search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rubber-stamped by Brady Eidson.
[webbrowser.git] / BugsSite / buglist.cgi
blobf6ea3c07dda9176697b57f9ea7f232f435371859
1 #!/usr/bin/env perl -wT
2 # -*- Mode: perl; indent-tabs-mode: nil -*-
3 #
4 # The contents of this file are subject to the Mozilla Public
5 # License Version 1.1 (the "License"); you may not use this file
6 # except in compliance with the License. You may obtain a copy of
7 # the License at http://www.mozilla.org/MPL/
8 #
9 # Software distributed under the License is distributed on an "AS
10 # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11 # implied. See the License for the specific language governing
12 # rights and limitations under the License.
13 #
14 # The Original Code is the Bugzilla Bug Tracking System.
15 #
16 # The Initial Developer of the Original Code is Netscape Communications
17 # Corporation. Portions created by Netscape are
18 # Copyright (C) 1998 Netscape Communications Corporation. All
19 # Rights Reserved.
20 #
21 # Contributor(s): Terry Weissman <terry@mozilla.org>
22 # Dan Mosedale <dmose@mozilla.org>
23 # Stephan Niemz <st.n@gmx.net>
24 # Andreas Franke <afranke@mathweb.org>
25 # Myk Melez <myk@mozilla.org>
26 # Max Kanat-Alexander <mkanat@bugzilla.org>
27
28 ################################################################################
29 # Script Initialization
30 ################################################################################
31
32 # Make it harder for us to do dangerous things in Perl.
33 use strict;
34
35 use lib qw(. lib);
36
37 use Bugzilla;
38 use Bugzilla::Constants;
39 use Bugzilla::Error;
40 use Bugzilla::Util;
41 use Bugzilla::Search;
42 use Bugzilla::Search::Quicksearch;
43 use Bugzilla::Search::Saved;
44 use Bugzilla::User;
45 use Bugzilla::Bug;
46 use Bugzilla::Product;
47 use Bugzilla::Keyword;
48 use Bugzilla::Field;
49 use Bugzilla::Status;
50 use Bugzilla::Token;
51
52 use Date::Parse;
53
54 my $cgi = Bugzilla->cgi;
55 my $dbh = Bugzilla->dbh;
56 my $template = Bugzilla->template;
57 my $vars = {};
58 my $buffer = $cgi->query_string();
59
60 # We have to check the login here to get the correct footer if an error is
61 # thrown and to prevent a logged out user to use QuickSearch if 'requirelogin'
62 # is turned 'on'.
63 Bugzilla->login();
64
65 if (length($buffer) == 0) {
66 print $cgi->header(-refresh=> '10; URL=query.cgi');
67 ThrowUserError("buglist_parameters_required");
68 }
69
70 # Determine whether this is a quicksearch query.
71 my $searchstring = $cgi->param('quicksearch');
72 if (defined($searchstring)) {
73 $buffer = quicksearch($searchstring);
74 # Quicksearch may do a redirect, in which case it does not return.
75 # If it does return, it has modified $cgi->params so we can use them here
76 # as if this had been a normal query from the beginning.
77 }
78
79 # If configured to not allow empty words, reject empty searches from the
80 # Find a Specific Bug search form, including words being a single or
81 # several consecutive whitespaces only.
82 if (!Bugzilla->params->{'specific_search_allow_empty_words'}
83 && defined($cgi->param('content')) && $cgi->param('content') =~ /^\s*$/)
84 {
85 ThrowUserError("buglist_parameters_required");
86 }
87
88 ################################################################################
89 # Data and Security Validation
90 ################################################################################
91
92 # Whether or not the user wants to change multiple bugs.
93 my $dotweak = $cgi->param('tweak') ? 1 : 0;
94
95 # Log the user in
96 if ($dotweak) {
97 Bugzilla->login(LOGIN_REQUIRED);
98 }
99
100 # Hack to support legacy applications that think the RDF ctype is at format=rdf.
101 if (defined $cgi->param('format') && $cgi->param('format') eq "rdf"
102 && !defined $cgi->param('ctype')) {
103 $cgi->param('ctype', "rdf");
104 $cgi->delete('format');
105 }
106
107 # Treat requests for ctype=rss as requests for ctype=atom
108 if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") {
109 $cgi->param('ctype', "atom");
110 }
111
112 # The js ctype presents a security risk; a malicious site could use it
113 # to gather information about secure bugs. So, we only allow public bugs to be
114 # retrieved with this format.
115 #
116 # Note that if and when this call clears cookies or has other persistent
117 # effects, we'll need to do this another way instead.
118 if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
119 Bugzilla->logout_request();
120 }
121
122 # An agent is a program that automatically downloads and extracts data
123 # on its user's behalf. If this request comes from an agent, we turn off
124 # various aspects of bug list functionality so agent requests succeed
125 # and coexist nicely with regular user requests. Currently the only agent
126 # we know about is Firefox's microsummary feature.
