From: terry%mozilla.org <>
Date: Mon, 24 Jan 2000 04:31:48 +0000 (+0000)
Subject: Named queries (and the default query) are now stored server side, in
X-Git-Tag: bugzilla-2.12~424
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45aea99cbc8a4fb8abd7502af28d1bd9e8b4ef3a;p=thirdparty%2Fbugzilla.git

Named queries (and the default query) are now stored server side, in
the database, rather than in cookies.  This means you have to log
in to use these features, but I have plans that require them to be
server-side.  (Besides, some people were beginning to run out of
cookie space.)
---

diff --git a/buglist.cgi b/buglist.cgi
index 075f0dd9c8..1c3fffc689 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -27,18 +27,24 @@ use strict;
 require "CGI.pl";
 use Date::Parse;
 
-use vars %::MFORM,
-    @::components,
-    @::default_column_list,
-    @::keywordsbyname,
-    @::legal_keywords,
-    @::legal_platform,
-    @::legal_priority,
-    @::legal_product,
-    @::legal_resolution_no_dup,
-    @::legal_severity,
-    @::legal_target_milestone,
-    @::versions;
+# Shut up misguided -w warnings about "used only once".  "use vars" just
+# doesn't work for me.
+
+sub sillyness {
+    my $zz;
+    $zz = $::defaultqueryname;
+    $zz = @::components;
+    $zz = @::default_column_list;
+    $zz = @::keywordsbyname;
+    $zz = @::legal_keywords;
+    $zz = @::legal_platform;
+    $zz = @::legal_priority;
+    $zz = @::legal_product;
+    $zz = @::legal_resolution_no_dup;
+    $zz = @::legal_severity;
+    $zz = @::legal_target_milestone;
+    $zz = @::versions;
+};
 
 
 
@@ -51,73 +57,99 @@ if (!defined $::FORM{'cmdtype'}) {
     $::FORM{'cmdtype'} = 'doit';
 }
 
+sub LookupNamedQuery {
+    my ($name) = (@_);
+    confirm_login();
+    my $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"});
+    SendSQL("SELECT query FROM namedqueries " .
+            "WHERE userid = $userid AND name = " . SqlQuote($name));
+    my $result = FetchOneColumn();
+    if (!defined $result) {
+        print "Content-type: text/html\n\n";
+        PutHeader("Something weird happened");
+        print qq{The named query $name seems to no longer exist.};
+        PutFooter();
+        exit;
+    }
+    return $result;
+}
+
+
+        
+
+
 CMD: for ($::FORM{'cmdtype'}) {
     /^runnamed$/ && do {
-        $::buffer = $::COOKIE{"QUERY_" . $::FORM{"namedcmd"}};
+        $::buffer = LookupNamedQuery($::FORM{"namedcmd"});
         ProcessFormFields($::buffer);
         last CMD;
     };
     /^editnamed$/ && do {
-	my $url = "query.cgi?" . $::COOKIE{"QUERY_" . $::FORM{"namedcmd"}};
-        print "Content-type: text/html
+	my $url = "query.cgi?" . LookupNamedQuery($::FORM{"namedcmd"});
+        print qq{Content-type: text/html
 Refresh: 0; URL=$url
 
 <TITLE>What a hack.</TITLE>
-Loading your query named <B>$::FORM{'namedcmd'}</B>...
-";
+<A HREF="$url">Loading your query named <B>$::FORM{'namedcmd'}</B>...</A>
+};
         exit;
     };
     /^forgetnamed$/ && do {
-        print "Set-Cookie: QUERY_" . $::FORM{'namedcmd'} . "= ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT
-Content-type: text/html
+        confirm_login();
+        my $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"});
+        SendSQL("DELETE FROM namedqueries WHERE userid = $userid " .
+                "AND name = " . SqlQuote($::FORM{'namedcmd'}));
+        
+        print "Content-type: text/html\n\n";
+        PutHeader("Forget what?", "");
 
