_not_found');
}
- my $black_string = $blacklisted ? install_string('blacklisted') : '';
+ my $block_string = $blocklisted ? install_string('blocklisted') : '';
my $want_string = $wanted ? "v$wanted" : install_string('any');
- my $str = sprintf "%s %20s %-11s $ok_string $black_string\n",
+ my $str = sprintf "%s %20s %-11s $ok_string $block_string\n",
install_string('checking_for'), $package, "($want_string)";
print $ok ? $str : colored($str, COLOR_ERROR);
}
diff --git a/Bugzilla/JobQueue.pm b/Bugzilla/JobQueue.pm
index d5ceda8e9..6ff85d84f 100644
--- a/Bugzilla/JobQueue.pm
+++ b/Bugzilla/JobQueue.pm
@@ -14,8 +14,8 @@ use warnings;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Install::Util qw(install_string);
+use Bugzilla::Util qw(read_text);
use File::Basename;
-use File::Slurp;
use base qw(TheSchwartz);
use fields qw(_worker_pidfile);
@@ -124,7 +124,7 @@ sub subprocess_worker {
# And poll the PID to detect when the working has finished.
# We do this instead of system() to allow for the INT signal to
# interrup us and trigger kill_worker().
- my $pid = read_file($self->{_worker_pidfile}, err_mode => 'quiet');
+ my $pid = read_text($self->{_worker_pidfile}, err_mode => 'quiet');
if ($pid) {
sleep(3) while(kill(0, $pid));
}
@@ -139,7 +139,7 @@ sub subprocess_worker {
sub kill_worker {
my $self = Bugzilla->job_queue();
if ($self->{_worker_pidfile} && -e $self->{_worker_pidfile}) {
- my $worker_pid = read_file($self->{_worker_pidfile});
+ my $worker_pid = read_text($self->{_worker_pidfile});
if ($worker_pid && kill(0, $worker_pid)) {
$self->debug("Stopping worker process");
system "$0 -f -p '" . $self->{_worker_pidfile} . "' stop";
diff --git a/Bugzilla/MIME.pm b/Bugzilla/MIME.pm
new file mode 100644
index 000000000..d6046198f
--- /dev/null
+++ b/Bugzilla/MIME.pm
@@ -0,0 +1,121 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+package Bugzilla::MIME;
+
+use 5.10.1;
+use strict;
+use warnings;
+
+use parent qw(Email::MIME);
+
+sub new {
+ my ($class, $msg, $args) = @_;
+ state $use_utf8 = Bugzilla->params->{'utf8'};
+
+ # Template-Toolkit trims trailing newlines, which is problematic when
+ # parsing headers.
+ $msg =~ s/\n*$/\n/;
+
+ # Because the encoding headers are not present in our email templates, we
+ # need to treat them as binary UTF-8 when parsing.
+ my ($in_header, $has_type, $has_encoding, $has_body) = (1);
+ foreach my $line (split(/\n/, $msg)) {
+ if ($line eq '') {
+ $in_header = 0;
+ next;
+ }
+ if (!$in_header) {
+ $has_body = 1;
+ last;
+ }
+ $has_type = 1 if $line =~ /^Content-Type:/i;
+ $has_encoding = 1 if $line =~ /^Content-Transfer-Encoding:/i;
+ }
+ if ($has_body) {
+ if (!$has_type && $use_utf8) {
+ $msg = qq#Content-Type: text/plain; charset="UTF-8"\n# . $msg;
+ }
+ if (!$has_encoding) {
+ $msg = qq#Content-Transfer-Encoding: binary\n# . $msg;
+ }
+ }
+ if ($use_utf8 && utf8::is_utf8($msg)) {
+ utf8::encode($msg);
+ }
+
+ # RFC 2822 requires us to have CRLF for our line endings and
+ # Email::MIME doesn't do this for us. We use \015 (CR) and \012 (LF)
+ # directly because Perl translates "\n" depending on what platform
+ # you're running on. See http://perldoc.perl.org/perlport.html#Newlines
+ $msg =~ s/(?:\015+)?\012/\015\012/msg;
+
+ return $class->SUPER::new($msg, $args);
+}
+
+sub as_string {
+ my $self = shift;
+ state $use_utf8 = Bugzilla->params->{'utf8'};
+
+ # We add this header to uniquely identify all email that we
+ # send as coming from this Bugzilla installation.
+ #
+ # We don't use correct_urlbase, because we want this URL to
+ # *always* be the same for this Bugzilla, in every email,
+ # even if the admin changes the "ssl_redirect" parameter some day.
+ $self->header_set('X-Bugzilla-URL', Bugzilla->params->{'urlbase'});
+
+ # We add this header to mark the mail as "auto-generated" and
+ # thus to hopefully avoid auto replies.
+ $self->header_set('Auto-Submitted', 'auto-generated');
+
+ # MIME-Version must be set otherwise some mailsystems ignore the charset
+ $self->header_set('MIME-Version', '1.0') if !$self->header('MIME-Version');
+
+ # Encode the headers correctly.
+ foreach my $header ($self->header_names) {
+ my @values = $self->header($header);
+ map { utf8::decode($_) if defined($_) && !utf8::is_utf8($_) } @values;
+
+ $self->header_str_set($header, @values);
+ }
+
+ # Ensure the character-set and encoding is set correctly on single part
+ # emails. Multipart emails should have these already set when the parts
+ # are assembled.
+ if (scalar($self->parts) == 1) {
+ $self->charset_set('UTF-8') if $use_utf8;
+ $self->encoding_set('quoted-printable');
+ }
+
+ # Ensure we always return the encoded string
+ my $value = $self->SUPER::as_string();
+ if ($use_utf8 && utf8::is_utf8($value)) {
+ utf8::encode($value);
+ }
+
+ return $value;
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::MIME - Wrapper around Email::MIME for unifying MIME related
+workarounds.
+
+=head1 SYNOPSIS
+
+ use Bugzilla::MIME;
+ my $email = Bugzilla::MIME->new($message, $args);
+
+=head1 DESCRIPTION
+
+Bugzilla::MIME subclasses Email::MIME and performs various fixes when parsing
+and generating email.
diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm
index 196c57ec0..d7c23f857 100644
--- a/Bugzilla/Mailer.pm
+++ b/Bugzilla/Mailer.pm
@@ -12,22 +12,85 @@ use strict;
use warnings;
use parent qw(Exporter);
-@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker);
+@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker generate_email);
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Hook;
+use Bugzilla::MIME;
use Bugzilla::Util;
+use Bugzilla::User;
+use Encode qw();
use Date::Format qw(time2str);
-use Encode qw(encode);
-use Encode::MIME::Header;
-use Email::MIME;
use Email::Sender::Simple qw(sendmail);
use Email::Sender::Transport::SMTP::Persistent;
use Bugzilla::Sender::Transport::Sendmail;
+sub generate_email {
+ my ($vars, $templates) = @_;
+ my ($lang, $email_format, $msg_text, $msg_html, $msg_header);
+ state $use_utf8 = Bugzilla->params->{'utf8'};
+
+ if ($vars->{to_user}) {
+ $lang = $vars->{to_user}->setting('lang');
+ $email_format = $vars->{to_user}->setting('email_format');
+ } else {
+ # If there are users in the CC list who don't have an account,
+ # use the default language for email notifications.
+ $lang = Bugzilla::User->new()->setting('lang');
+ # However we cannot fall back to the default email_format, since
+ # it may be HTML, and many of the includes used in the HTML
+ # template require a valid user object. Instead we fall back to
+ # the plaintext template.
+ $email_format = 'text_only';
+ }
+
+ my $template = Bugzilla->template_inner($lang);
+
+ $template->process($templates->{header}, $vars, \$msg_header)
+ || ThrowTemplateError($template->error());
+ $template->process($templates->{text}, $vars, \$msg_text)
+ || ThrowTemplateError($template->error());
+
+ my @parts = (
+ Bugzilla::MIME->create(
+ attributes => {
+ content_type => 'text/plain',
+ charset => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
+ encoding => 'quoted-printable',
+ },
+ body_str => $msg_text,
+ encode_check => Encode::FB_DEFAULT
+ )
+ );
+ if ($templates->{html} && $email_format eq 'html') {
+ $template->process($templates->{html}, $vars, \$msg_html)
+ || ThrowTemplateError($template->error());
+ push @parts, Bugzilla::MIME->create(
+ attributes => {
+ content_type => 'text/html',
+ charset => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
+ encoding => 'quoted-printable',
+ },
+ body_str => $msg_html,
+ encode_check => Encode::FB_DEFAULT
+ );
+ }
+
+ my $email = Bugzilla::MIME->new($msg_header);
+ if (scalar(@parts) == 1) {
+ $email->content_type_set($parts[0]->content_type);
+ } else {
+ $email->content_type_set('multipart/alternative');
+ # Some mail clients need same encoding for each part, even empty ones.
+ $email->charset_set('UTF-8') if $use_utf8;
+ }
+ $email->parts_set(\@parts);
+ return $email;
+}
+
sub MessageToMTA {
my ($msg, $send_now) = (@_);
my $method = Bugzilla->params->{'mail_delivery_method'};
@@ -43,18 +106,7 @@ sub MessageToMTA {
my $dbh = Bugzilla->dbh;
- my $email;
- if (ref $msg) {
- $email = $msg;
- }
- else {
- # RFC 2822 requires us to have CRLF for our line endings and
- # Email::MIME doesn't do this for us. We use \015 (CR) and \012 (LF)
- # directly because Perl translates "\n" depending on what platform
- # you're running on. See http://perldoc.perl.org/perlport.html#Newlines
- $msg =~ s/(?:\015+)?\012/\015\012/msg;
- $email = new Email::MIME($msg);
- }
+ my $email = ref($msg) ? $msg : Bugzilla::MIME->new($msg);
# If we're called from within a transaction, we don't want to send the
# email immediately, in case the transaction is rolled back. Instead we
@@ -71,39 +123,6 @@ sub MessageToMTA {
return;
}
- # We add this header to uniquely identify all email that we
- # send as coming from this Bugzilla installation.