127 my $agent = ($cgi->http('X-Moz') && $cgi->http('X-Moz') =~ /\bmicrosummary\b/);
128
129 # Determine the format in which the user would like to receive the output.
130 # Uses the default format if the user did not specify an output format;
131 # otherwise validates the user's choice against the list of available formats.
132 my $format = $template->get_format("list/list", scalar $cgi->param('format'),
133 scalar $cgi->param('ctype'));
134
135 # Use server push to display a "Please wait..." message for the user while
136 # executing their query if their browser supports it and they are viewing
137 # the bug list as HTML and they have not disabled it by adding &serverpush=0
138 # to the URL.
139 #
140 # Server push is a Netscape 3+ hack incompatible with MSIE, Lynx, and others.
141 # Even Communicator 4.51 has bugs with it, especially during page reload.
142 # http://www.browsercaps.org used as source of compatible browsers.
143 # Safari (WebKit) does not support it, despite a UA that says otherwise (bug 188712)
144 # MSIE 5+ supports it on Mac (but not on Windows) (bug 190370)
145 #
146 my $serverpush =
147 $format->{'extension'} eq "html"
148 && exists $ENV{'HTTP_USER_AGENT'}
149 && $ENV{'HTTP_USER_AGENT'} =~ /Mozilla.[3-9]/
150 && (($ENV{'HTTP_USER_AGENT'} !~ /[Cc]ompatible/) || ($ENV{'HTTP_USER_AGENT'} =~ /MSIE 5.*Mac_PowerPC/))
151 && $ENV{'HTTP_USER_AGENT'} !~ /WebKit/
152 && !$agent
153 && !defined($cgi->param('serverpush'))
154 || $cgi->param('serverpush');
155
156 my $order = $cgi->param('order') || "";
157 my $order_from_cookie = 0; # True if $order set using the LASTORDER cookie
158
159 # The params object to use for the actual query itself
160 my $params;
161
162 # If the user is retrieving the last bug list they looked at, hack the buffer
163 # storing the query string so that it looks like a query retrieving those bugs.
164 if (defined $cgi->param('regetlastlist')) {
165 $cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie");
166
167 $order = "reuse last sort" unless $order;
168 my $bug_id = $cgi->cookie('BUGLIST');
169 $bug_id =~ s/:/,/g;
170 # set up the params for this new query
171 $params = new Bugzilla::CGI({
172 bug_id => $bug_id,
173 order => $order,
174 });
175 }
176
177 if ($buffer =~ /&cmd-/) {
178 my $url = "query.cgi?$buffer#chart";
179 print $cgi->redirect(-location => $url);
180 # Generate and return the UI (HTML page) from the appropriate template.
181 $vars->{'message'} = "buglist_adding_field";
182 $vars->{'url'} = $url;
183 $template->process("global/message.html.tmpl", $vars)
184 || ThrowTemplateError($template->error());
185 exit;
186 }
187
188 # Figure out whether or not the user is doing a fulltext search. If not,
189 # we'll remove the relevance column from the lists of columns to display
190 # and order by, since relevance only exists when doing a fulltext search.
191 my $fulltext = 0;
192 if ($cgi->param('content')) { $fulltext = 1 }
193 my @charts = map(/^field(\d-\d-\d)$/ ? $1 : (), $cgi->param());
194 foreach my $chart (@charts) {
195 if ($cgi->param("field$chart") eq 'content' && $cgi->param("value$chart")) {
196 $fulltext = 1;
197 last;
198 }
199 }
200
201 ################################################################################
202 # Utilities
203 ################################################################################
204
205 local our @weekday= qw( Sun Mon Tue Wed Thu Fri Sat );
206 sub DiffDate {
207 my ($datestr) = @_;
208 my $date = str2time($datestr);
209 my $age = time() - $date;
210 my ($s,$m,$h,$d,$mo,$y,$wd)= localtime $date;
211 if( $age < 18*60*60 ) {
212 $date = sprintf "%02d:%02d:%02d", $h,$m,$s;
213 } elsif( $age < 6*24*60*60 ) {
214 $date = sprintf "%s %02d:%02d", $weekday[$wd],$h,$m;
215 } else {
216 $date = sprintf "%04d-%02d-%02d", 1900+$y,$mo+1,$d;
217 }
218 return $date;
219 }
220
221 sub LookupNamedQuery {
222 my ($name, $sharer_id, $query_type, $throw_error) = @_;
223 my $user = Bugzilla->login(LOGIN_REQUIRED);
224 my $dbh = Bugzilla->dbh;
225 my $owner_id;
226 $throw_error = 1 unless defined $throw_error;
227
228 # $name and $sharer_id are safe -- we only use them below in SELECT
229 # placeholders and then in error messages (which are always HTML-filtered).