-<HTML>
-<TITLE>Forget what?</TITLE>
+        print qq{
 OK, the <B>$::FORM{'namedcmd'}</B> query is gone.
 <P>
-<A HREF=query.cgi>Go back to the query page.</A>
-";
-        PutFooter();
-        exit;
-    };
-    /^asnamed$/ && do {
-        if ($::FORM{'newqueryname'} =~ /^[a-zA-Z0-9_ ]+$/) {
-    print "Set-Cookie: QUERY_" . $::FORM{'newqueryname'} . "=$::buffer ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT
-Content-type: text/html
-
-<HTML>
-<TITLE>OK, done.</TITLE>
-OK, you now have a new query named <B>$::FORM{'newqueryname'}</B>.
-
-<P>
-
-<A HREF=query.cgi>Go back to the query page.</A>
-";
-        } else {
-            print "Content-type: text/html
-
-<HTML>
-<TITLE>Picky, picky.</TITLE>
-Query names can only have letters, digits, spaces, or underbars.  You entered 
-\"<B>$::FORM{'newqueryname'}</B>\", which doesn't cut it.
-<P>
-Click the <B>Back</B> button and type in a valid name for this query.
-";
-        }
+<A HREF="query.cgi">Go back to the query page.</A>
+};
         PutFooter();
         exit;
     };
     /^asdefault$/ && do {
-        print "Set-Cookie: DEFAULTQUERY=$::buffer ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT
-Content-type: text/html
-
-<HTML>
-<TITLE>OK, default is set.</TITLE>
+        confirm_login();
+        my $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"});
+        print "Content-type: text/html\n\n";
+        SendSQL("REPLACE INTO namedqueries (userid, name, query) VALUES " .
+                "($userid, '$::defaultqueryname'," .
+                SqlQuote($::buffer) . ")");
+        PutHeader("OK, default is set");
+        print qq{
 OK, you now have a new default query.  You may also bookmark the result of any
 individual query.
 
-<P><A HREF=query.cgi>Go back to the query page, using the new default.</A>
-";
+<P><A HREF="query.cgi">Go back to the query page, using the new default.</A>
+};
+        PutFooter();
+        exit();
+    };
+    /^asnamed$/ && do {
+        confirm_login();
+        my $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"});
+        print "Content-type: text/html\n\n";
+        my $name = trim($::FORM{'newqueryname'});
+        if ($name eq "" || $name =~ /[<>&]/) {
+            PutHeader("Please pick a valid name for your new query");
+            print "Click the <B>Back</B> button and type in a valid name\n";
+            print "for this query.  (Query names should not contain unusual\n";
+            print "characters.)\n";
+            PutFooter();
+            exit();
+        }
+        SendSQL("REPLACE INTO namedqueries (userid, name, query) VALUES " .
+                "($userid, " . SqlQuote($name) .
+                ", " . SqlQuote($::buffer) . ")");
+        PutHeader("OK, query saved.");
+        print qq{
+OK, you have a new query named <code>$name</code>
+<P>
+<BR><A HREF="query.cgi">Go back to the query page</A>
+};
         PutFooter();
         exit;
     };
@@ -256,7 +288,7 @@ if ($::FORM{'regetlastlist'}) {
 Sorry, I seem to have lost the cookie that recorded the results of your last
 query.  You will have to start over at the <A HREF="query.cgi">query page</A>.
 };
-        PutTrailer();
+        PutFooter();
         exit;
     }
     my @list = split(/:/, $::COOKIE{'BUGLIST'});
diff --git a/checksetup.pl b/checksetup.pl
index 567c88be97..699ed8138e 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -673,6 +673,15 @@ $table{profiles} =
     unique(login_name)';
 
 
+$table{namedqueries} =
+    'userid mediumint not null,
+     name varchar(64) not null,
+     watchfordiffs tinyint not null,
+     query mediumtext not null,
+
+     unique(userid, name),
+     index(watchfordiffs)';
+
 # This isn't quite cooked yet...
 #
 #  $table{diffprefs} =
diff --git a/globals.pl b/globals.pl
index 5bc48e754d..0eab73d63d 100644
--- a/globals.pl
+++ b/globals.pl
@@ -59,6 +59,7 @@ $::param{'version'} = '2.9';
 
 $::dontchange = "--do_not_change--";
 $::chooseone = "--Choose_one:--";
+$::defaultqueryname = "(Default query) ";
 
 sub ConnectToDatabase {
     if (!defined $::db) {
diff --git a/query.cgi b/query.cgi
index 2abb98a420..0b6d0b67b4 100755
--- a/query.cgi
+++ b/query.cgi
@@ -56,84 +56,134 @@ if (defined $::FORM{"GoAheadAndLogIn"}) {
     # We got here from a login page, probably from relogin.cgi.  We better
     # make sure the password is legit.
     confirm_login();
+} else {
+    quietly_check_login();
+}
+my $userid = 0;
+if (defined $::COOKIE{"Bugzilla_login"}) {
+    $userid = DBNameToIdAndCheck($::COOKIE{"Bugzilla_login"});
 }
 
