return 'text/plain' if ($cgi->param('ispatch') || $cgi->param('attachurl'));
my $content_type;
- if (!defined $cgi->param('contenttypemethod')) {
+ my $method = $cgi->param('contenttypemethod');
+
+ if (!defined $method) {
ThrowUserError("missing_content_type_method");
}
- elsif ($cgi->param('contenttypemethod') eq 'autodetect') {
+ elsif ($method eq 'autodetect') {
defined $cgi->upload('data') || ThrowUserError('file_not_specified');
# The user asked us to auto-detect the content type, so use the type
# specified in the HTTP request headers.
$content_type = 'image/png';
}
}
- elsif ($cgi->param('contenttypemethod') eq 'list') {
+ elsif ($method eq 'list') {
# The user selected a content type from the list, so use their
# selection.
$content_type = $cgi->param('contenttypeselection');
}
- elsif ($cgi->param('contenttypemethod') eq 'manual') {
+ elsif ($method eq 'manual') {
# The user entered a content type manually, so use their entry.
$content_type = $cgi->param('contenttypeentry');
}
else {
- ThrowCodeError("illegal_content_type_method",
- { contenttypemethod => $cgi->param('contenttypemethod') });
+ ThrowCodeError("illegal_content_type_method", { contenttypemethod => $method });
}
return $content_type;
}
if ($self->{'datefrom'} && $self->{'dateto'} &&
$self->{'datefrom'} > $self->{'dateto'})
{
- ThrowUserError("misarranged_dates",
- {'datefrom' => $cgi->param('datefrom'),
- 'dateto' => $cgi->param('dateto')});
- }
+ ThrowUserError('misarranged_dates', { 'datefrom' => scalar $cgi->param('datefrom'),
+ 'dateto' => scalar $cgi->param('dateto') });
+ }
}
# Alter Chart so that the selected series are added to it.
{
my $context = $cgi->param('context') || "patch";
if ($context ne "file" && $context ne "patch") {
- detaint_natural($context)
- || ThrowUserError("invalid_context", { context => $cgi->param('context') });
+ my $orig_context = $context;
+ detaint_natural($context)
+ || ThrowUserError("invalid_context", { context => $orig_context });
}
return $context;
# Get the filehandle of the attachment.
my $data_fh = $cgi->upload('data');
+ my $attach_url = $cgi->param('attachurl');
my $attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
- data => scalar $cgi->param('attachurl') || $data_fh,
+ data => $attach_url || $data_fh,
description => scalar $cgi->param('description'),
- filename => $cgi->param('attachurl') ? '' : scalar $cgi->upload('data'),
+ filename => $attach_url ? '' : $data_fh,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
isurl => scalar $cgi->param('attachurl'),
# This is used in the "Zarroo Boogs" case.
elsif (my @product_input = $cgi->param('product')) {
if (scalar(@product_input) == 1 and $product_input[0] ne '') {
- $one_product = new Bugzilla::Product({ name => $cgi->param('product') });
+ $one_product = new Bugzilla::Product({ name => $product_input[0] });
}
}
# We only want the template to use it if the user can actually
if ($action eq 'del') {
# Check that an existing group ID is given
- my $group = Bugzilla::Group->check({ id => $cgi->param('group') });
+ my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') });
$group->check_remove({ test_only => 1 });
$vars->{'shared_queries'} =
$dbh->selectrow_array('SELECT COUNT(*)
if ($action eq 'delete') {
check_token_data($token, 'delete_group');
# Check that an existing group ID is given
- my $group = Bugzilla::Group->check({ id => $cgi->param('group') });
+ my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') });
$vars->{'name'} = $group->name;
$group->remove_from_db({
remove_from_users => scalar $cgi->param('removeusers'),
# after the bug is filed.
# Add an attachment if requested.
-if (defined($cgi->upload('data')) || $cgi->param('attachurl')) {
+my $data_fh = $cgi->upload('data');
+my $attach_url = $cgi->param('attachurl');
+
+if ($data_fh || $attach_url) {
$cgi->param('isprivate', $cgi->param('comment_is_private'));