230 $name || ThrowUserError("query_name_missing");
231 trick_taint($name);
232 if ($sharer_id) {
233 $owner_id = $sharer_id;
234 detaint_natural($owner_id);
235 $owner_id || ThrowUserError('illegal_user_id', {'userid' => $sharer_id});
236 }
237 else {
238 $owner_id = $user->id;
239 }
240
241 my @args = ($owner_id, $name);
242 my $extra = '';
243 # If $query_type is defined, then we restrict our search.
244 if (defined $query_type) {
245 $extra = ' AND query_type = ? ';
246 detaint_natural($query_type);
247 push(@args, $query_type);
248 }
249 my ($id, $result) = $dbh->selectrow_array("SELECT id, query
250 FROM namedqueries
251 WHERE userid = ? AND name = ?
252 $extra",
253 undef, @args);
254
255 # Some DBs (read: Oracle) incorrectly mark this string as UTF-8
256 # even though it has no UTF-8 characters in it, which prevents
257 # Bugzilla::CGI from later reading it correctly.
258 utf8::downgrade($result) if utf8::is_utf8($result);
259
260 if (!defined($result)) {
261 return 0 unless $throw_error;
262 ThrowUserError("missing_query", {'queryname' => $name,
263 'sharer_id' => $sharer_id});
264 }
265
266 if ($sharer_id) {
267 my $group = $dbh->selectrow_array('SELECT group_id
268 FROM namedquery_group_map
269 WHERE namedquery_id = ?',
270 undef, $id);
271 if (!grep {$_ == $group} values(%{$user->groups()})) {
272 ThrowUserError("missing_query", {'queryname' => $name,
273 'sharer_id' => $sharer_id});
274 }
275 }
276
277 $result
278 || ThrowUserError("buglist_parameters_required", {'queryname' => $name});
279
280 return wantarray ? ($result, $id) : $result;
281 }
282
283 # Inserts a Named Query (a "Saved Search") into the database, or
284 # updates a Named Query that already exists..
285 # Takes four arguments:
286 # userid - The userid who the Named Query will belong to.
287 # query_name - A string that names the new Named Query, or the name
288 # of an old Named Query to update. If this is blank, we
289 # will throw a UserError. Leading and trailing whitespace
290 # will be stripped from this value before it is inserted
291 # into the DB.
292 # query - The query part of the buglist.cgi URL, unencoded. Must not be
293 # empty, or we will throw a UserError.
294 # link_in_footer (optional) - 1 if the Named Query should be
295 # displayed in the user's footer, 0 otherwise.
296 # query_type (optional) - 1 if the Named Query contains a list of
297 # bug IDs only, 0 otherwise (default).
298 #
299 # All parameters are validated before passing them into the database.
300 #
301 # Returns: A boolean true value if the query existed in the database
302 # before, and we updated it. A boolean false value otherwise.
303 sub InsertNamedQuery {
304 my ($query_name, $query, $link_in_footer, $query_type) = @_;
305 my $dbh = Bugzilla->dbh;
306
307 $query_name = trim($query_name);
308 my ($query_obj) = grep {lc($_->name) eq lc($query_name)} @{Bugzilla->user->queries};
309
310 if ($query_obj) {
311 $query_obj->set_name($query_name);
312 $query_obj->set_url($query);
313 $query_obj->set_query_type($query_type);
314 $query_obj->update();
315 } else {
316 Bugzilla::Search::Saved->create({
317 name => $query_name,
318 query => $query,
319 query_type => $query_type,
320 link_in_footer => $link_in_footer
321 });
322 }
323
324 return $query_obj ? 1 : 0;
325 }
326
327 sub LookupSeries {
328 my ($series_id) = @_;
329 detaint_natural($series_id) || ThrowCodeError("invalid_series_id");
330
331 my $dbh = Bugzilla->dbh;
332 my $result = $dbh->selectrow_array("SELECT query FROM series " .
333 "WHERE series_id = ?"
334 , undef, ($series_id));
335 $result
336 || ThrowCodeError("invalid_series_id", {'series_id' => $series_id});
337 return $result;
338 }
339
340 sub GetQuip {
341 my $dbh = Bugzilla->dbh;
342 # COUNT is quick because it is cached for MySQL. We may want to revisit
343 # this when we support other databases.
344 my $count = $dbh->selectrow_array("SELECT COUNT(quip)"
345 . " FROM quips WHERE approved = 1");
346 my $random = int(rand($count));
347 my $quip =
348 $dbh->selectrow_array("SELECT quip FROM quips WHERE approved = 1 " .
349 $dbh->sql_limit(1, $random));
350 return $quip;
351 }
352
353 # Return groups available for at least one product of the buglist.
354 sub GetGroups {
355 my $product_names = shift;
356 my $user = Bugzilla->user;
357 my %legal_groups;
358
359 foreach my $product_name (@$product_names) {
360 my $product = new Bugzilla::Product({name => $product_name});
361
362 foreach my $gid (keys %{$product->group_controls}) {
363 # The user can only edit groups he belongs to.
364 next unless $user->in_group_id($gid);
365
366 # The user has no control on groups marked as NA or MANDATORY.