-if ($::FORM{'nukedefaultquery'}) {
-    print "Set-Cookie: DEFAULTQUERY= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
-    delete $::COOKIE{"DEFAULTQUERY"};
-    $::buffer = "";
+# Backwards compatability hack -- if there are any of the old QUERY_*
+# cookies around, and we are logged in, then move them into the database
+# and nuke the cookie.
+if ($userid) {
+    my @oldquerycookies;
+    foreach my $i (keys %::COOKIE) {
+        if ($i =~ /^QUERY_(.*)$/) {
+            push(@oldquerycookies, [$1, $i, $::COOKIE{$i}]);
+        }
+    }
+    if (defined $::COOKIE{'DEFAULTQUERY'}) {
+        push(@oldquerycookies, [$::defaultqueryname, 'DEFAULTQUERY',
+                                $::COOKIE{'DEFAULTQUERY'}]);
+    }
+    if (@oldquerycookies) {
+        foreach my $ref (@oldquerycookies) {
+            my ($name, $cookiename, $value) = (@$ref);
+            if ($value) {
+                my $qname = SqlQuote($name);
+                SendSQL("SELECT query FROM namedqueries " .
+                        "WHERE userid = $userid AND name = $qname");
+                my $query = FetchOneColumn();
+                if (!$query) {
+                    SendSQL("REPLACE INTO namedqueries " .
+                            "(userid, name, query) VALUES " .
+                            "($userid, $qname, " . SqlQuote($value) . ")");
+                }
+            }
+            print "Set-Cookie: $cookiename= ; path=/ ; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
+        }
+    }
 }
+                
 
 
-my $userdefaultquery = 1;
-if (!defined $::COOKIE{"DEFAULTQUERY"}) {
-    $userdefaultquery = 0;
-    $::COOKIE{"DEFAULTQUERY"} = Param("defaultquery");
-}
 
-if (!defined $::buffer || $::buffer eq "") {
-    $::buffer = $::COOKIE{"DEFAULTQUERY"};
+if ($::FORM{'nukedefaultquery'}) {
+    if ($userid) {
+        SendSQL("DELETE FROM namedqueries " .
+                "WHERE userid = $userid AND name = '$::defaultqueryname'");
+    }
+    $::buffer = "";
 }
 
-use vars qw(%default);
-my %type;
 
-foreach my $name ("bug_status", "resolution", "assigned_to", "rep_platform",
-                  "priority", "bug_severity", "product", "reporter", "op_sys",
-                  "component", "version", "chfield", "chfieldfrom",
-                  "chfieldto", "chfieldvalue",
-                  "email1", "emailtype1", "emailreporter1",
-                  "emailassigned_to1", "emailcc1", "emailqa_contact1",
-                  "emaillongdesc1",
-                  "email2", "emailtype2", "emailreporter2",
-                  "emailassigned_to2", "emailcc2", "emailqa_contact2",
-                  "emaillongdesc2",
-                  "changedin", "votes", "short_desc", "short_desc_type",
-                  "long_desc", "long_desc_type", "bug_file_loc",
-                  "bug_file_loc_type", "status_whiteboard",
-                  "status_whiteboard_type", "keywords") {
-    $default{$name} = "";
-    $type{$name} = 0;
+my $userdefaultquery;
+if ($userid) {
+    SendSQL("SELECT query FROM namedqueries " .
+            "WHERE userid = $userid AND name = '$::defaultqueryname'");
+    $userdefaultquery = FetchOneColumn();
 }
 
+my %default;
+my %type;
 
-foreach my $item (split(/\&/, $::buffer)) {
-    my @el = split(/=/, $item);
-    my $name = $el[0];
-    my $value;
-    if ($#el > 0) {
-        $value = url_decode($el[1]);
-    } else {
-        $value = "";
+sub ProcessFormStuff {
+    my ($buf) = (@_);
+    my $foundone = 0;
+    foreach my $name ("bug_status", "resolution", "assigned_to",
+                      "rep_platform", "priority", "bug_severity",
+                      "product", "reporter", "op_sys",
+                      "component", "version", "chfield", "chfieldfrom",
+                      "chfieldto", "chfieldvalue",
+                      "email1", "emailtype1", "emailreporter1",
+                      "emailassigned_to1", "emailcc1", "emailqa_contact1",
+                      "emaillongdesc1",
+                      "email2", "emailtype2", "emailreporter2",
+                      "emailassigned_to2", "emailcc2", "emailqa_contact2",
+                      "emaillongdesc2",
+                      "changedin", "votes", "short_desc", "short_desc_type",
+                      "long_desc", "long_desc_type", "bug_file_loc",
+                      "bug_file_loc_type", "status_whiteboard",
+                      "status_whiteboard_type", "keywords") {
+        $default{$name} = "";
+        $type{$name} = 0;
     }
-    if (defined $default{$name}) {
-        if ($default{$name} ne "") {
-            $default{$name} .= "|$value";
-            $type{$name} = 1;
+
+
+    foreach my $item (split(/\&/, $buf)) {
+        my @el = split(/=/, $item);
+        my $name = $el[0];
+        my $value;
+        if ($#el > 0) {
+            $value = url_decode($el[1]);
         } else {
-            $default{$name} = $value;
+            $value = "";
+        }
+        if (defined $default{$name}) {
+            $foundone = 1;
+            if ($default{$name} ne "") {
+                $default{$name} .= "|$value";
+                $type{$name} = 1;
+            } else {
+                $default{$name} = $value;
+            }
         }
     }
+    return $foundone;
 }
-                  
 
