+++ /dev/null
-#!/usr/bonsaitools/bin/perl -wT
-# -*- Mode: perl; indent-tabs-mode: nil -*-
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Bugzilla Bug Tracking System.
-#
-# The Initial Developer of the Original Code is Netscape Communications
-# Corporation. Portions created by Netscape are
-# Copyright (C) 1998 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s): Terry Weissman <terry@mozilla.org>
-# Christopher Aillon <christopher@aillon.com>
-
-use diagnostics;
-use strict;
-
-use lib qw(.);
-
-require "CGI.pl";
-
-ConnectToDatabase();
-
-confirm_login();
-
-######################################################################
-# Begin Data/Security Validation
-######################################################################
-
-# Build a list of bug IDs for which votes have been submitted. Votes
-# are submitted in form fields in which the field names are the bug
-# IDs and the field values are the number of votes.
-my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM);
-
-# If no bugs are in the buglist, let's make sure the user gets notified
-# that their votes will get nuked if they continue.
-if (0 == @buglist) {
- if (! defined $::FORM{'delete_all_votes'}) {
- print "Content-type: text/html\n\n";
- PutHeader("Remove your votes?");
- print "<p>You are about to remove all of your bug votes. Are you sure you wish to remove your vote from every bug you've voted on?</p>";
- print qq{<form action="doeditvotes.cgi" method="post">\n};
- print qq{<p><input type="radio" name="delete_all_votes" value="1"> Yes</p>\n};
- print qq{<p><input type="radio" name="delete_all_votes" value="0" checked="checked"> No</p>\n};
- print qq{<p><a href="showvotes.cgi">Review your votes</a></p>\n};
- print qq{<p><input type="submit" value="Submit"></p></form>\n};
- PutFooter();
- exit();
- }
- elsif ($::FORM{'delete_all_votes'} == 0) {
- print "Location: showvotes.cgi\n\n";
- exit();
- }
-}
-
-# Call ValidateBugID on each bug ID to make sure it is a positive
-# integer representing an existing bug that the user is authorized
-# to access, and make sure the number of votes submitted is also
-# a non-negative integer (a series of digits not preceded by a
-# minus sign).
-foreach my $id (@buglist) {
- ValidateBugID($id);
-}
-
-######################################################################
-# End Data/Security Validation
-######################################################################
-
-print "Content-type: text/html\n\n";
-
-GetVersionTable();
-
-my $who = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'});
-
-if ( (! defined $who) || (!$who) ) {
- PutHeader("Bad login.");
- print qq|
- The login info got confused. Please <a href="query.cgi?GoAheadAndLogIn=1">log
- in</a> (again) and try again.\n|;
- PutFooter();
- exit();
-}
-
-# If the user is voting for bugs, make sure they aren't overstuffing
-# the ballot box.
-if (scalar(@buglist)) {
- SendSQL("SELECT bugs.bug_id, bugs.product, products.maxvotesperbug " .
- "FROM bugs, products " .
- "WHERE products.product = bugs.product ".
- " AND bugs.bug_id IN (" . join(", ", @buglist) . ")");
-
- my %prodcount;
-
- while (MoreSQLData()) {
- my ($id, $prod, $max) = (FetchSQLData());
- if (!defined $prodcount{$prod}) {
- $prodcount{$prod} = 0;
- }
- $prodcount{$prod} += $::FORM{$id};
- if ($::FORM{$id} > $max) {
- PutHeader("Don't overstuff!", "Illegal vote");
- print "You may only use at most $max votes for a single bug in the\n";
- print "<tt>$prod</tt> product, but you are trying to use $::FORM{$id}.\n";
- print "<P>Please click <b>Back</b> and try again.<hr>\n";
- PutFooter();
- exit();
- }
- }
-
- foreach my $prod (keys(%prodcount)) {
- if ($prodcount{$prod} > $::prodmaxvotes{$prod}) {
- PutHeader("Don't overstuff!", "Illegal vote");
- print "You may only use $::prodmaxvotes{$prod} votes for bugs in the\n";
- print "<tt>$prod</tt> product, but you are trying to use $prodcount{$prod}.\n";
- print "<P>Please click <b>Back</b> and try again.<hr>\n";
- PutFooter();
- exit();
- }
- }
-}
-
-# Update the user's votes in the database. If the user did not submit
-# any votes, they may be using a form with checkboxes to remove all their
-# votes (checkboxes are not submitted along with other form data when
-# they are not checked, and Bugzilla uses them to represent single votes
-# for products that only allow one vote per bug). In that case, we still
-# need to clear the user's votes from the database.