367 my $group = $product->group_controls->{$gid};
368 next if ($group->{membercontrol} == CONTROLMAPMANDATORY
369 || $group->{membercontrol} == CONTROLMAPNA);
370
371 # It's fine to include inactive groups. Those will be marked
372 # as "remove only" when editing several bugs at once.
373 $legal_groups{$gid} ||= $group->{group};
374 }
375 }
376 # Return a list of group objects.
377 return [values %legal_groups];
378 }
379
380 sub _close_standby_message {
381 my ($contenttype, $disposition, $serverpush) = @_;
382 my $cgi = Bugzilla->cgi;
383
384 # Close the "please wait" page, then open the buglist page
385 if ($serverpush) {
386 print $cgi->multipart_end();
387 print $cgi->multipart_start(-type => $contenttype,
388 -content_disposition => $disposition);
389 }
390 else {
391 print $cgi->header(-type => $contenttype,
392 -content_disposition => $disposition);
393 }
394 }
395
396
397 ################################################################################
398 # Command Execution
399 ################################################################################
400
401 $cgi->param('cmdtype', "") if !defined $cgi->param('cmdtype');
402 $cgi->param('remaction', "") if !defined $cgi->param('remaction');
403
404 # Backwards-compatibility - the old interface had cmdtype="runnamed" to run
405 # a named command, and we can't break this because it's in bookmarks.
406 if ($cgi->param('cmdtype') eq "runnamed") {
407 $cgi->param('cmdtype', "dorem");
408 $cgi->param('remaction', "run");
409 }
410
411 # Now we're going to be running, so ensure that the params object is set up,
412 # using ||= so that we only do so if someone hasn't overridden this
413 # earlier, for example by setting up a named query search.
414
415 # This will be modified, so make a copy.
416 $params ||= new Bugzilla::CGI($cgi);
417
418 # Generate a reasonable filename for the user agent to suggest to the user
419 # when the user saves the bug list. Uses the name of the remembered query
420 # if available. We have to do this now, even though we return HTTP headers
421 # at the end, because the fact that there is a remembered query gets
422 # forgotten in the process of retrieving it.
423 my @time = localtime(time());
424 my $date = sprintf "%04d-%02d-%02d", 1900+$time[5],$time[4]+1,$time[3];
425 my $filename = "bugs-$date.$format->{extension}";
426 if ($cgi->param('cmdtype') eq "dorem" && $cgi->param('remaction') =~ /^run/) {
427 $filename = $cgi->param('namedcmd') . "-$date.$format->{extension}";
428 # Remove white-space from the filename so the user cannot tamper
429 # with the HTTP headers.
430 $filename =~ s/\s/_/g;
431 }
432 $filename =~ s/\\/\\\\/g; # escape backslashes
433 $filename =~ s/"/\\"/g; # escape quotes
434
435 # Take appropriate action based on user's request.
436 if ($cgi->param('cmdtype') eq "dorem") {
437 if ($cgi->param('remaction') eq "run") {
438 my $query_id;
439 ($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"),
440 scalar $cgi->param('sharer_id'));
441 # If this is the user's own query, remember information about it
442 # so that it can be modified easily.
443 $vars->{'searchname'} = $cgi->param('namedcmd');
444 if (!$cgi->param('sharer_id') ||
445 $cgi->param('sharer_id') == Bugzilla->user->id) {
446 $vars->{'searchtype'} = "saved";
447 $vars->{'search_id'} = $query_id;
448 }
449 $params = new Bugzilla::CGI($buffer);
450 $order = $params->param('order') || $order;
451
452 }
453 elsif ($cgi->param('remaction') eq "runseries") {
454 $buffer = LookupSeries(scalar $cgi->param("series_id"));
455 $vars->{'searchname'} = $cgi->param('namedcmd');
456 $vars->{'searchtype'} = "series";
457 $params = new Bugzilla::CGI($buffer);
458 $order = $params->param('order') || $order;
459 }
460 elsif ($cgi->param('remaction') eq "forget") {
461 my $user = Bugzilla->login(LOGIN_REQUIRED);
462 # Copy the name into a variable, so that we can trick_taint it for
463 # the DB. We know it's safe, because we're using placeholders in
464 # the SQL, and the SQL is only a DELETE.
465 my $qname = $cgi->param('namedcmd');
466 trick_taint($qname);
467
468 # Do not forget the saved search if it is being used in a whine
469 my $whines_in_use =
470 $dbh->selectcol_arrayref('SELECT DISTINCT whine_events.subject
471 FROM whine_events
472 INNER JOIN whine_queries
473 ON whine_queries.eventid
474 = whine_events.id
475 WHERE whine_events.owner_userid
476 = ?
477 AND whine_queries.query_name
478 = ?
