Bug 151053, ConnectToDatabase/quietly_check_login sometimes not called

early enough
r=mattyt, jouni

diff --git a/buglist.cgi b/buglist.cgi
index d64244d84dc2338cba08fe9d311339451c451c82..5294899ecd4bc29d5cee2b64f4fdc0219d5f5f94 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -66,14 +66,28 @@ ConnectToDatabase();
 # Data and Security Validation
 ################################################################################
 
+# Whether or not the user wants to change multiple bugs.
+my $dotweak = $::FORM{'tweak'} ? 1 : 0;
+
+# Log the user in
+if ($dotweak) {
+    confirm_login();
+    if (!UserInGroup("editbugs")) {
+        DisplayError("Sorry, you do not have sufficient privileges to edit
+                      multiple bugs.");
+        exit;
+    }
+    GetVersionTable();
+}
+else {
+    quietly_check_login();
+}
+
 # Determine the format in which the user would like to receive the output.
 # Uses the default format if the user did not specify an output format;
 # otherwise validates the user's choice against the list of available formats.
 my $format = ValidateOutputFormat($::FORM{'format'}, "list");
 
-# Whether or not the user wants to change multiple bugs.
-my $dotweak = $::FORM{'tweak'} ? 1 : 0;
-
 # Use server push to display a "Please wait..." message for the user while
 # executing their query if their browser supports it and they are viewing
 # the bug list as HTML and they have not disabled it by adding &serverpush=0
@@ -137,20 +151,6 @@ if ($::FORM{'cmdtype'} eq 'runnamed') {
     $filename =~ s/\s//;
 }
 
-if ($dotweak) {
-    confirm_login();
-    if (!UserInGroup("editbugs")) {
-        DisplayError("Sorry, you do not have sufficient privileges to edit
-                      multiple bugs.");
-        exit;
-    }
-    GetVersionTable();
-}
-else {
-    quietly_check_login();
-}
-
-
 ################################################################################
 # Utilities
 ################################################################################

diff --git a/colchange.cgi b/colchange.cgi
index 5e6857724b563589be3e5b62e80ca01f1c79f1eb..64dd9c4a5dcbab48490149197032f31da78bf2b8 100755 (executable)
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -34,6 +34,7 @@ use vars qw(
 
 require "CGI.pl";
 
+ConnectToDatabase();
 quietly_check_login();
 
 print "Content-type: text/html\n";
@@ -41,7 +42,6 @@ print "Content-type: text/html\n";
 # The master list not only says what fields are possible, but what order
 # they get displayed in.
 
-ConnectToDatabase();
 GetVersionTable();
 
 my @masterlist = ("opendate", "changeddate", "severity", "priority",

diff --git a/createaccount.cgi b/createaccount.cgi
index ff07da7829e497c0d31f36276647e314424221d7..577ab8dba69a2963d29b05714d29d40adbdd45f2 100755 (executable)
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -42,6 +42,9 @@ ConnectToDatabase();
 
 # If we're using LDAP for login, then we can't create a new account here.
 if(Param('useLDAP')) {
+  # Just in case someone already has an account, let them get the correct
+  # footer on the error message
+  quietly_check_login();
   DisplayError("This site is using LDAP for authentication.  Please contact 
                 an LDAP administrator to get a new account created.",
                "Can't create LDAP accounts");

diff --git a/describecomponents.cgi b/describecomponents.cgi
index 8ae98260b3b5a098944f71f0b259034600e17e39..2f723757e73a9c7c05a7035096e0906373582d5e 100755 (executable)
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -34,10 +34,10 @@ use lib qw(.);
 require "CGI.pl";
 
 ConnectToDatabase();
-GetVersionTable();
-
 quietly_check_login();
 
+GetVersionTable();
+
 if (!defined $::FORM{'product'}) {
     # Reference to a subset of %::proddesc, which the user is allowed to see
     my %products;

diff --git a/doeditparams.cgi b/doeditparams.cgi
index 7390333c0d51ab33bd6c16bda48eb191381d3839..3e97e140bc06d4d527a69d352c8d772c294cf136 100755 (executable)
--- a/doeditparams.cgi
+++ b/doeditparams.cgi
@@ -33,7 +33,7 @@ use vars %::param,
     %::param_default,
     @::param_list;
 