-my %affected;
-SendSQL("lock tables bugs write, votes write");
-SendSQL("select bug_id from votes where who = $who");
-while (MoreSQLData()) {
- my $id = FetchOneColumn();
- $affected{$id} = 1;
-}
-SendSQL("delete from votes where who = $who");
-foreach my $id (@buglist) {
- if (detaint_natural($::FORM{$id}) && $::FORM{$id} > 0) {
- SendSQL("insert into votes (who, bug_id, count) values ($who, $id, $::FORM{$id})");
- }
- $affected{$id} = 1;
-}
-foreach my $id (keys %affected) {
- SendSQL("select sum(count) from votes where bug_id = $id");
- my $v = FetchOneColumn();
- $v ||= 0;
- SendSQL("update bugs set votes = $v, delta_ts=delta_ts where bug_id = $id");
-}
-SendSQL("unlock tables");
-
-
-PutHeader("Voting tabulated", "Voting tabulated", $::COOKIE{'Bugzilla_login'});
-print "Your votes have been recorded.\n";
-print qq{<p><a href="showvotes.cgi?user=$who">Review your votes</a><hr>\n};
-foreach my $id (keys %affected) {
- CheckIfVotedConfirmed($id, $who);
-}
-PutFooter();
-exit();
-
-
+++ /dev/null
-#!/usr/bonsaitools/bin/perl -wT
-# -*- Mode: perl; indent-tabs-mode: nil -*-
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Bugzilla Bug Tracking System.
-#
-# The Initial Developer of the Original Code is Netscape Communications
-# Corporation. Portions created by Netscape are
-# Copyright (C) 1998 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s): Terry Weissman <terry@mozilla.org>
-# Stephan Niemz <st.n@gmx.net>
-# Christopher Aillon <christopher@aillon.com>
-
-use diagnostics;
-use strict;
-
-use lib qw(.);
-
-require "CGI.pl";
-
-ConnectToDatabase();
-
-if (defined $::FORM{'voteon'} || (!defined $::FORM{'bug_id'} &&
- !defined $::FORM{'user'})) {
- confirm_login();
- $::FORM{'user'} = DBNameToIdAndCheck($::COOKIE{'Bugzilla_login'});
-} else {
- # Check whether or not the user is currently logged in without throwing
- # an error if the user is not logged in. This function sets the value
- # of $::usergroupset, the binary number that records the set of groups
- # to which the user belongs and which gets used in ValidateBugID below
- # to determine whether or not the user is authorized to access the bug
- # whose votes are being shown or which is being voted on.
- quietly_check_login();
-}
-
-################################################################################
-# Begin Data/Security Validation
-################################################################################
-
-# Make sure the bug ID is a positive integer representing an existing
-# bug that the user is authorized to access.
-if (defined $::FORM{'bug_id'}) {
- ValidateBugID($::FORM{'bug_id'});
-}
-
-# Make sure the bug ID being voted on is a positive integer representing
-# an existing bug that the user is authorized to access.
-if (defined $::FORM{'voteon'}) {
- ValidateBugID($::FORM{'voteon'});
-}
-
-# Make sure the user ID is a positive integer representing an existing user.
-if (defined $::FORM{'user'}) {
- detaint_natural($::FORM{'user'})
- || DisplayError("The user number is invalid.")
- && exit;
- SendSQL("SELECT 1 FROM profiles WHERE userid = $::FORM{'user'}");
- FetchSQLData()
- || DisplayError("User #$::FORM{'user'} does not exist.")