479 ', undef, $user->id, $qname);
480 if (scalar(@$whines_in_use)) {
481 ThrowUserError('saved_search_used_by_whines',
482 { subjects => join(',', @$whines_in_use),
483 search_name => $qname }
484 );
485 }
486
487 # If we are here, then we can safely remove the saved search
488 my ($query_id) = $dbh->selectrow_array('SELECT id FROM namedqueries
489 WHERE userid = ?
490 AND name = ?',
491 undef, ($user->id, $qname));
492 if (!$query_id) {
493 # The user has no query of this name. Play along.
494 }
495 else {
496 # Make sure the user really wants to delete his saved search.
497 my $token = $cgi->param('token');
498 check_hash_token($token, [$query_id, $qname]);
499
500 $dbh->do('DELETE FROM namedqueries
501 WHERE id = ?',
502 undef, $query_id);
503 $dbh->do('DELETE FROM namedqueries_link_in_footer
504 WHERE namedquery_id = ?',
505 undef, $query_id);
506 $dbh->do('DELETE FROM namedquery_group_map
507 WHERE namedquery_id = ?',
508 undef, $query_id);
509 }
510
511 # Now reset the cached queries
512 $user->flush_queries_cache();
513
514 print $cgi->header();
515 # Generate and return the UI (HTML page) from the appropriate template.
516 $vars->{'message'} = "buglist_query_gone";
517 $vars->{'namedcmd'} = $qname;
518 $vars->{'url'} = "query.cgi";
519 $template->process("global/message.html.tmpl", $vars)
520 || ThrowTemplateError($template->error());
521 exit;
522 }
523 }
524 elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) {
525 if ($cgi->param('remtype') eq "asdefault") {
526 my $user = Bugzilla->login(LOGIN_REQUIRED);
527 InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
528 $vars->{'message'} = "buglist_new_default_query";
529 }
530 elsif ($cgi->param('remtype') eq "asnamed") {
531 my $user = Bugzilla->login(LOGIN_REQUIRED);
532 my $query_name = $cgi->param('newqueryname');
533 my $new_query = $cgi->param('newquery');
534 my $query_type = QUERY_LIST;
535 # If list_of_bugs is true, we are adding/removing individual bugs
536 # to a saved search. We get the existing list of bug IDs (if any)
537 # and add/remove the passed ones.
538 if ($cgi->param('list_of_bugs')) {
539 # We add or remove bugs based on the action choosen.
540 my $action = trim($cgi->param('action') || '');
541 $action =~ /^(add|remove)$/
542 || ThrowCodeError('unknown_action', {'action' => $action});
543
544 # If we are removing bugs, then we must have an existing
545 # saved search selected.
546 if ($action eq 'remove') {
547 $query_name && ThrowUserError('no_bugs_to_remove');
548 }
549
550 my %bug_ids;
551 my $is_new_name = 0;
552 if ($query_name) {
553 my ($query, $query_id) =
554 LookupNamedQuery($query_name, undef, QUERY_LIST, !THROW_ERROR);
555 # Make sure this name is not already in use by a normal saved search.
556 if ($query) {
557 ThrowUserError('query_name_exists', {name => $query_name,
558 query_id => $query_id});
559 }
560 $is_new_name = 1;
561 }
562 # If no new tag name has been given, use the selected one.
563 $query_name ||= $cgi->param('oldqueryname');
564
565 # Don't throw an error if it's a new tag name: if the tag already
566 # exists, add/remove bugs to it, else create it. But if we are
567 # considering an existing tag, then it has to exist and we throw
568 # an error if it doesn't (hence the usage of !$is_new_name).
569 if (my $old_query = LookupNamedQuery($query_name, undef, LIST_OF_BUGS, !$is_new_name)) {
570 # We get the encoded query. We need to decode it.
571 my $old_cgi = new Bugzilla::CGI($old_query);
572 foreach my $bug_id (split /[\s,]+/, scalar $old_cgi->param('bug_id')) {
573 $bug_ids{$bug_id} = 1 if detaint_natural($bug_id);
574 }
575 }
576
577 my $keep_bug = ($action eq 'add') ? 1 : 0;
578 my $changes = 0;
579 foreach my $bug_id (split(/[\s,]+/, $cgi->param('bug_ids'))) {
580 next unless $bug_id;
581 ValidateBugID($bug_id);
582 $bug_ids{$bug_id} = $keep_bug;
583 $changes = 1;
584 }
585 ThrowUserError('no_bug_ids',
586 {'action' => $action,
587 'tag' => $query_name})
588 unless $changes;
589
590 # Only keep bug IDs we want to add/keep. Disregard deleted ones.
591 my @bug_ids = grep { $bug_ids{$_} == 1 } keys %bug_ids;
592 # If the list is now empty, we could as well delete it completely.