-
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editcomponents.cgi b/editcomponents.cgi
index f48566906209a84c48e0dacf4ef8ff4d44106fa4..4f76593df6679b4c9283577d4176ed75925e9c66 100755 (executable)
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -188,6 +188,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editgroups.cgi b/editgroups.cgi
index fe8b32ff7cba68821068e6f388220c0ea69ed7e0..9c93363c00b272b8568f5fd0f4c363daeeb3fad6 100755 (executable)
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -29,6 +29,7 @@ use lib ".";
 
 require "CGI.pl";
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editkeywords.cgi b/editkeywords.cgi
index 4b6f7635677fe47336649f9b3b4af0ca2f3ba90b..51294206dcb11aef5d7ebb2a1d93084dc0d95f1a 100755 (executable)
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -108,6 +108,7 @@ sub Validate ($$) {
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editmilestones.cgi b/editmilestones.cgi
index 63e27b440e53f5d746da7d46776f011ad2157c67..fccf7253362c937c41614b879553b0ba8a867292 100755 (executable)
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -146,6 +146,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editparams.cgi b/editparams.cgi
index dc6febb957ce9606913c9f84263f97bfb689853f..40f5ad537bf69c95d15b7b1adaf22eb1a1256cb5 100755 (executable)
--- a/editparams.cgi
+++ b/editparams.cgi
@@ -32,6 +32,7 @@ require "defparams.pl";
 use vars @::param_desc,
     @::param_list;
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editproducts.cgi b/editproducts.cgi
index 611a9810011dc4059785defa6178a0f6e4d4937b..1b3441a8a3904dac5169a21a1110e837ebae07e1 100755 (executable)
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -175,6 +175,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editusers.cgi b/editusers.cgi
index ebc07f2e40dd6579a7d853d057bcdc6af40fc93e..f9800c704a818928db585cd23e2c70d52b1dca25 100755 (executable)
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -231,6 +231,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/editversions.cgi b/editversions.cgi
index fafdb5683aef6e0f2ea9fcbcf105bad917022e4d..950d597a798fe752dac6b166b5e973d6dadb0f49 100755 (executable)
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -155,6 +155,7 @@ sub PutTrailer (@)
 # Preliminary checks:
 #
 
+ConnectToDatabase();
 confirm_login();
 
 print "Content-type: text/html\n\n";

diff --git a/move.pl b/move.pl
index b20ee528ba72c5d67e3bec13ad12b8d5d0888b2a..66a75f95fbb77857d4bdba2504568411703c3fd2 100755 (executable)
--- a/move.pl
+++ b/move.pl
@@ -37,6 +37,7 @@ unless ( Param("move-enabled") ) {
 }
 
 ConnectToDatabase();
+confirm_login();
 
 sub Log {
     my ($str) = (@_);
@@ -80,7 +81,6 @@ if ( !defined $::FORM{'buglist'} ) {
   exit;
 }
 
-confirm_login();
 my $exporter = $::COOKIE{"Bugzilla_login"};
 my $movers = Param("movers");
 $movers =~ s/\w?,\w?/|/g;

diff --git a/post_bug.cgi b/post_bug.cgi
index c04e34db0f44a556d047d91a1e1ac4ad91920910..fe08711911a9175efc5715ff7cccee91b3f1baca 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -50,6 +50,7 @@ sub sillyness {
 # Use global template variables.
 use vars qw($vars $template);
 
+ConnectToDatabase();
 confirm_login();
 
 
@@ -89,7 +90,6 @@ if (defined $::FORM{'maketemplate'}) {
 }
 
 umask 0;
-ConnectToDatabase();
 
 # Some sanity checking
 if(Param("usebuggroupsentry") && GroupExists($product)) {

diff --git a/process_bug.cgi b/process_bug.cgi
index e64cdac76d1fc8e0ba9b6bf3e5f5e9b5870d62a4..db19916a35b77c60b8a5a57753c0c759162d144d 100755 (executable)
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -53,6 +53,7 @@ use vars qw(%versions
           %superusergroupset
           $next_bug);
 
+ConnectToDatabase();
 my $whoid = confirm_login();
 
 my $requiremilestone = 0;
@@ -124,8 +125,6 @@ if ( Param("usetargetmilestone") ) {
   CheckFormFieldDefined(\%::FORM, 'target_milestone');
 }
 