- #
- # We don't use correct_urlbase, because we want this URL to
- # *always* be the same for this Bugzilla, in every email,
- # even if the admin changes the "ssl_redirect" parameter some day.
- $email->header_set('X-Bugzilla-URL', Bugzilla->params->{'urlbase'});
-
- # We add this header to mark the mail as "auto-generated" and
- # thus to hopefully avoid auto replies.
- $email->header_set('Auto-Submitted', 'auto-generated');
-
- # MIME-Version must be set otherwise some mailsystems ignore the charset
- $email->header_set('MIME-Version', '1.0') if !$email->header('MIME-Version');
-
- # Encode the headers correctly in quoted-printable
- foreach my $header ($email->header_names) {
- my @values = $email->header($header);
- # We don't recode headers that happen multiple times.
- next if scalar(@values) > 1;
- if (my $value = $values[0]) {
- if (Bugzilla->params->{'utf8'} && !utf8::is_utf8($value)) {
- utf8::decode($value);
- }
-
- # avoid excessive line wrapping done by Encode.
- local $Encode::Encoding{'MIME-Q'}->{'bpl'} = 998;
-
- my $encoded = encode('MIME-Q', $value);
- $email->header_set($header, $encoded);
- }
- }
-
my $from = $email->header('From');
my $hostname;
@@ -148,29 +167,6 @@ sub MessageToMTA {
return if $email->header('to') eq '';
- $email->walk_parts(sub {
- my ($part) = @_;
- return if $part->parts > 1; # Top-level
- my $content_type = $part->content_type || '';
- $content_type =~ /charset=['"](.+)['"]/;
- # If no charset is defined or is the default us-ascii,
- # then we encode the email to UTF-8 if Bugzilla has utf8 enabled.
- # XXX - This is a hack to workaround bug 723944.
- if (!$1 || $1 eq 'us-ascii') {
- my $body = $part->body;
- if (Bugzilla->params->{'utf8'}) {
- $part->charset_set('UTF-8');
- # encoding_set works only with bytes, not with utf8 strings.
- my $raw = $part->body_raw;
- if (utf8::is_utf8($raw)) {
- utf8::encode($raw);
- $part->body_set($raw);
- }
- }
- $part->encoding_set('quoted-printable') if !is_7bit_clean($body);
- }
- });
-
if ($method eq "Test") {
my $filename = bz_locations()->{'datadir'} . '/mailer.testfile';
open TESTFILE, '>>', $filename;
@@ -242,6 +238,10 @@ Bugzilla::Mailer - Provides methods for sending email
=over
+=item C
+
+Generates a multi-part email message, using the supplied list of templates.
+
=item C
Sends the passed message to the mail transfer agent.
diff --git a/Bugzilla/Migrate.pm b/Bugzilla/Migrate.pm
index 0731d4fed..7865c842d 100644
--- a/Bugzilla/Migrate.pm
+++ b/Bugzilla/Migrate.pm
@@ -403,7 +403,7 @@ sub parse_date {
}
my $tz;
if ($time[6]) {
- $tz = Bugzilla->local_timezone->offset_as_string($time[6]);
+ $tz = DateTime::TimeZone->offset_as_string($time[6]);
}
else {
$tz = $self->config('timezone');
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 8f25e2b20..d43c8ca34 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -599,11 +599,29 @@ sub audit_log {
foreach my $field (keys %$changes) {
# Skip private changes.
next if $field =~ /^_/;
- my ($from, $to) = @{ $changes->{$field} };
+ my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field});
$sth->execute($user_id, $class, $self->id, $field, $from, $to);
}
}
+sub _sanitize_audit_log {
+ my ($self, $field, $changes) = @_;
+ my $class = ref($self) || $self;
+
+ # Do not store hashed passwords. Only record the algorithm used to encode them.
+ if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') {
+ foreach my $passwd (@$changes) {
+ next unless $passwd;
+ my $algorithm = 'unknown_algorithm';
+ if ($passwd =~ /{([^}]+)}$/) {
+ $algorithm = $1;
+ }
+ $passwd = "hashed_with_$algorithm";
+ }
+ }
+ return @$changes;
+}
+
sub flatten_to_hash {
my $self = shift;
my $class = blessed($self);
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 30ebc7c6c..0c0cb458d 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -22,7 +22,6 @@ use Bugzilla::Milestone;
use Bugzilla::Field;
use Bugzilla::Status;
use Bugzilla::Install::Requirements;
-use Bugzilla::Mailer;
use Bugzilla::Series;
use Bugzilla::Hook;
use Bugzilla::FlagType;
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 8097d5fb8..646f949f5 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1628,7 +1628,8 @@ sub _special_parse_email {
my $email = trim($params->{"email$id"});
next if !$email;
my $type = $params->{"emailtype$id"} || 'anyexact';
- $type = "anyexact" if $type eq "exact";
+ # for backward compatibility
+ $type = "equals" if $type eq "exact";
my $or_clause = new Bugzilla::Search::Clause('OR');
foreach my $field (qw(assigned_to reporter cc qa_contact)) {
@@ -2126,9 +2127,7 @@ sub _substring_terms {
# split each term on spaces and commas anyway.
my @words = split(/[\s,]+/, $args->{value});
@words = grep { defined $_ and $_ ne '' } @words;
- @words = map { $dbh->quote($_) } @words;
- my @terms = map { $dbh->sql_iposition($_, $args->{full_field}) . " > 0" }
- @words;
+ my @terms = map { $dbh->sql_ilike($_, $args->{full_field}) } @words;
return @terms;
}
@@ -3154,28 +3153,26 @@ sub _simple_operator {
sub _casesubstring {
my ($self, $args) = @_;
- my ($full_field, $quoted) = @$args{qw(full_field quoted)};
+ my ($full_field, $value) = @$args{qw(full_field value)};
my $dbh = Bugzilla->dbh;
-
- $args->{term} = $dbh->sql_position($quoted, $full_field) . " > 0";
+
+ $args->{term} = $dbh->sql_like($value, $full_field);
}
sub _substring {
my ($self, $args) = @_;
- my ($full_field, $quoted) = @$args{qw(full_field quoted)};
+ my ($full_field, $value) = @$args{qw(full_field value)};
my $dbh = Bugzilla->dbh;
-
- # XXX This should probably be changed to just use LIKE
- $args->{term} = $dbh->sql_iposition($quoted, $full_field) . " > 0";
+
+ $args->{term} = $dbh->sql_ilike($value, $full_field);
}
sub _notsubstring {
my ($self, $args) = @_;
- my ($full_field, $quoted) = @$args{qw(full_field quoted)};
+ my ($full_field, $value) = @$args{qw(full_field value)};
my $dbh = Bugzilla->dbh;
-
- # XXX This should probably be changed to just use NOT LIKE
- $args->{term} = $dbh->sql_iposition($quoted, $full_field) . " = 0";
+
+ $args->{term} = $dbh->sql_not_ilike($value, $full_field);
}
sub _regexp {
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 80f091f8c..decffe1e8 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -32,7 +32,6 @@ use Digest::MD5 qw(md5_hex);
use File::Basename qw(basename dirname);
use File::Find;
use File::Path qw(rmtree mkpath);
-use File::Slurp;
use File::Spec;
use IO::Dir;
use List::MoreUtils qw(firstidx);
@@ -232,7 +231,7 @@ sub quoteUrls {
~$1$2~igx;
# attachment links
- $text =~ s~\b(attachment$s*\#?$s*(\d+)(?:$s+\[details\])?)
+ $text =~ s~\b(attachment$s*\#?$s*([0-9]+)(?:$s+\[details\])?)