-if ($default{'chfieldto'} eq "") {
-    $default{'chfieldto'} = "Now";
-}
 
+if (!ProcessFormStuff($::buffer)) {
+    # Ah-hah, there was no form stuff specified.  Do it again with the
+    # default query.
+    if ($userdefaultquery) {
+        ProcessFormStuff($userdefaultquery);
+    } else {
+        ProcessFormStuff(Param("defaultquery"));
+    }
+}
 
 
-my $namelist = "";
+                 
 
-foreach my $i (sort (keys %::COOKIE)) {
-    if ($i =~ /^QUERY_/) {
-        if ($::COOKIE{$i} ne "") {
-            my $name = substr($i, 6); 
-            $namelist .= "<OPTION>$name";
-        }
-    }
+if ($default{'chfieldto'} eq "") {
+    $default{'chfieldto'} = "Now";
 }
 
+
+
 print "Set-Cookie: BUGLIST=
 Content-type: text/html\n\n";
 
@@ -582,16 +632,33 @@ if (@::legal_keywords) {
 print "
 </table>
 <p>
+";
 
-
-
+if (!$userid) {
+    print qq{<INPUT TYPE="hidden" NAME="cmdtype" VALUE="doit">};
+} else {
+    print "
 <BR>
 <INPUT TYPE=radio NAME=cmdtype VALUE=doit CHECKED> Run this query
 <BR>
 ";
 
-if ($namelist ne "") {
-    print "
+    my @namedqueries;
+    if ($userid) {
+        SendSQL("SELECT name FROM namedqueries " .
+                "WHERE userid = $userid AND name != '$::defaultqueryname' " .
+                "ORDER BY name");
+        while (MoreSQLData()) {
+            push(@namedqueries, FetchOneColumn());
+        }
+    }
+    
+    
+    
+    
+    if (@namedqueries) {
+        my $namelist = make_options(\@namedqueries);
+        print qq{
 <table cellspacing=0 cellpadding=0><tr>
 <td><INPUT TYPE=radio NAME=cmdtype VALUE=editnamed> Load the remembered query:</td>
 <td rowspan=3><select name=namedcmd>$namelist</select>
@@ -599,16 +666,19 @@ if ($namelist ne "") {
 <td><INPUT TYPE=radio NAME=cmdtype VALUE=runnamed> Run the remembered query:</td>
 </tr><tr>
 <td><INPUT TYPE=radio NAME=cmdtype VALUE=forgetnamed> Forget the remembered query:</td>
-</tr></table>"
-}
+</tr></table>};
+    }
 
-print "
+    print "
 <INPUT TYPE=radio NAME=cmdtype VALUE=asdefault> Remember this as the default query
 <BR>
 <INPUT TYPE=radio NAME=cmdtype VALUE=asnamed> Remember this query, and name it:
 <INPUT TYPE=text NAME=newqueryname>
 <BR>
+"
+}
 
+print "
 <NOBR><B>Sort By:</B>
 <SELECT NAME=\"order\">
 ";
@@ -640,8 +710,6 @@ print "
 ";
 
 
-quietly_check_login();
-
 if (UserInGroup("tweakparams")) {
     print "<a href=editparams.cgi>Edit Bugzilla operating parameters</a><br>\n";
 }
@@ -651,7 +719,7 @@ if (UserInGroup("editcomponents")) {
 if (UserInGroup("editkeywords")) {
     print "<a href=editkeywords.cgi>Edit Bugzilla keywords</a><br>\n";
 }
-if (defined $::COOKIE{"Bugzilla_login"}) {
+if ($userid) {
     print "<a href=relogin.cgi>Log in as someone besides <b>$::COOKIE{'Bugzilla_login'}</b></a><br>\n";
 }
 print "<a href=changepassword.cgi>Change your password or preferences.</a><br>\n";
diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index 6425a97825..e7008f7995 100755
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -135,7 +135,8 @@ CrossCheck("profiles", "userid",
            ["bugs_activity", "who"],
            ["cc", "who"],
            ["votes", "who"],
-           ["longdescs", "who"]);
+           ["longdescs", "who"],
+           ["namedqueries", "userid"]);
 
 
 Status("Checking passwords");