# Must be called before create() as it may alter $cgi->param('ispatch').
$attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
- data => scalar $cgi->param('attachurl') || $cgi->upload('data'),
+ data => $attach_url || $data_fh,
description => scalar $cgi->param('description'),
- filename => $cgi->param('attachurl') ? '' : scalar $cgi->upload('data'),
+ filename => $attach_url ? '' : $data_fh,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
- isurl => scalar $cgi->param('attachurl'),
+ isurl => $attach_url,
mimetype => $content_type,
store_in_file => scalar $cgi->param('bigfile'),
});
if (!defined($value)) {
$value = '';
}
- push(@cols, { field => $cgi->param("field$chart-$row-$col"),
- type => $cgi->param("type$chart-$row-$col") || 'noop',
+ push(@cols, { field => scalar $cgi->param("field$chart-$row-$col"),
+ type => scalar $cgi->param("type$chart-$row-$col") || 'noop',
value => $value });
}
push(@rows, \@cols);
{
$credentials_provided = 1;
}
-
+
# Next, log in the user
my $user = Bugzilla->login(LOGIN_REQUIRED);
-
+
+ my $target_login = $cgi->param('target_login');
+ my $reason = $cgi->param('reason') || '';
+
# At this point, the user is logged in. However, if they used a method
# where they could have provided a username/password (i.e. CGI), but they
# did not provide a username/password, then throw an error.
if ($user->authorizer->can_login && !$credentials_provided) {
ThrowUserError('sudo_password_required',
- { target_login => $cgi->param('target_login'),
- reason => $cgi->param('reason')});
+ { target_login => $target_login, reason => $reason });
}
-
+
# The user must be in the 'bz_sudoers' group
unless ($user->in_group('bz_sudoers')) {
ThrowUserError('auth_failure', { group => 'bz_sudoers',
&& ($token_data eq 'sudo_prepared'))
{
ThrowUserError('sudo_preparation_required',
- { target_login => scalar $cgi->param('target_login'),
- reason => scalar $cgi->param('reason')});
+ { target_login => $target_login, reason => $reason });
}
delete_token($cgi->param('token'));
# Get & verify the target user (the user who we will be impersonating)
- my $target_user =
- new Bugzilla::User({ name => $cgi->param('target_login') });
+ my $target_user = new Bugzilla::User({ name => $target_login });
unless (defined($target_user)
&& $target_user->id
&& $user->can_see_user($target_user))
{
- ThrowUserError('user_match_failed',
- { 'name' => $cgi->param('target_login') }
- );
+ ThrowUserError('user_match_failed', { name => $target_login });
}
if ($target_user->in_group('bz_sudo_protect')) {
ThrowUserError('sudo_protected', { login => $target_user->login });
}
- # If we have a reason passed in, keep it under 200 characters
- my $reason = $cgi->param('reason') || '';
- $reason = substr($reason, $[, 200);
-
# Calculate the session expiry time (T + 6 hours)
my $time_string = time2str('%a, %d-%b-%Y %T %Z', time + MAX_SUDO_TOKEN_AGE, 'GMT');
# For the present, change the values of Bugzilla::user & Bugzilla::sudoer
Bugzilla->sudo_request($target_user, $user);
-
+
# NOTE: If you want to log the start of an sudo session, do it here.
+ # If we have a reason passed in, keep it under 200 characters
+ $reason = substr($reason, $[, 200);
+
# Go ahead and send out the message now
my $message;
my $mail_template = Bugzilla->template_inner($target_user->settings->{'lang'}->{'value'});
],
'global/messages.html.tmpl' => [
- 'message_tag',
'series.frequency * 2',
],
[% IF !message %]
[% message = BLOCK %]
You are using [% terms.Bugzilla %]'s messaging functions incorrectly. You
- passed in the string '[% message_tag %]'. The correct use is to pass
+ passed in the string '[% message_tag FILTER html %]'. The correct use is to pass
in a tag, and define that tag in the file messages.html.tmpl.<br>
<br>
If you are a [% terms.Bugzilla %] end-user seeing this message, please
my $otheruser = Bugzilla::User->create({
login_name => $login_name,
- realname => $cgi->param('realname'),
+ realname => scalar $cgi->param('realname'),
cryptpassword => $password});
# Now delete this token.
projects / thirdparty / bugzilla.git / commitdiff