~($things[$count++] = get_attachment_link($2, $1, $user)) &&
("\x{FDD2}" . ($count-1) . "\x{FDD3}")
~egmxi;
@@ -245,9 +244,9 @@ sub quoteUrls {
# Also, we can't use $bug_re?$comment_re? because that will match the
# empty string
my $bug_word = template_var('terms')->{bug};
- my $bug_re = qr/\Q$bug_word\E$s*\#?$s*(\d+)/i;
+ my $bug_re = qr/\Q$bug_word\E$s*\#?$s*([0-9]+)/i;
my $comment_word = template_var('terms')->{comment};
- my $comment_re = qr/(?:\Q$comment_word\E|comment)$s*\#?$s*(\d+)/i;
+ my $comment_re = qr/(?:\Q$comment_word\E|comment)$s*\#?$s*([0-9]+)/i;
$text =~ s~\b($bug_re(?:$s*,?$s*$comment_re)?|$comment_re)
~ # We have several choices. $1 here is the link, and $2-4 are set
# depending on which part matched
@@ -261,29 +260,29 @@ sub quoteUrls {
my $bugs_word = template_var('terms')->{bugs};
my $bugs_re = qr/\Q$bugs_word\E$s*\#?$s*
- \d+(?:$s*,$s*\#?$s*\d+)+/ix;
+ [0-9]+(?:$s*,$s*\#?$s*[0-9]+)+/ix;
$text =~ s{($bugs_re)}{
my $match = $1;
- $match =~ s/((?:#$s*)?(\d+))/get_bug_link($2, $1);/eg;
+ $match =~ s/((?:#$s*)?([0-9]+))/get_bug_link($2, $1);/eg;
$match;
}eg;
my $comments_word = template_var('terms')->{comments};
my $comments_re = qr/(?:comments|\Q$comments_word\E)$s*\#?$s*
- \d+(?:$s*,$s*\#?$s*\d+)+/ix;
+ [0-9]+(?:$s*,$s*\#?$s*[0-9]+)+/ix;
$text =~ s{($comments_re)}{
my $match = $1;
- $match =~ s|((?:#$s*)?(\d+))|$1|g;
+ $match =~ s|((?:#$s*)?([0-9]+))|$1|g;
$match;
}eg;
# Old duplicate markers. These don't use $bug_word because they are old
# and were never customizable.
$text =~ s~(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )
- (\d+)
+ ([0-9]+)
(?=\ \*\*\*\Z)
~get_bug_link($1, $1, { user => $user })
~egmx;
@@ -502,7 +501,7 @@ sub _concatenate_css {
next unless -e "$cgi_path/$files{$source}";
my $file = $skins_path . '/' . md5_hex($source) . '.css';
if (!-e $file) {
- my $content = read_file("$cgi_path/$files{$source}");
+ my $content = read_text("$cgi_path/$files{$source}");
# minify
$content =~ s{/\*.*?\*/}{}sg; # comments
@@ -512,7 +511,7 @@ sub _concatenate_css {
# rewrite urls
$content =~ s{url\(([^\)]+)\)}{_css_url_rewrite($source, $1)}eig;
- write_file($file, "/* $files{$source} */\n" . $content . "\n");
+ write_text($file, "/* $files{$source} */\n" . $content . "\n");
}
push @minified, $file;
}
@@ -522,9 +521,9 @@ sub _concatenate_css {
if (!-e $file) {
my $content = '';
foreach my $source (@minified) {
- $content .= read_file($source);
+ $content .= read_text($source);
}
- write_file($file, $content);
+ write_text($file, $content);
}
$file =~ s/^\Q$cgi_path\E\///o;
@@ -563,7 +562,7 @@ sub _concatenate_js {
next unless -e "$cgi_path/$files{$source}";
my $file = $skins_path . '/' . md5_hex($source) . '.js';
if (!-e $file) {
- my $content = read_file("$cgi_path/$files{$source}");
+ my $content = read_text("$cgi_path/$files{$source}");
# minimal minification
$content =~ s#/\*.*?\*/##sg; # block comments
@@ -572,7 +571,7 @@ sub _concatenate_js {
$content =~ s#\n{2,}#\n#g; # blank lines
$content =~ s#(^\s+|\s+$)##g; # whitespace at the start/end of file
- write_file($file, ";/* $files{$source} */\n" . $content . "\n");
+ write_text($file, ";/* $files{$source} */\n" . $content . "\n");
}
push @minified, $file;
}
@@ -582,9 +581,9 @@ sub _concatenate_js {
if (!-e $file) {
my $content = '';
foreach my $source (@minified) {
- $content .= read_file($source);
+ $content .= read_text($source);
}
- write_file($file, $content);
+ write_text($file, $content);
}
$file =~ s/^\Q$cgi_path\E\///o;
@@ -865,12 +864,16 @@ sub create {
},
# In CSV, quotes are doubled, and any value containing a quote or a
- # comma is enclosed in quotes. If a field starts with an equals
- # sign, it is proceed by a space.
+ # comma is enclosed in quotes.
+ # If a field starts with either "=", "+", "-" or "@", it is preceded
+ # by a space to prevent stupid formula execution from Excel & co.
csv => sub
{
my ($var) = @_;
- $var = ' ' . $var if substr($var, 0, 1) eq '=';
+ $var = ' ' . $var if $var =~ /^[+=@-]/;
+ # backslash is not special to CSV, but it can be used to confuse some browsers...
+ # so we do not allow it to happen. We only do this for logged-in users.
+ $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";
diff --git a/Bugzilla/Update.pm b/Bugzilla/Update.pm
index 72a7108a8..1c092ebe4 100644
--- a/Bugzilla/Update.pm
+++ b/Bugzilla/Update.pm
@@ -49,14 +49,15 @@ sub get_notifications {
'latest_ver' => $branch->{'att'}->{'vid'},
'status' => $branch->{'att'}->{'status'},
'url' => $branch->{'att'}->{'url'},
- 'date' => $branch->{'att'}->{'date'}
+ 'date' => $branch->{'att'}->{'date'},
+ 'eos_date' => exists($branch->{'att'}->{'eos-date'}) ? $branch->{'att'}->{'eos-date'} : undef,
};
push(@releases, $release);
}
# On which branch is the current installation running?
my @current_version =
- (BUGZILLA_VERSION =~ m/^(\d+)\.(\d+)(?:(rc|\.)(\d+))?\+?$/);
+ (BUGZILLA_VERSION =~ m/^(\d+)\.(\d+)(?:\.(\d+))?(?:(rc|\.)(\d+))?\+?$/);
my @release;
if (Bugzilla->params->{'upgrade_notification'} eq 'development_snapshot') {
@@ -68,17 +69,60 @@ sub get_notifications {
}
}
elsif (Bugzilla->params->{'upgrade_notification'} eq 'latest_stable_release') {
+ # We want the latest stable version for the current branch.
+ # If we are running a development snapshot, we won't match anything.
+ # This is the 5.0.4 branch and it won't branch again so just hardcode this.
+ my $branch_version = '5.0.4';
+
+ # We do a string comparison instead of a numerical one, because
+ # e.g. 2.2 == 2.20, but 2.2 ne 2.20 (and 2.2 is indeed much older).
+ @release = grep {$_->{'branch_ver'} eq $branch_version} @releases;
+
+ # If the branch has an end-of-support date listed, we should
+ # strongly suggest to upgrade to the latest stable release
+ # available.
+ if (scalar(@release) && $release[0]->{'status'} ne 'closed'
+ && defined($release[0]->{'eos_date'})) {
+ my $eos_date = $release[0]->{'eos_date'};
+ @release = grep {$_->{'status'} eq 'stable'} @releases;
+ return {'data' => $release[0],
+ 'branch_version' => $branch_version,
+ 'eos_date' => $eos_date};
+ };
+
+ # If the branch is now closed, we should strongly suggest
+ # to upgrade to the latest stable release available.
+ if (scalar(@release) && $release[0]->{'status'} eq 'closed') {
+ @release = grep {$_->{'status'} eq 'stable'} @releases;
+ return {'data' => $release[0], 'deprecated' => $branch_version};
+ }
+
+ # If we get here, then we want to recommend the lastest stable
+ # release without any other messages.
@release = grep {$_->{'status'} eq 'stable'} @releases;
}
elsif (Bugzilla->params->{'upgrade_notification'} eq 'stable_branch_release') {
# We want the latest stable version for the current branch.
# If we are running a development snapshot, we won't match anything.
- my $branch_version = $current_version[0] . '.' . $current_version[1];
+ # This is the 5.0.4 branch and it won't branch again so just hardcode this.
+ my $branch_version = '5.0.4';
# We do a string comparison instead of a numerical one, because
# e.g. 2.2 == 2.20, but 2.2 ne 2.20 (and 2.2 is indeed much older).
@release = grep {$_->{'branch_ver'} eq $branch_version} @releases;
+ # If the branch has an end-of-support date listed, we should
+ # strongly suggest to upgrade to the latest stable release
+ # available.
+ if (scalar(@release) && $release[0]->{'status'} ne 'closed'
+ && defined($release[0]->{'eos_date'})) {
+ my $eos_date = $release[0]->{'eos_date'};
+ @release = grep {$_->{'status'} eq 'stable'} @releases;
+ return {'data' => $release[0],
+ 'branch_version' => $branch_version,
+ 'eos_date' => $eos_date};
+ };
+
# If the branch is now closed, we should strongly suggest
# to upgrade to the latest stable release available.
if (scalar(@release) && $release[0]->{'status'} eq 'closed') {
@@ -97,12 +141,12 @@ sub get_notifications {
# Only notify the administrator if the latest version available
# is newer than the current one.
my @new_version =
- ($release[0]->{'latest_ver'} =~ m/^(\d+)\.(\d+)(?:(rc|\.)(\d+))?\+?$/);
+ ($release[0]->{'latest_ver'} =~ m/^(\d+)\.(\d+)(?:\.(\d+))?(?:(rc|\.)(\d+))?\+?$/);
# We convert release candidates 'rc' to integers (rc ? 0 : 1) in order
# to compare versions easily.
- $current_version[2] = ($current_version[2] && $current_version[2] eq 'rc') ? 0 : 1;
- $new_version[2] = ($new_version[2] && $new_version[2] eq 'rc') ? 0 : 1;
+ @current_version = map { s/^(?:rc|)$/0/; s/^\.$/1/; $_; } @current_version;
+ @new_version = map { s/^(?:rc|)$/0/; s/^\.$/1/; $_; } @new_version;
my $is_newer = _compare_versions(\@current_version, \@new_version);
return ($is_newer == 1) ? {'data' => $release[0]} : undef;
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 6cfef6db5..e8f4aa77f 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -132,7 +132,19 @@ sub new {
$_[0] = $param;
}
}
- return $class->SUPER::new(@_);
+
+ $user = $class->SUPER::new(@_);
+
+ # MySQL considers some non-ascii characters such as umlauts to equal
+ # ascii characters returning a user when it should not.