- && exit;
-}
-
-################################################################################
-# End Data/Security Validation
-################################################################################
-
-print "Content-type: text/html\n\n";
-
-if (defined $::FORM{'bug_id'}) {
- my $id = $::FORM{'bug_id'};
- my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>};
- PutHeader("Show votes", "Show votes", "Bug $linkedid");
- SendSQL("select profiles.login_name, votes.who, votes.count from votes, profiles where votes.bug_id = " . SqlQuote($id) . " and profiles.userid = votes.who");
- print "<table>\n";
- print "<tr><th>Who</th><th>Number of votes</th></tr>\n";
- my $sum = 0;
- while (MoreSQLData()) {
- my ($name, $userid, $count) = (FetchSQLData());
- print qq{<tr><td><a href="showvotes.cgi?user=$userid">$name</a></td><td align=right>$count</td></tr>\n};
- $sum += $count;
- }
- print "</table>";
- print "<p>Total votes: $sum<p>\n";
-} elsif (defined $::FORM{'user'}) {
- quietly_check_login();
- GetVersionTable();
- my $who = $::FORM{'user'};
- my $name = DBID_to_name($who);
- PutHeader("Show votes", "Show votes", $name);
- print qq{<form action="doeditvotes.cgi">\n};
- print "<table><tr><td></td><th>Bug \#</th><th>Summary</th><th>Votes</th></tr>\n";
- SendSQL("lock tables bugs read, products read, votes write");
- if (defined($::FORM{'voteon'})) {
- # Oh, boy, what a hack. Make sure there is an entry for this bug
- # in the vote table, just so that things display right.
- # Yuck yuck yuck.###
- SendSQL("select votes.count from votes where votes.bug_id = $::FORM{'voteon'} and votes.who = $who");
- if (!MoreSQLData()) {
- SendSQL("insert into votes (who, bug_id, count) values ($who, $::FORM{'voteon'}, 0)");
- }
- }
- my $canedit = (defined $::COOKIE{'Bugzilla_login'} &&
- $::COOKIE{'Bugzilla_login'} eq $name);
- my %maxvotesperbug;
- if( $canedit ) {
- SendSQL("SELECT products.product, products.maxvotesperbug FROM products");
- while (MoreSQLData()) {
- my ($prod, $max) = (FetchSQLData());
- $maxvotesperbug{$prod}= $max;
- }
- }
- foreach my $product (sort(keys(%::prodmaxvotes))) {
- if ($::prodmaxvotes{$product} <= 0) {
- next;
- }
- my $qprod = value_quote($product);
- SendSQL("select votes.bug_id, votes.count, bugs.short_desc, bugs.bug_status from votes, bugs where votes.who = $who and votes.bug_id = bugs.bug_id and bugs.product = " . SqlQuote($product) . "order by votes.bug_id");
- next if !MoreSQLData(); # don't show products without any votes
- my $sum = 0;
- print "<tr><th>$product</th></tr>";
- while (MoreSQLData()) {
- my ($id, $count, $summary, $status) = (FetchSQLData());
- if (!defined $status) {
- next;
- }
- my $opened = IsOpenedState($status);
- my $strike = $opened ? "" : "<strike>";
- my $endstrike = $opened ? "" : "</strike>";
- $summary = html_quote($summary);
- $sum += $count;
- if ($canedit) {
- my $min = min($::prodmaxvotes{$product}, $maxvotesperbug{$product});
- if ($min < 2) { # checkbox
- my $checked = $count ? ' checked="checked"' : '';
- $count = qq{<input type="checkbox" name="$id" value="1"$checked>};
- }
- else { # text input
- my $maxlength = length $min;
- $count = qq{<input name="$id" value="$count" size="$maxlength" maxlength="$maxlength">};
- }
- }
- print qq{
-<tr>
-<td></td>
-<td>$strike<a href="showvotes.cgi?bug_id=$id">$id</a>$endstrike</td>
-<td><a href="show_bug.cgi?id=$id">$summary</a></td>
-<td align="right">$count</td>
-</tr>
-};
- }
- my $plural = (($sum == 1) ? "" : "s");
- print "<td colspan=3>$sum vote$plural used out of\n";
- print "$::prodmaxvotes{$product} allowed.</td>\n";
- }
- print "</table>\n";
- if ($canedit) {
- print qq{<input type=submit value="Submit">\n};
- print "<br>To change your votes, type in new numbers (using zero to\n";
- print "mean no votes) or change the checkbox, and then click <b>Submit</b>.\n";
- }
- print "<input type=hidden name=who value=$who>";
- print "</form>\n";
- SendSQL("delete from votes where count <= 0");
- SendSQL("unlock tables");
-}
-
-print qq{<a href="votehelp.html">Help! I don't understand this voting stuff</a>};
-
-PutFooter();
projects / thirdparty / bugzilla.git / commitdiff