593 ThrowUserError('no_bugs_in_list', {'tag' => $query_name})
594 unless scalar(@bug_ids);
595
596 $new_query = "bug_id=" . join(',', sort {$a <=> $b} @bug_ids);
597 $query_type = LIST_OF_BUGS;
598 }
599 my $tofooter = 1;
600 my $existed_before = InsertNamedQuery($query_name, $new_query,
601 $tofooter, $query_type);
602 if ($existed_before) {
603 $vars->{'message'} = "buglist_updated_named_query";
604 }
605 else {
606 $vars->{'message'} = "buglist_new_named_query";
607 }
608
609 # Make sure to invalidate any cached query data, so that the footer is
610 # correctly displayed
611 $user->flush_queries_cache();
612
613 $vars->{'queryname'} = $query_name;
614
615 print $cgi->header();
616 $template->process("global/message.html.tmpl", $vars)
617 || ThrowTemplateError($template->error());
618 exit;
619 }
620 }
621
622 # backward compatibility hack: if the saved query doesn't say which
623 # form was used to create it, assume it was on the advanced query
624 # form - see bug 252295
625 if (!$params->param('query_format')) {
626 $params->param('query_format', 'advanced');
627 $buffer = $params->query_string;
628 }
629
630 ################################################################################
631 # Column Definition
632 ################################################################################
633
634 # Define the columns that can be selected in a query and/or displayed in a bug
635 # list. Column records include the following fields:
636 #
637 # 1. ID: a unique identifier by which the column is referred in code;
638 #
639 # 2. Name: The name of the column in the database (may also be an expression
640 # that returns the value of the column);
641 #
642 # 3. Title: The title of the column as displayed to users.
643 #
644 # Note: There are a few hacks in the code that deviate from these definitions.
645 # In particular, when the list is sorted by the "votes" field the word
646 # "DESC" is added to the end of the field to sort in descending order,
647 # and the redundant short_desc column is removed when the client
648 # requests "all" columns.
649 # Note: For column names using aliasing (SQL "<field> AS <alias>"), the column
650 # ID needs to be identical to the field ID for list ordering to work.
651
652 local our $columns = {};
653 sub DefineColumn {
654 my ($id, $name, $title) = @_;
655 $columns->{$id} = { 'name' => $name , 'title' => $title };
656 }
657
658 # Column: ID Name Title
659 DefineColumn("bug_id" , "bugs.bug_id" , "ID" );
660 DefineColumn("alias" , "bugs.alias" , "Alias" );
661 DefineColumn("opendate" , "bugs.creation_ts" , "Opened" );
662 DefineColumn("changeddate" , "bugs.delta_ts" , "Changed" );
663 DefineColumn("bug_severity" , "bugs.bug_severity" , "Severity" );
664 DefineColumn("priority" , "bugs.priority" , "Priority" );
665 DefineColumn("rep_platform" , "bugs.rep_platform" , "Hardware" );
666 DefineColumn("assigned_to" , "map_assigned_to.login_name" , "Assignee" );
667 DefineColumn("reporter" , "map_reporter.login_name" , "Reporter" );
668 DefineColumn("qa_contact" , "map_qa_contact.login_name" , "QA Contact" );
669 if ($format->{'extension'} eq 'html') {
670 DefineColumn("assigned_to_realname", "CASE WHEN map_assigned_to.realname = '' THEN map_assigned_to.login_name ELSE map_assigned_to.realname END AS assigned_to_realname", "Assignee" );
671 DefineColumn("reporter_realname" , "CASE WHEN map_reporter.realname = '' THEN map_reporter.login_name ELSE map_reporter.realname END AS reporter_realname" , "Reporter" );
672 DefineColumn("qa_contact_realname" , "CASE WHEN map_qa_contact.realname = '' THEN map_qa_contact.login_name ELSE map_qa_contact.realname END AS qa_contact_realname" , "QA Contact");
673 } else {
674 DefineColumn("assigned_to_realname", "map_assigned_to.realname AS assigned_to_realname", "Assignee" );
675 DefineColumn("reporter_realname" , "map_reporter.realname AS reporter_realname" , "Reporter" );
676 DefineColumn("qa_contact_realname" , "map_qa_contact.realname AS qa_contact_realname" , "QA Contact");
677 }
678 DefineColumn("bug_status" , "bugs.bug_status" , "Status" );
679 DefineColumn("resolution" , "bugs.resolution" , "Resolution" );
680 DefineColumn("short_short_desc" , "bugs.short_desc" , "Summary" );
681 DefineColumn("short_desc" , "bugs.short_desc" , "Summary" );
682 DefineColumn("status_whiteboard" , "bugs.status_whiteboard" , "Whiteboard" );
683 DefineColumn("component" , "map_components.name" , "Component" );
684 DefineColumn("product" , "map_products.name" , "Product" );
685 DefineColumn("classification" , "map_classifications.name" , "Classification" );
686 DefineColumn("version" , "bugs.version" , "Version" );
687 DefineColumn("op_sys" , "bugs.op_sys" , "OS" );
688 DefineColumn("target_milestone" , "bugs.target_milestone" , "Target Milestone" );
689 DefineColumn("votes" , "bugs.votes" , "Votes" );
690 DefineColumn("keywords" , "bugs.keywords" , "Keywords" );
691 DefineColumn("estimated_time" , "bugs.estimated_time" , "Estimated Hours" );
692 DefineColumn("remaining_time" , "bugs.remaining_time" , "Remaining Hours" );
693 DefineColumn("actual_time" , "(SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) AS actual_time", "Actual Hours");
694 DefineColumn("percentage_complete",
695 "(CASE WHEN (SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) " .