+ if ($user && ref $param eq 'HASH' && exists $param->{name}) {
+ my $login = $param->{name};
+ if (lc $login ne lc $user->login) {
+ $user = undef;
+ }
+ }
+
+ return $user;
}
sub super_user {
@@ -922,9 +934,10 @@ sub groups {
}
sub last_visited {
- my ($self) = @_;
+ my ($self, $ids) = @_;
- return Bugzilla::BugUserLastVisit->match({ user_id => $self->id });
+ return Bugzilla::BugUserLastVisit->match({ user_id => $self->id,
+ $ids ? ( bug_id => $ids ) : () });
}
sub is_involved_in_bug {
diff --git a/Bugzilla/User/Setting.pm b/Bugzilla/User/Setting.pm
index ea3bbfb54..aece3b7de 100644
--- a/Bugzilla/User/Setting.pm
+++ b/Bugzilla/User/Setting.pm
@@ -127,7 +127,7 @@ sub add_setting {
my $exists = _setting_exists($name);
return if ($exists && !$force_check);
- ($name && $default_value)
+ ($name && length( $default_value // '' ))
|| ThrowCodeError("setting_info_invalid");
if ($exists) {
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 037b38648..5ceef4ef7 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -24,7 +24,7 @@ use parent qw(Exporter);
validate_email_syntax check_email_syntax clean_text
get_text template_var display_value disable_utf8
detect_encoding email_filter
- join_activity_entries);
+ join_activity_entries read_text write_text);
use Bugzilla::Constants;
use Bugzilla::RNG qw(irand);
@@ -39,6 +39,8 @@ use Scalar::Util qw(tainted blessed);
use Text::Wrap;
use Encode qw(encode decode resolve_alias);
use Encode::Guess;
+use File::Basename qw(dirname);
+use File::Temp qw(tempfile);
sub trick_taint {
require Carp;
@@ -49,13 +51,13 @@ sub trick_taint {
}
sub detaint_natural {
- my $match = $_[0] =~ /^(\d+)$/;
+ my $match = $_[0] =~ /^([0-9]+)$/;
$_[0] = $match ? int($1) : undef;
return (defined($_[0]));
}
sub detaint_signed {
- my $match = $_[0] =~ /^([-+]?\d+)$/;
+ my $match = $_[0] =~ /^([-+]?[0-9]+)$/;
# The "int()" call removes any leading plus sign.
$_[0] = $match ? int($1) : undef;
return (defined($_[0]));
@@ -106,6 +108,29 @@ sub html_quote {
return $var;
}
+sub read_text {
+ my ($filename) = @_;
+ open my $fh, '<:encoding(utf-8)', $filename;
+ local $/ = undef;
+ my $content = <$fh>;
+ close $fh;
+ return $content;
+}
+
+sub write_text {
+ my ($filename, $content) = @_;
+ my ($tmp_fh, $tmp_filename) = tempfile('.tmp.XXXXXXXXXX',
+ DIR => dirname($filename),
+ UNLINK => 0,
+ );
+ binmode $tmp_fh, ':encoding(utf-8)';
+ print $tmp_fh $content;
+ close $tmp_fh;
+ # File::Temp tries for secure files, but File::Slurp used the umask.
+ chmod(0666 & ~umask, $tmp_filename);
+ rename $tmp_filename, $filename;
+}
+
sub html_light_quote {
my ($text) = @_;
# admin/table.html.tmpl calls |FILTER html_light| many times.
@@ -588,7 +613,7 @@ sub datetime_from {
second => defined($time[0]) ? int($time[0]) : undef,
# If a timezone was specified, use it. Otherwise, use the
# local timezone.
- time_zone => Bugzilla->local_timezone->offset_as_string($time[6])
+ time_zone => DateTime::TimeZone->offset_as_string($time[6])
|| Bugzilla->local_timezone,
);
@@ -1238,18 +1263,44 @@ if Bugzilla is currently using the shadowdb or not. Used like:
=back
-=head1 B
-
=over
-=item do_ssl_redirect_if_required
+=item C
+
+Writes $content to $filename. The content will be encoded as UTF-8. Returns 1 if
+the atomic write was successful, 0 otherwise. C<$!> will be set to the error
+from C.
+
+=item C
+
+Reads the contents of $filename and returns it as a string. The string will be
+decoded as UTF-8.
+
+=item C
+
+Returns true if the given IP address is an IPv4 address.
+
+=item C
+
+Returns true if the given IP address is an IPv6 address.
+
+=item C
+
+If Bugzilla is configured to redirect all HTTP requests to HTTPS, this function
+will redirect the user to the HTTPS version of the current page. It will not do
+anything if the user is already on HTTPS, or if there is no C parameter
+set.
-=item validate_time
+=item C
-=item is_ipv4
+Validates a time string. Returns true or false depending on whether the time
+string is valid.
-=item is_ipv6
+=item C
-=item display_value
+Returns the display value for a given field and value. This value comes from the
+value_descs template variable. The value_descs variable is set in the template
+file C. This is used for localizing Bugzilla to
+other languages.
=back
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index c99651201..b07d3cb01 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1133,6 +1133,10 @@ sub update_comment_tags {
{ function => 'Bug.update_comment_tags',
param => 'comment_id' });
+ ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags',
+ param => 'comment_id' })
+ unless $comment_id =~ /^[0-9]+$/;
+
my $comment = Bugzilla::Comment->new($comment_id)
|| return [];
$comment->bug->check_is_visible();
diff --git a/Bugzilla/WebService/BugUserLastVisit.pm b/Bugzilla/WebService/BugUserLastVisit.pm
index 19a56ff46..56e91ec31 100644
--- a/Bugzilla/WebService/BugUserLastVisit.pm
+++ b/Bugzilla/WebService/BugUserLastVisit.pm
@@ -36,7 +36,7 @@ sub update {
# Cache permissions for bugs. This highly reduces the number of calls to the
# DB. visible_bugs() is only able to handle bug IDs, so we have to skip
# aliases.
- $user->visible_bugs([grep /^[0-9]$/, @$ids]);
+ $user->visible_bugs([grep /^[0-9]+$/, @$ids]);
$dbh->bz_start_transaction();
my @results;
@@ -52,7 +52,7 @@ sub update {
push(
@results,
$self->_bug_user_last_visit_to_hash(
- $bug, $last_visit_ts, $params
+ $bug->id, $last_visit_ts, $params
));
}
$dbh->bz_commit_transaction();
@@ -67,27 +67,23 @@ sub get {
$user->login(LOGIN_REQUIRED);
+ my @last_visits;
if ($ids) {
# Cache permissions for bugs. This highly reduces the number of calls to
# the DB. visible_bugs() is only able to handle bug IDs, so we have to
# skip aliases.
- $user->visible_bugs([grep /^[0-9]$/, @$ids]);
- }
-
- my @last_visits = @{ $user->last_visited };
+ $user->visible_bugs([grep /^[0-9]+$/, @$ids]);
- if ($ids) {
- # remove bugs that we are not interested in if ids is passed in.
- my %id_set = map { ($_ => 1) } @$ids;
- @last_visits = grep { $id_set{ $_->bug_id } } @last_visits;
+ my %last_visit = map { $_->bug_id => $_->last_visit_ts } @{ $user->last_visited($ids) };
+ @last_visits = map { $self->_bug_user_last_visit_to_hash($_->id, $last_visit{$_}, $params) } @$ids;
+ }
+ else {
+ @last_visits = map {
+ $self->_bug_user_last_visit_to_hash($_->bug_id, $_->last_visit_ts, $params)
+ } @{ $user->last_visited };
}
- return [
- map {
- $self->_bug_user_last_visit_to_hash($_->bug_id, $_->last_visit_ts,
- $params)
- } @last_visits
- ];
+ return \@last_visits;
}
sub _bug_user_last_visit_to_hash {
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 0bdd3517e..557a996f8 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -67,6 +67,8 @@ use constant WS_ERROR_CODE => {
number_too_large => 54,
number_too_small => 55,
illegal_date => 56,
+ param_integer_required => 57,
+ param_scalar_array_required => 58,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
diff --git a/Bugzilla/WebService/FlagType.pm b/Bugzilla/WebService/FlagType.pm
index 9723d4735..9d7cce037 100644
--- a/Bugzilla/WebService/FlagType.pm
+++ b/Bugzilla/WebService/FlagType.pm
@@ -61,11 +61,9 @@ sub get {
sub create {
my ($self, $params) = @_;
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
- my $dbh = Bugzilla->dbh;
- my $user = Bugzilla->user;
-
- Bugzilla->user->in_group('editcomponents')
+ $user->in_group('editcomponents')
|| scalar(@{$user->get_products_by_permission('editcomponents')})
|| ThrowUserError("auth_failure", { group => "editcomponents",
action => "add",
@@ -121,11 +119,9 @@ sub create {
sub update {
my ($self, $params) = @_;
-
my $dbh = Bugzilla->dbh;
- my $user = Bugzilla->user;
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
- Bugzilla->login(LOGIN_REQUIRED);
$user->in_group('editcomponents')
|| scalar(@{$user->get_products_by_permission('editcomponents')})
|| ThrowUserError("auth_failure", { group => "editcomponents",
diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm
index f38972bc1..94348a161 100644
--- a/Bugzilla/WebService/Product.pm
+++ b/Bugzilla/WebService/Product.pm
@@ -55,8 +55,6 @@ use constant FIELD_MAP => {
# Add aliases here for method name compatibility #
##################################################
-BEGIN { *get_products = \&get }
-
# Get the ids of the products the user can search
sub get_selectable_products {
Bugzilla->switch_to_shadow_db();
@@ -498,8 +496,6 @@ Returns a list of information about the products passed to it.
