From b8f0c041640c48d0e0e88eb02da6f9cf1bc0aaf3 Mon Sep 17 00:00:00 2001
From: "dkl%redhat.com" <>
Date: Sat, 28 Jun 2008 00:56:18 +0000
Subject: [PATCH] =?utf8?q?Bug=20422691=20=C3=A2=C2=80=C2=93=20Attachment?=
 =?utf8?q?=20gets=20added=20twice=20after=20hitting=20"Back"=20and=20"Refr?=
 =?utf8?q?esh"=20Patch=20by=20David=20Lawrence=20<dkl@redhat.com>=20-=20r/?=
 =?utf8?q?a=3DLpSolit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 attachment.cgi                                | 31 ++++++++++++
 .../attachment/cancel-create-dupe.html.tmpl   | 48 +++++++++++++++++++
 .../en/default/attachment/create.html.tmpl    |  1 +
 3 files changed, 80 insertions(+)
 create mode 100644 template/en/default/attachment/cancel-create-dupe.html.tmpl

diff --git a/attachment.cgi b/attachment.cgi
index 937087a519..2520c00320 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -327,6 +327,7 @@ sub enter {
                                               'component_id' => $bug->component_id});
   $vars->{'flag_types'} = $flag_types;
   $vars->{'any_flags_requesteeble'} = grep($_->is_requesteeble, @$flag_types);
+  $vars->{'token'} = issue_session_token('createattachment:');
 
   print $cgi->header();
 
@@ -348,6 +349,30 @@ sub insert {
     validateCanChangeBug($bugid);
     my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()");
 
+    # Detect if the user already used the same form to submit an attachment
+    my $token = trim($cgi->param('token'));
+    if ($token) {
+        my ($creator_id, $date, $old_attach_id) = Bugzilla::Token::GetTokenData($token);
+        unless ($creator_id 
+            && ($creator_id == $user->id) 
+                && ($old_attach_id =~ "^createattachment:")) 
+        {
+            # The token is invalid.
+            ThrowUserError('token_does_not_exist');
+        }
+    
+        $old_attach_id =~ s/^createattachment://;
+   
+        if ($old_attach_id) {
+            $vars->{'bugid'} = $bugid;
+            $vars->{'attachid'} = $old_attach_id;
+            print $cgi->header();
+            $template->process("attachment/cancel-create-dupe.html.tmpl",  $vars)
+                || ThrowTemplateError($template->error());
+            exit;
+        }
+    }
+
     my $bug = new Bugzilla::Bug($bugid);
     my $attachment =
         Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user,
@@ -379,6 +404,12 @@ sub insert {
   }
   $bug->update($timestamp);
 
+  if ($token) {
+      trick_taint($token);
+      $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef,
+               ("createattachment:" . $attachment->id, $token));
+  }
+
   $dbh->bz_commit_transaction;
 
   # Define the variables and functions that will be passed to the UI template.
diff --git a/template/en/default/attachment/cancel-create-dupe.html.tmpl b/template/en/default/attachment/cancel-create-dupe.html.tmpl
new file mode 100644
index 0000000000..f838955bca
--- /dev/null
+++ b/template/en/default/attachment/cancel-create-dupe.html.tmpl
@@ -0,0 +1,48 @@
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Olav Vitters.
+  #
+  # Contributor(s): Olav Vitters <olav@bkor.dhs.org>
+  #                 David Lawrence <dkl@redhat.com>
+  #%]
+
+[%# INTERFACE:
+  # bugid:    integer. ID of the bug report that this attachment relates to.
+  # attachid: integer. ID of the previous attachment recently created.
+  #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl
+  title = "Already filed attachment"
+%]
+
+[% USE Bugzilla %]
+
+<table cellpadding="20">
+  <tr>
+    <td bgcolor="#ff0000">
+      <font size="+2">
+        You already used the form to file
+        <a href="[% urlbase FILTER html %]attachment.cgi?id=[% attachid FILTER url_quote %]&action=edit">attachment [% attachid FILTER url_quote %]</a>.
+      </font>
+    </td>
+  </tr>
+</table>
+
+<p>
+  You can either <a href="[% urlbase FILTER html %]attachment.cgi?bugid=[% bugid FILTER url_quote %]&action=enter">
+  create a new attachment</a> or [% "go back to $terms.bug $bugid" FILTER bug_link(bugid) FILTER none %].
+<p>
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/attachment/create.html.tmpl b/template/en/default/attachment/create.html.tmpl
index 7944228f37..10648159b8 100644
--- a/template/en/default/attachment/create.html.tmpl
+++ b/template/en/default/attachment/create.html.tmpl
@@ -42,6 +42,7 @@
 <form name="entryform" method="post" action="attachment.cgi" enctype="multipart/form-data">
   <input type="hidden" name="bugid" value="[% bug.bug_id %]">
   <input type="hidden" name="action" value="insert">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 
   <table class="attachment_entry">
     [% PROCESS attachment/createformcontents.html.tmpl %]
-- 
2.47.2