696 " + bugs.remaining_time = 0.0 " .
697 "THEN 0.0 " .
698 "ELSE 100*((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) " .
699 " /((SUM(ldtime.work_time)*COUNT(DISTINCT ldtime.bug_when)/COUNT(bugs.bug_id)) + bugs.remaining_time)) " .
700 "END) AS percentage_complete" , "% Complete");
701 DefineColumn("relevance" , "relevance" , "Relevance" );
702 DefineColumn("deadline" , $dbh->sql_date_format('bugs.deadline', '%Y-%m-%d') . " AS deadline", "Deadline");
703
704 foreach my $field (Bugzilla->active_custom_fields) {
705 # Multi-select fields are not (yet) supported in buglists.
706 next if $field->type == FIELD_TYPE_MULTI_SELECT;
707 DefineColumn($field->name, 'bugs.' . $field->name, $field->description);
708 }
709
710 Bugzilla::Hook::process("buglist-columns", {'columns' => $columns} );
711
712 ################################################################################
713 # Display Column Determination
714 ################################################################################
715
716 # Determine the columns that will be displayed in the bug list via the
717 # columnlist CGI parameter, the user's preferences, or the default.
718 my @displaycolumns = ();
719 if (defined $params->param('columnlist')) {
720 if ($params->param('columnlist') eq "all") {
721 # If the value of the CGI parameter is "all", display all columns,
722 # but remove the redundant "short_desc" column.
723 @displaycolumns = grep($_ ne 'short_desc', keys(%$columns));
724 }
725 else {
726 @displaycolumns = split(/[ ,]+/, $params->param('columnlist'));
727 }
728 }
729 elsif (defined $cgi->cookie('COLUMNLIST')) {
730 # 2002-10-31 Rename column names (see bug 176461)
731 my $columnlist = $cgi->cookie('COLUMNLIST');
732 $columnlist =~ s/\bowner\b/assigned_to/;
733 $columnlist =~ s/\bowner_realname\b/assigned_to_realname/;
734 $columnlist =~ s/\bplatform\b/rep_platform/;
735 $columnlist =~ s/\bseverity\b/bug_severity/;
736 $columnlist =~ s/\bstatus\b/bug_status/;
737 $columnlist =~ s/\bsummaryfull\b/short_desc/;
738 $columnlist =~ s/\bsummary\b/short_short_desc/;
739
740 # Use the columns listed in the user's preferences.
741 @displaycolumns = split(/ /, $columnlist);
742 }
743 else {
744 # Use the default list of columns.
745 @displaycolumns = DEFAULT_COLUMN_LIST;
746 }
747
748 # Weed out columns that don't actually exist to prevent the user
749 # from hacking their column list cookie to grab data to which they
750 # should not have access. Detaint the data along the way.
751 @displaycolumns = grep($columns->{$_} && trick_taint($_), @displaycolumns);
752
753 # Remove the "ID" column from the list because bug IDs are always displayed
754 # and are hard-coded into the display templates.
755 @displaycolumns = grep($_ ne 'bug_id', @displaycolumns);
756
757 # Add the votes column to the list of columns to be displayed
758 # in the bug list if the user is searching for bugs with a certain
759 # number of votes and the votes column is not already on the list.
760
761 # Some versions of perl will taint 'votes' if this is done as a single
762 # statement, because the votes param is tainted at this point
763 my $votes = $params->param('votes');
764 $votes ||= "";
765 if (trim($votes) && !grep($_ eq 'votes', @displaycolumns)) {
766 push(@displaycolumns, 'votes');
767 }
768
769 # Remove the timetracking columns if they are not a part of the group
770 # (happens if a user had access to time tracking and it was revoked/disabled)
771 if (!Bugzilla->user->in_group(Bugzilla->params->{"timetrackinggroup"})) {
772 @displaycolumns = grep($_ ne 'estimated_time', @displaycolumns);
773 @displaycolumns = grep($_ ne 'remaining_time', @displaycolumns);
774 @displaycolumns = grep($_ ne 'actual_time', @displaycolumns);
775 @displaycolumns = grep($_ ne 'percentage_complete', @displaycolumns);
776 @displaycolumns = grep($_ ne 'deadline', @displaycolumns);
777 }
778
779 # Remove the relevance column if the user is not doing a fulltext search.
780 if (grep('relevance', @displaycolumns) && !$fulltext) {
781 @displaycolumns = grep($_ ne 'relevance', @displaycolumns);
782 }
783
784
785 ################################################################################
786 # Select Column Determination
787 ################################################################################
788
789 # Generate the list of columns that will be selected in the SQL query.