B: You must at least specify one of C or C.
-B: Can also be called as "get_products" for compatibilty with Bugzilla 3.0 API.
-
=item B
To return information about a specific groups of products such as
@@ -992,11 +988,3 @@ You must define a default milestone.
=back
=back
-
-=head1 B
-
-=over
-
-=item get_products
-
-=back
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 98a0ee405..8deb253ad 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -63,6 +63,12 @@ sub make_response {
my $self = shift;
my $cgi = Bugzilla->cgi;
+ # Fix various problems with IIS.
+ if ($ENV{'SERVER_SOFTWARE'} =~ /IIS/) {
+ $ENV{CONTENT_LENGTH} = 0;
+ binmode(STDOUT, ':bytes');
+ }
+
$self->SUPER::make_response(@_);
# XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around
@@ -107,6 +113,8 @@ sub handle_login {
if (none { $_ eq $method } $class->PUBLIC_METHODS) {
ThrowCodeError('unknown_method', { method => $full_method });
}
+
+ $ENV{CONTENT_LENGTH} = 0 if $ENV{'SERVER_SOFTWARE'} =~ /IIS/;
$self->SUPER::handle_login($class, $method, $full_method);
return;
}
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index a0a51a8de..a879c0e0d 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -16,6 +16,7 @@ use Bugzilla::FlagType;
use Bugzilla::Error;
use Storable qw(dclone);
+use List::MoreUtils qw(any none);
use parent qw(Exporter);
@@ -219,15 +220,20 @@ sub validate {
# sent any parameters at all, and we're getting @keys where
# $params should be.
return ($self, undef) if (defined $params and !ref $params);
-
+
+ my @id_params = qw(ids comment_ids);
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
foreach my $key (@keys) {
if (exists $params->{$key}) {
- $params->{$key} = ref $params->{$key}
- ? $params->{$key}
- : [ $params->{$key} ];
+ $params->{$key} = [ $params->{$key} ] unless ref $params->{$key};
+
+ if (any { $key eq $_ } @id_params) {
+ my $ids = $params->{$key};
+ ThrowCodeError('param_scalar_array_required', { param => $key })
+ unless ref($ids) eq 'ARRAY' && none { ref $_ } @$ids;
+ }
}
}
diff --git a/Build.PL b/Build.PL
index 024a56024..0a7c1059a 100644
--- a/Build.PL
+++ b/Build.PL
@@ -33,10 +33,10 @@ sub build_requires {
sub recommends {
my $recommends = OPTIONAL_MODULES();
- my @blacklist = ('Apache-SizeLimit', 'mod_perl'); # Does not compile properly on Travis
+ my @blocklist = ('Apache-SizeLimit', 'mod_perl'); # Does not compile properly on Travis
my $hrecommends = {};
foreach my $module (@$recommends) {
- next if grep($_ eq $module->{package}, @blacklist);
+ next if grep($_ eq $module->{package}, @blocklist);
$hrecommends->{$module->{module}} = $module->{version};
}
return $hrecommends;
diff --git a/README b/README
index e68afd8e4..335631e5d 100644
--- a/README
+++ b/README
@@ -6,9 +6,6 @@ developed by an active group of volunteers in the Mozilla community, and used
by thousands of projects and companies around the world. It can be installed on
Linux and other flavors of Unix, Windows or Mac OS X.
-You can try Bugzilla out using our testing installation:
-https://landfill.bugzilla.org/bugzilla-tip/
-
Documentation
=============
diff --git a/attachment.cgi b/attachment.cgi
index 5db8f5909..4cd9229fb 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -26,6 +26,7 @@ use Bugzilla::Attachment::PatchReader;
use Bugzilla::Token;
use Encode qw(encode find_encoding);
+use Encode::MIME::Header; # Required to alter Encode::Encoding{'MIME-Q'}.
# For most scripts we don't make $cgi and $template global variables. But
# when preparing Bugzilla for mod_perl, this script used these
@@ -34,6 +35,7 @@ use Encode qw(encode find_encoding);
local our $cgi = Bugzilla->cgi;
local our $template = Bugzilla->template;
local our $vars = {};
+local $Bugzilla::CGI::ALLOW_UNSAFE_RESPONSE = 1;
# All calls to this script should contain an "action" variable whose
# value determines what the user wants to do. The code below checks
diff --git a/chart.cgi b/chart.cgi
index 00b0b8ee5..18ab87e5e 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -96,6 +96,13 @@ $user->in_group(Bugzilla->params->{"chartgroup"})
# Only admins may create public queries
$user->in_group('admin') || $cgi->delete('public');
+if ($cgi->param('debug')
+ && Bugzilla->params->{debug_group}
+ && Bugzilla->user->in_group(Bugzilla->params->{debug_group})
+ ) {
+ $vars->{'debug'} = 1;
+}
+
# All these actions relate to chart construction.
if ($action =~ /^(assemble|add|remove|sum|subscribe|unsubscribe)$/) {
# These two need to be done before the creation of the Chart object, so
@@ -305,11 +312,19 @@ sub plot {
$vars->{'chart'} = new Bugzilla::Chart($cgi);
my $format = $template->get_format("reports/chart", "", scalar($cgi->param('ctype')));
+ $format->{'ctype'} = 'text/html' if $cgi->param('debug');
+
+ $cgi->set_dated_content_disp('inline', 'chart', $format->{extension});
+ print $cgi->header($format->{'ctype'});
+ disable_utf8() if ($format->{'ctype'} =~ /^image\//);
# Debugging PNGs is a pain; we need to be able to see the error messages
- if ($cgi->param('debug')) {
- print $cgi->header();
- $vars->{'chart'}->dump();
+ if (exists $vars->{'debug'}) {
+ # Bug 1439260 - if we're using debug mode, always use the HTML template
+ # which has proper filters in it. Debug forces an HTML content type
+ # anyway, and can cause XSS if we're not filtering the output.
+ $format = $template->get_format("reports/chart", "", "html");
+ $vars->{'debug_dump'} = $vars->{'chart'}->dump();
}
print $cgi->header($format->{'ctype'});
@@ -351,7 +366,9 @@ sub view {
# If we have having problems with bad data, we can set debug=1 to dump
# the data structure.
- $chart->dump() if $cgi->param('debug');
+ if (exists $vars->{'debug'}) {
+ $vars->{'debug_dump'} = $chart->dump();
+ }
$template->process("reports/create-chart.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
diff --git a/contrib/bugzilla-submit/README b/contrib/bugzilla-submit/README
index f9e74b9d4..9d9811bde 100644
--- a/contrib/bugzilla-submit/README
+++ b/contrib/bugzilla-submit/README
@@ -19,9 +19,8 @@ Its only requirement is Python 2.3 or higher; you should have the
Usage Notes
-----------
-* Please constrain testing to your own installation of Bugzilla, or use
-* http://landfill.bugzilla.org/ for testing purposes -- opening test
-* bugs on production instances of Bugzilla is definitely not a good idea
+* Please constrain testing to your own installation of Bugzilla, opening test
+* bugs on production instances of Bugzilla is definitely not a good idea.
Run "bugzilla-submit --help" for a description of the possible options.
diff --git a/contrib/bugzilla-submit/bugzilla-submit.xml b/contrib/bugzilla-submit/bugzilla-submit.xml
index 2cfdc9209..297e690cc 100755
--- a/contrib/bugzilla-submit/bugzilla-submit.xml
+++ b/contrib/bugzilla-submit/bugzilla-submit.xml
@@ -201,12 +201,12 @@ password field is the right password. The URL in the machine field
must be enclosed in double quotes.
For example, if your Bugzilla instance is at
-"http://landfill.bugzilla.org/bztest/", and your login and password
+"https://bugzilla.example.org/bztest/", and your login and password
there are "john@doe.com" and "foo", respectively, your
.netrc entry should look something like:
- machine "http://landfill.bugzilla.org/bztest/"
+ machine "https://bugzilla.example.org/bztest/"
login john@doe.com
password foo
diff --git a/contrib/jb2bz.py b/contrib/jb2bz.py
index 85f95423a..170e82d70 100755
--- a/contrib/jb2bz.py
+++ b/contrib/jb2bz.py
@@ -17,8 +17,8 @@ This code requires a recent version of Andy Dustman's MySQLdb interface,
Share and enjoy.
