sub query_database {
my ($vars) = @_;
+ my $cgi = Bugzilla->cgi;
+ my $user = Bugzilla->user;
+ my $template = Bugzilla->template;
# validate group membership
- my $user = Bugzilla->user;
$user->in_group('query_database')
|| ThrowUserError('auth_failure', { group => 'query_database',
action => 'access',
$vars->{query} = $query;
if ($query) {
+ # Only allow POST requests
+ if ($cgi->request_method ne 'POST') {
+ ThrowCodeError('illegal_request_method',
+ { method => $cgi->request_method, accepted => ['POST'] });
+ }
+
check_hash_token($input->{token}, ['query_database']);
trick_taint($query);
$vars->{executed} = 1;
# return results
$vars->{columns} = $columns;
$vars->{rows} = $rows;
+
+ if ($input->{csv}) {
+ print $cgi->header(-type=> 'text/csv',
+ -content_disposition=> "attachment; filename=\"query_database.csv\"");
+ $template->process("pages/query_database.csv.tmpl", $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+ }
}
}
--- /dev/null
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ #
+ # This Source Code Form is "Incompatible With Secondary Licenses", as
+ # defined by the Mozilla Public License, v. 2.0.
+ #%]
+
+[% IF error == "illegal_request_method" %]
+ [% title = "Illegal Request Method" %]
+ The request method '[% method FILTER html %]' is not allowed.
+ Legal methods are '[% accepted.join(', ') FILTER html %]'.
+[% END %]
--- /dev/null
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Netscape Communications
+ # Corporation. Portions created by Netscape are
+ # Copyright (C) 1998 Netscape Communications Corporation. All
+ # Rights Reserved.
+ #
+ # Contributor(s): Myk Melez <myk@mozilla.org>
+ # Gervase Markham <gerv@gerv.net>
+ # miketosh
+ #%]
+
+[% colsepchar = user.settings.csv_colsepchar.value %]
+
+[% FOREACH column = columns %]
+ [% column FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %]
+[% END %]
+
+[% FOREACH row = rows %]
+ [% FOREACH value = row %]
+ [% value FILTER csv %][% colsepchar FILTER none UNLESS loop.last() %]
+ [% END %]
+
+[% END %]
%]
<form method="post" action="page.cgi">
-<input type="hidden" name="id" value="query_database.html">
-<textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br>
-<input type="submit" value="Execute">
-<input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]">
+ <input type="hidden" name="id" value="query_database.html">
+ <textarea cols="80" rows="10" name="query">[% query FILTER html %]</textarea><br>
+ <input type="checkbox" id="csv" name="csv" value="1"><label for="csv">Ouput as CSV</label><br><br>
+ <input type="submit" value="Execute">
+ <input type="hidden" name="token" value="[% issue_hash_token(['query_database']) FILTER html %]">
</form>
[% IF executed %]
projects / thirdparty / bugzilla.git / commitdiff