-ConnectToDatabase();
-
 #
 # This function checks if there is a comment required for a specific
 # function and tests, if the comment was given.

diff --git a/queryhelp.cgi b/queryhelp.cgi
index 3b2da379fda7cf858173f70e3351c48c24665b86..48a4e08552c3249163c50a6a62e111a59048d240 100755 (executable)
--- a/queryhelp.cgi
+++ b/queryhelp.cgi
@@ -32,6 +32,8 @@ use lib qw(.);
 require "CGI.pl";
 
 ConnectToDatabase();
+quietly_check_login();
+
 GetVersionTable();
 
 print "Content-type: text/html\n\n";
@@ -558,8 +560,6 @@ user with the proper permissions can edit these keywords. The following is a lis
 stored on this version of Bugzilla:
 };
 
-ConnectToDatabase();
-
 my $tableheader = qq{
 <p><table border="1" cellpadding="4" cellspacing="0">
 <tr bgcolor="#6666FF">
@@ -609,7 +609,6 @@ while (MoreSQLData()) {
 
 print "</table><p>\n";
 
-quietly_check_login();
 
 if (UserInGroup("editkeywords")) {
     print qq{<p><a href="editkeywords.cgi">Edit keywords</a>\n};

diff --git a/quips.cgi b/quips.cgi
index e685fb2070c36d94597a296d1df23f2139869fef..7441f51fc1979aa8cd2dcafc5154ca38efcd9074 100755 (executable)
--- a/quips.cgi
+++ b/quips.cgi
@@ -34,6 +34,11 @@ use lib qw(.);
 
 require "CGI.pl";
 
+# Even though quips aren't (yet) in the database, we need to check
+# logins for the footer
+ConnectToDatabase();
+quietly_check_login();
+
 my $action = $::FORM{'action'} || "";
 
 if ($action eq "show") {

diff --git a/sidebar.cgi b/sidebar.cgi
index 2f1b92a6910e2050f5d11d5ac6e622ee8a74d507..a7e0587f58d3d44264ee6b6cd1020c378379de96 100755 (executable)
--- a/sidebar.cgi
+++ b/sidebar.cgi
@@ -29,13 +29,11 @@ use vars qw(
 );
 
 ConnectToDatabase();
+quietly_check_login();
 
 # Needed for $::anyvotesallowed
 GetVersionTable();
 
-# Check to see if the user has logged in yet.
-quietly_check_login();
-
 ###############################################################################
 # Main Body Execution
 ###############################################################################

diff --git a/token.cgi b/token.cgi
index e1ae0b35b3e2fc5c3bf59d215ba3c50dd34db93c..72406223f3745885022390a8e11ed1d8a7bbea4c 100755 (executable)
--- a/token.cgi
+++ b/token.cgi
@@ -37,6 +37,7 @@ require "CGI.pl";
 
 # Establish a connection to the database backend.
 ConnectToDatabase();
+quietly_check_login();
 
 # Use the "Token" module that contains functions for doing various
 # token-related tasks.

diff --git a/userprefs.cgi b/userprefs.cgi
index 2205dd61a17da5b88e4600d984eb1d53fdf1ba79..6490088644972d52ff1b77dc9358ebbd0b0a8233 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -359,6 +359,8 @@ sub DoPermissions {
 ###############################################################################
 # Live code (not subroutine definitions) starts here
 ###############################################################################
+
+ConnectToDatabase();
 confirm_login();
 
 GetVersionTable();

diff --git a/xml.cgi b/xml.cgi
index f35a13cd9f70d4aeed4d46afc697796eb96bd72c..8a0bbf1e451e10ceb8372433b4f678c3dd120d51 100755 (executable)
--- a/xml.cgi
+++ b/xml.cgi
@@ -32,6 +32,9 @@ require "CGI.pl";
 
 use vars qw($template $vars);
 
+ConnectToDatabase();
+quietly_check_login();
+
 if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
     print "Content-Type: text/html\n\n";
     $template->process("bug/choose-xml.html.tmpl", $vars)
@@ -39,8 +42,6 @@ if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
     exit;
 }
 
-quietly_check_login();
-
 my $exporter = $::COOKIE{"Bugzilla_login"} || undef;
 
 my @ids = split (/[, ]+/, $::FORM{'id'});