"""
-import rfc822, mimetools, multifile, mimetypes, email.utils
-import sys, re, glob, StringIO, os, stat, time
+import email, mimetypes, email.utils
+import sys, re, glob, os, stat, time
import MySQLdb, getopt
# mimetypes doesn't include everything we might encounter, yet.
@@ -30,7 +30,7 @@ if not mimetypes.encodings_map.has_key('.bz2'):
bug_status='CONFIRMED'
component="default"
-version=""
+version="unspecified"
product="" # this is required, the rest of these are defaulted as above
"""
@@ -89,10 +89,24 @@ def process_notes_file(current, fname):
def process_reply_file(current, fname):
new_note = {}
reply = open(fname, "r")
- msg = rfc822.Message(reply)
- new_note['text'] = "%s\n%s" % (msg['From'], msg.fp.read())
- new_note['timestamp'] = email.utils.parsedate_tz(msg['Date'])
- current["notes"].append(new_note)
+ msg = email.message_from_file(reply)
+
+ # Add any attachments that may have been in a followup or reply
+ msgtype = msg.get_content_maintype()
+ if msgtype == "multipart":
+ for part in msg.walk():
+ new_note = {}
+ if part.get_filename() is None:
+ if part.get_content_type() == "text/plain":
+ new_note['timestamp'] = time.gmtime(email.utils.mktime_tz(email.utils.parsedate_tz(msg['Date'])))
+ new_note['text'] = "%s\n%s" % (msg['From'], part.get_payload())
+ current["notes"].append(new_note)
+ else:
+ maybe_add_attachment(part, current)
+ else:
+ new_note['text'] = "%s\n%s" % (msg['From'], msg.get_payload())
+ new_note['timestamp'] = time.gmtime(email.utils.mktime_tz(email.utils.parsedate_tz(msg['Date'])))
+ current["notes"].append(new_note)
def add_notes(current):
"""Add any notes that have been recorded for the current bug."""
@@ -104,51 +118,48 @@ def add_notes(current):
for f in glob.glob("%d.followup.*" % current['number']):
process_reply_file(current, f)
-def maybe_add_attachment(current, file, submsg):
+def maybe_add_attachment(submsg, current):
"""Adds the attachment to the current record"""
- cd = submsg["Content-Disposition"]
- m = re.search(r'filename="([^"]+)"', cd)
- if m == None:
+ attachment_filename = submsg.get_filename()
+ if attachment_filename is None:
return
- attachment_filename = m.group(1)
- if (submsg.gettype() == 'application/octet-stream'):
+
+ if (submsg.get_content_type() == 'application/octet-stream'):
# try get a more specific content-type for this attachment
- type, encoding = mimetypes.guess_type(m.group(1))
- if type == None:
- type = submsg.gettype()
+ mtype, encoding = mimetypes.guess_type(attachment_filename)
+ if mtype == None:
+ mtype = submsg.get_content_type()
else:
- type = submsg.gettype()
+ mtype = submsg.get_content_type()
- try:
- data = StringIO.StringIO()
- mimetools.decode(file, data, submsg.getencoding())
- except:
+ if mtype == 'application/x-pkcs7-signature':
+ return
+
+ if mtype == 'application/pkcs7-signature':
+ return
+
+ if mtype == 'application/pgp-signature':
return
- current['attachments'].append( ( attachment_filename, type, data.getvalue() ) )
+ if mtype == 'message/rfc822':
+ return
-def process_mime_body(current, file, submsg):
- data = StringIO.StringIO()
try:
- mimetools.decode(file, data, submsg.getencoding())
- current['description'] = data.getvalue()
+ data = submsg.get_payload(decode=True)
except:
return
+ current['attachments'].append( ( attachment_filename, mtype, data ) )
+
def process_text_plain(msg, current):
- current['description'] = msg.fp.read()
-
-def process_multi_part(file, msg, current):
- mf = multifile.MultiFile(file)
- mf.push(msg.getparam("boundary"))
- while mf.next():
- submsg = mimetools.Message(file)
- if submsg.has_key("Content-Disposition"):
- maybe_add_attachment(current, mf, submsg)
+ current['description'] = msg.get_payload()
+
+def process_multi_part(msg, current):
+ for part in msg.walk():
+ if part.get_filename() is None:
+ process_text_plain(part, current)
else:
- # This is the message body itself (always?), so process
- # accordingly
- process_mime_body(current, mf, submsg)
+ maybe_add_attachment(part, current)
def process_jitterbug(filename):
current = {}
@@ -158,39 +169,37 @@ def process_jitterbug(filename):
current['description'] = ''
current['date-reported'] = ()
current['short-description'] = ''
-
- print "Processing: %d" % current['number']
- file = open(filename, "r")
- create_date = os.fstat(file.fileno())
- msg = mimetools.Message(file)
+ print "Processing: %d" % current['number']
- msgtype = msg.gettype()
+ mfile = open(filename, "r")
+ create_date = os.fstat(mfile.fileno())
+ msg = email.message_from_file(mfile)
- add_notes(current)
- current['date-reported'] = email.utils.parsedate_tz(msg['Date'])
+ current['date-reported'] = time.gmtime(email.utils.mktime_tz(email.utils.parsedate_tz(msg['Date'])))
if current['date-reported'] is None:
current['date-reported'] = time.gmtime(create_date[stat.ST_MTIME])
if current['date-reported'][0] < 1900:
current['date-reported'] = time.gmtime(create_date[stat.ST_MTIME])
- if msg.getparam('Subject') is not None:
+ if msg.has_key('Subject') is not False:
current['short-description'] = msg['Subject']
else:
current['short-description'] = "Unknown"
- if msgtype[:5] == 'text/':
+ msgtype = msg.get_content_maintype()
+ if msgtype == 'text':
process_text_plain(msg, current)
- elif msgtype[:5] == 'text':
- process_text_plain(msg, current)
- elif msgtype[:10] == "multipart/":
- process_multi_part(file, msg, current)
+ elif msgtype == "multipart":
+ process_multi_part(msg, current)
else:
# Huh? This should never happen.
print "Unknown content-type: %s" % msgtype
sys.exit(1)
+ add_notes(current)
+
# At this point we have processed the message: we have all of the notes and
# attachments stored, so it's time to add things to the database.
# The schema for JitterBug 2.14 can be found at:
@@ -219,7 +228,9 @@ def process_jitterbug(filename):
try:
cursor.execute( "INSERT INTO bugs SET " \
"bug_id=%s," \
+ "priority='---'," \
"bug_severity='normal'," \
+ "op_sys='All'," \
"bug_status=%s," \
"creation_ts=%s," \
"delta_ts=%s," \
@@ -242,7 +253,7 @@ def process_jitterbug(filename):
version,
component,
resolution] )
-
+
# This is the initial long description associated with the bug report
cursor.execute( "INSERT INTO longdescs SET " \
"bug_id=%s," \
@@ -253,7 +264,7 @@ def process_jitterbug(filename):
reporter,
time.strftime("%Y-%m-%d %H:%M:%S", current['date-reported'][:9]),
current['description'] ] )
-
+
# Add whatever notes are associated with this defect
for n in current['notes']:
cursor.execute( "INSERT INTO longdescs SET " \
@@ -265,15 +276,15 @@ def process_jitterbug(filename):
reporter,
time.strftime("%Y-%m-%d %H:%M:%S", n['timestamp'][:9]),
n['text']])
-
+
# add attachments associated with this defect
for a in current['attachments']:
cursor.execute( "INSERT INTO attachments SET " \
- "bug_id=%s, creation_ts=%s, description='', mimetype=%s," \
+ "bug_id=%s, creation_ts=%s, description=%s, mimetype=%s," \
"filename=%s, submitter_id=%s",
[ current['number'],
time.strftime("%Y-%m-%d %H:%M:%S", current['date-reported'][:9]),
- a[1], a[0], reporter ])
+ a[0], a[1], a[0], reporter ])
cursor.execute( "INSERT INTO attach_data SET " \
"id=LAST_INSERT_ID(), thedata=%s",
[ a[2] ])
diff --git a/editclassifications.cgi b/editclassifications.cgi
index ea4b139da..640b8b8cd 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -27,7 +27,6 @@ local our $vars = {};
sub LoadTemplate {
my $action = shift;
- my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
$vars->{'classifications'} = [Bugzilla::Classification->get_all]
@@ -38,7 +37,6 @@ sub LoadTemplate {
$action =~ /(\w+)/;
$action = $1;
- print $cgi->header();
$template->process("admin/classifications/$action.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index d848d250a..71f7cb655 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -436,17 +436,30 @@ sub get_products_and_components {
my @products;
if ($user->in_group('editcomponents')) {
- @products = Bugzilla::Product->get_all;
+ if (Bugzilla->params->{useclassification}) {
+ # We want products grouped by classifications.
+ @products = map { @{ $_->products } } Bugzilla::Classification->get_all;
+ }
+ else {
+ @products = Bugzilla::Product->get_all;
+ }
}
else {
@products = @{$user->get_products_by_permission('editcomponents')};
+
+ if (Bugzilla->params->{useclassification}) {
+ my %class;
+ push(@{$class{$_->classification_id}}, $_) foreach @products;
+
+ # Let's sort the list by classifications.
+ @products = ();
+ push(@products, @{$class{$_->id} || []}) foreach Bugzilla::Classification->get_all;
+ }
}
- # We require all unique component names.
+
my %components;
foreach my $product (@products) {
- foreach my $component (@{$product->components}) {
- $components{$component->name} = 1;
- }
+ $components{$_->name} = 1 foreach @{$product->components};
}
$vars->{'products'} = \@products;
$vars->{'components'} = [sort(keys %components)];
diff --git a/editgroups.cgi b/editgroups.cgi
index 287ac1114..f2c915556 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -135,8 +135,7 @@ sub get_current_and_available {
unless ($action) {
my @groups = Bugzilla::Group->get_all;
$vars->{'groups'} = \@groups;
-
- print $cgi->header();
+
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -155,12 +154,10 @@ if ($action eq 'changeform') {
get_current_and_available($group, $vars);
$vars->{'group'} = $group;
- $vars->{'token'} = issue_session_token('edit_group');
+ $vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -172,10 +169,9 @@ if ($action eq 'changeform') {
if ($action eq 'add') {
$vars->{'token'} = issue_session_token('add_group');
- print $cgi->header();
+
$template->process("admin/groups/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -194,15 +190,9 @@ if ($action eq 'new') {
isactive => scalar $cgi->param('isactive'),
icon_url => scalar $cgi->param('icon_url'),
isbuggroup => 1,
+ use_in_all_products => scalar $cgi->param('insertnew'),
});
- # Permit all existing products to use the new group if makeproductgroups.
