From 94149638cfe0e9cf217f62dc5ffff78ffd446def Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 1 Dec 2006 23:55:24 +0000
Subject: [PATCH] =?utf8?q?Bug=20356395:=20On=20bug=20creation,=20an=20erro?=
 =?utf8?q?r=20is=20thrown=20when=20the=20requestee=20of=20a=20private=20at?=
 =?utf8?q?tachment=20is=20not=20in=20the=20insidergroup,=20or=20when=20the?=
 =?utf8?q?=20requestee=20is=20not=20in=20the=20grant=20group=20(for=20atta?=
 =?utf8?q?chment=20flags)=20-=20Patch=20by=20Fr=C3=83=C2=A9d=C3=83=C2=A9ri?=
 =?utf8?q?c=20Buclin=20<LpSolit@gmail.com>=20r/a=3Dmyk?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Attachment.pm | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index c1b3a8a28e..95d4026ad7 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -779,12 +779,6 @@ sub insert_attachment_for_bug {
         $$hr_vars->{'message'} = 'user_match_multiple';
     }
 
-    # Flag::validate() should not detect any reference to existing flags
-    # when creating a new attachment. Setting the third param to -1 will
-    # force this function to check this point.
-    # XXX needs $throw_error treatment
-    Bugzilla::Flag::validate($cgi, $bug->bug_id, -1);
-
     # Escape characters in strings that will be used in SQL statements.
     my $description = $cgi->param('description');
     trick_taint($description);
@@ -854,9 +848,28 @@ sub insert_attachment_for_bug {
                           $timestamp, $fieldid, 0, 1));
     }
 
-    # Create flags.
     my $attachment = Bugzilla::Attachment->get($attachid);
-    Bugzilla::Flag::process($bug, $attachment, $timestamp, $cgi);
+
+    # 1. Add flags, if any. To avoid dying if something goes wrong
+    # while processing flags, we will eval() flag validation.
+    # This requires errors to die().
+    # XXX: this can go away as soon as flag validation is able to
+    #      fail without dying.
+    #
+    # 2. Flag::validate() should not detect any reference to existing flags
+    # when creating a new attachment. Setting the third param to -1 will
+    # force this function to check this point.
+    my $error_mode_cache = Bugzilla->error_mode;
+    Bugzilla->error_mode(ERROR_MODE_DIE);
+    eval {
+        Bugzilla::Flag::validate($cgi, $bug->bug_id, -1);
+        Bugzilla::Flag::process($bug, $attachment, $timestamp, $cgi);
+    };
+    Bugzilla->error_mode($error_mode_cache);
+    if ($@) {
+        $$hr_vars->{'message'} = 'flag_creation_failed';
+        $$hr_vars->{'flag_creation_error'} = $@;
+    }
 
     # Return the ID of the new attachment.
     return $attachid;
-- 
2.47.3