- if ($cgi->param('insertnew')) {
- $dbh->do('INSERT INTO group_control_map
- (group_id, product_id, membercontrol, othercontrol)
- SELECT ?, products.id, ?, ? FROM products',
- undef, ($group->id, CONTROLMAPSHOWN, CONTROLMAPNA));
- }
delete_token($token);
$vars->{'message'} = 'group_created';
@@ -210,7 +200,6 @@ if ($action eq 'new') {
get_current_and_available($group, $vars);
$vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -234,10 +223,8 @@ if ($action eq 'del') {
$vars->{'group'} = $group;
$vars->{'token'} = issue_session_token('delete_group');
- print $cgi->header();
$template->process("admin/groups/delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -261,7 +248,6 @@ if ($action eq 'delete') {
$vars->{'message'} = 'group_deleted';
$vars->{'groups'} = [Bugzilla::Group->get_all];
- print $cgi->header();
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -283,7 +269,6 @@ if ($action eq 'postchanges') {
$vars->{'changes'} = $changes;
$vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -294,6 +279,7 @@ if ($action eq 'confirm_remove') {
$vars->{'group'} = $group;
$vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp'));
$vars->{'token'} = issue_session_token('remove_group_members');
+
$template->process('admin/groups/confirm-remove.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -332,10 +318,8 @@ if ($action eq 'remove_regexp') {
$vars->{'group'} = $group->name;
$vars->{'groups'} = [Bugzilla::Group->get_all];
- print $cgi->header();
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
diff --git a/editkeywords.cgi b/editkeywords.cgi
index 41496f362..01f30dbed 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -24,10 +24,6 @@ my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
-#
-# Preliminary checks:
-#
-
my $user = Bugzilla->login(LOGIN_REQUIRED);
print $cgi->header();
@@ -47,22 +43,16 @@ $vars->{'action'} = $action;
if ($action eq "") {
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
- print $cgi->header();
$template->process("admin/keywords/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
-
if ($action eq 'add') {
$vars->{'token'} = issue_session_token('add_keyword');
- print $cgi->header();
-
$template->process("admin/keywords/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -79,8 +69,6 @@ if ($action eq 'new') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_created';
$vars->{'name'} = $keyword->name;
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
@@ -104,7 +92,6 @@ if ($action eq 'edit') {
$vars->{'keyword'} = $keyword;
$vars->{'token'} = issue_session_token('edit_keyword');
- print $cgi->header();
$template->process("admin/keywords/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -128,8 +115,6 @@ if ($action eq 'update') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_updated';
$vars->{'keyword'} = $keyword;
$vars->{'changes'} = $changes;
@@ -147,7 +132,6 @@ if ($action eq 'del') {
$vars->{'keyword'} = $keyword;
$vars->{'token'} = issue_session_token('delete_keyword');
- print $cgi->header();
$template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -162,8 +146,6 @@ if ($action eq 'delete') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_deleted';
$vars->{'keyword'} = $keyword;
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
diff --git a/js/productform.js b/js/productform.js
index d5e24d306..0f669aa26 100644
--- a/js/productform.js
+++ b/js/productform.js
@@ -10,16 +10,10 @@
// collection of javascript arrays containing strings.
/**
- * Reads the selected products and updates component, version and milestone
- * lists accordingly.
+ * Reads the selected products and updates the component list accordingly.
*
* @param product Select element that contains products.
- * @param component Select element that contains components. Can be null if
- * there is no such element to update.
- * @param version Select element that contains versions. Can be null if
- * there is no such element to update.
- * @param milestone Select element that contains milestones. Can be null if
- * there is no such element to update.
+ * @param component Select element that contains components.
* @param anyval Value to use for a special "Any" list item. Can be null
* to not use any. If used must and will be first item in
* the select element.
@@ -27,21 +21,15 @@
* @global cpts Array of arrays, indexed by product name. The subarrays
* contain a list of components to be fed to the respective
* select element.
- * @global vers Array of arrays, indexed by product name. The subarrays
- * contain a list of versions to be fed to the respective
- * select element.
- * @global tms Array of arrays, indexed by product name. The subarrays
- * contain a list of milestones to be fed to the respective
- * select element.
* @global first_load Boolean; true if this is the first time this page loads
* or false if not.
* @global last_sel Array that contains last list of products so we know what
* has changed, and optimize for additions.
*/
-function selectProduct(product, component, version, milestone, anyval) {
+function selectProduct(product, component, anyval) {
// This is to avoid handling events that occur before the form
// itself is ready, which could happen in buggy browsers.
- if (!product)
+ if (!product || !component)
return;
// Do nothing if no products are defined. This is to avoid the
@@ -78,15 +66,8 @@ function selectProduct(product, component, version, milestone, anyval) {
var findall = (product.selectedIndex == -1
|| (anyval != null && product.options[0].selected));
- if (useclassification) {
- // Update index based on the complete product array.
- sel = get_selection(product, findall, true, anyval);
- for (var i=0; i
EOT
diff --git a/process_bug.cgi b/process_bug.cgi
index 216dfbf1b..0b0ecd64e 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -305,9 +305,10 @@ if (defined $cgi->param('id')) {
my %is_private;
foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
- $field =~ /(\d+)$/;
- my $comment_id = $1;
- $is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
+ if ($field =~ /(\d+)$/) {
+ my $comment_id = $1;
+ $is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
+ }
}
$set_all_fields{comment_is_private} = \%is_private;
diff --git a/report.cgi b/report.cgi
index 2a8317d7a..d5f471ef0 100755
--- a/report.cgi
+++ b/report.cgi
@@ -359,19 +359,22 @@ my $format = $template->get_format("reports/report", $formatparam,
# If we get a template or CGI error, it comes out as HTML, which isn't valid
# PNG data, and the browser just displays a "corrupt PNG" message. So, you can
# set debug=1 to always get an HTML content-type, and view the error.
-$format->{'ctype'} = "text/html" if $cgi->param('debug');
+if (exists $vars->{'debug'}) {
+ # Bug 1439260 - if we're using debug mode, always use the HTML template
+ # which has proper filters in it. Debug forces an HTML content type
+ # anyway, and can cause XSS if we're not filtering the output.
+ $format = $template->get_format("reports/report", $formatparam, "html");
+}
$cgi->set_dated_content_disp("inline", "report", $format->{extension});
print $cgi->header($format->{'ctype'});
# Problems with this CGI are often due to malformed data. Setting debug=1
# prints out both data structures.
-if ($cgi->param('debug')) {
+if (exists $vars->{'debug'}) {
require Data::Dumper;
- say "
data hash:";
- say html_quote(Data::Dumper::Dumper(%data));
- say "\ndata array:";
- say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n
";
+ $vars->{'debug_hash'} = Data::Dumper::Dumper(%data);
+ $vars->{'debug_array'} = Data::Dumper::Dumper(@image_data);
}
# All formats point to the same section of the documentation.
diff --git a/request.cgi b/request.cgi
index 566781a0c..347cb7a44 100755
--- a/request.cgi
+++ b/request.cgi
@@ -305,13 +305,22 @@ sub queue {
$vars->{'requests'} = \@requests;
$vars->{'types'} = \@types;
- my %components;
- foreach my $prod (@{$user->get_selectable_products}) {
- foreach my $comp (@{$prod->components}) {
- $components{$comp->name} = 1;
+ # This code is needed to populate the Product and Component select fields.
+ my ($products, %components);
+ if (Bugzilla->params->{useclassification}) {
+ foreach my $class (@{$user->get_selectable_classifications}) {
+ push @$products, @{$user->get_selectable_products($class->id)};
}
}
- $vars->{'components'} = [ sort { $a cmp $b } keys %components ];
+ else {
+ $products = $user->get_selectable_products;
+ }
+
+ foreach my $product (@$products) {
+ $components{$_->name} = 1 foreach @{$product->components};
+ }
+ $vars->{'products'} = $products;
+ $vars->{'components'} = [ sort keys %components ];
$vars->{'urlquerypart'} = $cgi->canonicalise_query('ctype');
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index e3e54c4d8..7b2d2f55d 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -55,13 +55,19 @@ sub CreateImagemap {
$default = qq{\n};
}
- if ($line =~ /^rectangle \((.*),(.*)\) \((.*),(.*)\) (http[^ ]*) (\d+)(\\n.*)?$/) {
+ if ($line =~ /^rectangle \((\d+),(\d+)\) \((\d+),(\d+)\) (http[^ ]*) (\d+)(?:\\n.*)?$/) {
my ($leftx, $rightx, $topy, $bottomy, $url, $bugid) = ($1, $3, $2, $4, $5, $6);
# Pick up bugid from the mapdata label field. Getting the title from
# bugtitle hash instead of mapdata allows us to get the summary even
# when showsummary is off, and also gives us status and resolution.
- my $bugtitle = html_quote(clean_text($bugtitles{$bugid}));
+ # This text is safe; it has already been escaped.
+ my $bugtitle = $bugtitles{$bugid};
+
+ # The URL is supposed to be safe, because it's built manually.
+ # But in case someone manages to inject code, it's safer to escape it.
+ $url = html_quote($url);
+
$map .= qq{\n};
@@ -180,13 +186,16 @@ foreach my $k (@bug_ids) {
# Retrieve bug information from the database
my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
- # Resolution and summary are shown only if user can see the bug
- if (!$user->can_see_bug($k)) {
+ $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
+
+ # The bug summary is shown only if the user can see the bug.
+ if ($user->can_see_bug($k)) {
+ $summary = html_quote(clean_text($summary));
+ }
+ else {
$summary = '';
}
- $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
-
my @params;
if ($summary ne "" && $cgi->param('showsummary')) {
@@ -195,6 +204,9 @@ foreach my $k (@bug_ids) {
utf8::encode($summary) if utf8::is_utf8($summary);
}
$summary =~ s/([\\\"])/\\$1/g;
+ # Newlines must be escaped too, to not break the .map file
+ # and to prevent code injection.
+ $summary =~ s/\n/\\n/g;
push(@params, qq{label="$k\\n$summary"});
}
diff --git a/skins/standard/global.css b/skins/standard/global.css
index 8662540d1..be285984d 100644
--- a/skins/standard/global.css
+++ b/skins/standard/global.css
@@ -655,7 +655,7 @@ input.required, select.required, span.required_explanation {
list-style-type: none;
}
-.field_textarea_readonly {
+pre.field_textarea_readonly {
margin: 2px;
padding: 4px;
overflow: auto;
@@ -663,9 +663,6 @@ input.required, select.required, span.required_explanation {
max-width: 30em;
max-height: 7em;
border: 1px solid #CCC;
-}
-
-.field_textarea_readonly pre {
font-family: monospace;
white-space: pre-wrap;
}
diff --git a/t/002goodperl.t b/t/002goodperl.t
index d1858361f..8fcd1a343 100644
--- a/t/002goodperl.t
+++ b/t/002goodperl.t
@@ -14,7 +14,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
diff --git a/t/003safesys.t b/t/003safesys.t
index 443f96415..e1d04bed8 100644
--- a/t/003safesys.t
+++ b/t/003safesys.t
@@ -14,7 +14,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
diff --git a/t/004template.t b/t/004template.t
index 0a6f0e0aa..f336441ac 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -13,7 +13,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Templates;
@@ -114,10 +114,10 @@ foreach my $include_path (@include_paths) {
# Forbid single quotes to delimit URLs, see bug 926085.
if ($data =~ /href=\\?'/) {
- ok(0, "$path contains blacklisted constructs: href='...'");
+ ok(0, "$path contains blocklisted constructs: href='...'");
}
else {
- ok(1, "$path contains no blacklisted constructs");
+ ok(1, "$path contains no blocklisted constructs");
}
}
}
diff --git a/t/005whitespace.t b/t/005whitespace.t
index b6de8cee3..b7f10cae2 100644
--- a/t/005whitespace.t
+++ b/t/005whitespace.t
@@ -13,7 +13,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
use Support::Templates;
diff --git a/t/006spellcheck.t b/t/006spellcheck.t
index 24e00242d..ea298c5f6 100644
--- a/t/006spellcheck.t
+++ b/t/006spellcheck.t
@@ -14,7 +14,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
# -1 because 006spellcheck.t must not be checked.
diff --git a/t/007util.t b/t/007util.t
index 66c2df032..6f5ea8b72 100644
--- a/t/007util.t
+++ b/t/007util.t
@@ -13,7 +13,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
use Test::More tests => 17;
use DateTime;
diff --git a/t/009bugwords.t b/t/009bugwords.t
index e36651edb..5b0bf1f94 100644
--- a/t/009bugwords.t
+++ b/t/009bugwords.t
@@ -19,7 +19,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. t lib);
use Support::Files;
use Support::Templates;
diff --git a/t/010dependencies.t b/t/010dependencies.t
index afd29a652..e0e990172 100644
--- a/t/010dependencies.t
+++ b/t/010dependencies.t
@@ -69,7 +69,7 @@ foreach my $module (keys %mods) {
$used =~ s#/#::#g;
$used =~ s#\.pm$##;
$used =~ s#\$module#[^:]+#;
- $used =~ s#\${[^}]+}#[^:]+#;
+ $used =~ s#\$\{[^}]+\}#[^:]+#;
$used =~ s#[" ]##g;
push(@use, grep(/^\Q$used\E$/, keys %mods));
}
diff --git a/t/011pod.t b/t/011pod.t
index cba9111d1..fd37faa7c 100644
--- a/t/011pod.t
+++ b/t/011pod.t
@@ -14,7 +14,7 @@ use 5.10.1;
use strict;
use warnings;
-use lib 't';
+use lib qw(. lib t);
use Support::Files;
use Pod::Checker;
@@ -35,6 +35,7 @@ use constant SUB_WHITELIST => (
'Bugzilla::JobQueue' => qr/(?:^work_once|work_until_done|subprocess_worker)$/,
'Bugzilla::Search' => qr/^SPECIAL_PARSING$/,
'Bugzilla::Template' => qr/^field_name$/,
+ 'Bugzilla::MIME' => qr/^as_string$/,
);
# These modules do not need to be documented, generally because they
diff --git a/taskgraph.json b/taskgraph.json
index f292653be..ba1d1f3e0 100644
--- a/taskgraph.json
+++ b/taskgraph.json
@@ -10,14 +10,15 @@
"reruns": 3,
"maxRunTime": 3000,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "Basic Sanity Tests"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
"TEST_SUITE": "sanity"
},
@@ -25,13 +26,19 @@
"public/runtests_log": {
"type": "file",
"path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "San"
+ "symbol": "San",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
@@ -40,14 +47,15 @@
"reruns": 3,
"maxRunTime": 3000,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "Documentation Build Test"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
"TEST_SUITE": "docs"
},
@@ -55,13 +63,19 @@
"public/runtests_log": {
"type": "file",
"path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "Doc"
+ "symbol": "Doc",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
@@ -70,14 +84,15 @@
"reruns": 3,
"maxRunTime": 7200,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "WebService API Tests (MySQL)"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
"TEST_SUITE": "webservices"
},
@@ -85,18 +100,24 @@
"public/runtests_log": {
"type": "file",
"path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/httpd_error_log": {
"type": "file",
"path": "/var/log/httpd/error_log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "API"
+ "symbol": "API",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
@@ -105,38 +126,45 @@
"reruns": 3,
"maxRunTime": 7200,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "Selenium Tests (MySQL)"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
"TEST_SUITE": "selenium"
},
"artifacts": {
"public/runtests_log": {
"type": "file",
- "path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "path": "/tmp/runtests.log",
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/httpd_error_log": {
"type": "file",
"path": "/var/log/httpd/error_log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/selenium_log": {
"type": "file",
- "path": "/selenium.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "path": "/tmp/selenium.log",
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "Sel"
+ "symbol": "Sel",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
@@ -145,33 +173,41 @@
"reruns": 3,
"maxRunTime": 7200,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "WebService API Tests (Pg)"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla:pgsql",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
+ "BUGS_DB_DRIVER": "pg",
"TEST_SUITE": "webservices"
},
"artifacts": {
"public/runtests_log": {
"type": "file",
- "path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "path": "/tmp/runtests.log",
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/httpd_error_log": {
"type": "file",
"path": "/var/log/httpd/error_log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "API-Pg"
+ "symbol": "API-Pg",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
@@ -180,38 +216,46 @@
"reruns": 3,
"maxRunTime": 7200,
"task": {
+ "expires": "2018-02-18T17:33:38.806Z",
"metadata": {
"name": "Selenium Tests (Pg)"
},
"provisionerId": "aws-provisioner-v1",
"workerType": "b2gtest",
"payload": {
- "image": "dklawren/docker-bugzilla:pgsql",
- "command": ["/runtests.sh"],
+ "image": "bugzilla/bugzilla-ci",
+ "command": ["runtests.sh"],
"env": {
+ "BUGS_DB_DRIVER": "pg",
"TEST_SUITE": "selenium"
},
"artifacts": {
"public/runtests_log": {
"type": "file",
- "path": "/runtests.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "path": "/tmp/runtests.log",
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/httpd_error_log": {
"type": "file",
"path": "/var/log/httpd/error_log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "expires": "2018-02-17T17:33:38.806Z"
},
"public/selenium_log": {
"type": "file",
- "path": "/selenium.log",
- "expires": "2016-02-17T17:33:38.806Z"
+ "path": "/tmp/selenium.log",
+ "expires": "2018-02-17T17:33:38.806Z"
}
}
},
"extra": {
"treeherder": {
- "symbol": "Sel-Pg"
+ "symbol": "Sel-Pg",
+ "machine": {
+ "platform": "linux64"
+ },
+ "build": {
+ "platform": "linux64"
+ }
}
}
}
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl
index 65aa861a1..a1a074372 100644
--- a/template/en/default/account/auth/login-small.html.tmpl
+++ b/template/en/default/account/auth/login-small.html.tmpl
@@ -27,8 +27,6 @@
Log In
- [% Hook.process('additional_methods') %]
-
-
+[% END %]
diff --git a/template/en/default/admin/admin.html.tmpl b/template/en/default/admin/admin.html.tmpl
index 7e3e5a157..ed41d7309 100644
--- a/template/en/default/admin/admin.html.tmpl
+++ b/template/en/default/admin/admin.html.tmpl
@@ -118,12 +118,6 @@
and time, and get the result of these queries directly per email. This is a
good way to create reminders and to keep track of the activity in your installation.
- [% IF Param('use_mailer_queue') %]
- [% class = user.in_group('admin') ? "" : "forbidden" %]
-