790
791 # The bug ID is always selected because bug IDs are always displayed.
792 # Severity, priority, resolution and status are required for buglist
793 # CSS classes.
794 my @selectcolumns = ("bug_id", "bug_severity", "priority", "bug_status",
795 "resolution");
796
797 # if using classification, we also need to look in product.classification_id
798 if (Bugzilla->params->{"useclassification"}) {
799 push (@selectcolumns,"product");
800 }
801
802 # remaining and actual_time are required for percentage_complete calculation:
803 if (lsearch(\@displaycolumns, "percentage_complete") >= 0) {
804 push (@selectcolumns, "remaining_time");
805 push (@selectcolumns, "actual_time");
806 }
807
808 # Display columns are selected because otherwise we could not display them.
809 push (@selectcolumns, @displaycolumns);
810
811 # If the user is editing multiple bugs, we also make sure to select the product
812 # and status because the values of those fields determine what options the user
813 # has for modifying the bugs.
814 if ($dotweak) {
815 push(@selectcolumns, "product") if !grep($_ eq 'product', @selectcolumns);
816 push(@selectcolumns, "bug_status") if !grep($_ eq 'bug_status', @selectcolumns);
817 }
818
819 if ($format->{'extension'} eq 'ics') {
820 push(@selectcolumns, "opendate") if !grep($_ eq 'opendate', @selectcolumns);
821 }
822
823 if ($format->{'extension'} eq 'atom') {
824 # The title of the Atom feed will be the same one as for the bug list.
825 $vars->{'title'} = $cgi->param('title');
826
827 # This is the list of fields that are needed by the Atom filter.
828 my @required_atom_columns = (
829 'short_desc',
830 'opendate',
831 'changeddate',
832 'reporter_realname',
833 'priority',
834 'bug_severity',
835 'assigned_to_realname',
836 'bug_status',
837 'product',
838 'component',
839 'resolution'
840 );
841 push(@required_atom_columns, 'target_milestone') if Bugzilla->params->{'usetargetmilestone'};
842
843 foreach my $required (@required_atom_columns) {
844 push(@selectcolumns, $required) if !grep($_ eq $required,@selectcolumns);
845 }
846 }
847
848 ################################################################################
849 # Query Generation
850 ################################################################################
851
852 # Convert the list of columns being selected into a list of column names.
853 my @selectnames = map($columns->{$_}->{'name'}, @selectcolumns);
854
855 # Remove columns with no names, such as percentage_complete
856 # (or a removed *_time column due to permissions)
857 @selectnames = grep($_ ne '', @selectnames);
858
859 ################################################################################
860 # Sort Order Determination
861 ################################################################################
862
863 # Add to the query some instructions for sorting the bug list.
864
865 # First check if we'll want to reuse the last sorting order; that happens if
866 # the order is not defined or its value is "reuse last sort"
867 if (!$order || $order =~ /^reuse/i) {
868 if ($cgi->cookie('LASTORDER')) {
869 $order = $cgi->cookie('LASTORDER');
870
871 # Cookies from early versions of Specific Search included this text,
872 # which is now invalid.
873 $order =~ s/ LIMIT 200//;
874
875 $order_from_cookie = 1;
876 }
877 else {
878 $order = ''; # Remove possible "reuse" identifier as unnecessary
879 }
880 }
881
882 my $db_order = ""; # Modified version of $order for use with SQL query
883 if ($order) {
884 # Convert the value of the "order" form field into a list of columns
885 # by which to sort the results.
886 ORDER: for ($order) {
887 /^Bug Number$/ && do {
888 $order = "bugs.bug_id";
889 last ORDER;
890 };
891 /^Importance$/ && do {
892 $order = "bugs.priority, bugs.bug_severity";
893 last ORDER;
894 };
895 /^Assignee$/ && do {
896 $order = "map_assigned_to.login_name, bugs.bug_status, bugs.priority, bugs.bug_id";
897 last ORDER;
898 };
899 /^Last Changed$/ && do {
900 $order = "bugs.delta_ts, bugs.bug_status, bugs.priority, map_assigned_to.login_name, bugs.bug_id";
901 last ORDER;
902 };
903 do {
904 my @order;
905 my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
906 # A custom list of columns. Make sure each column is valid.
907 foreach my $fragment (split(/,/, $order)) {
908 $fragment = trim($fragment);
909 next unless $fragment;
910 # Accept an order fragment matching a column name, with
911 # asc|desc optionally following (to specify the direction)
912 if (grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames, keys(%$columns))) {
913 next if $fragment =~ /\brelevance\b/ && !$fulltext;
914 push(@order, $fragment);
915 }
916 else {
917 my $vars = { fragment => $fragment };
918 if ($order_from_cookie) {
919 $cgi->remove_cookie('LASTORDER');
920 ThrowCodeError("invalid_column_name_cookie", $vars);
921 }
922 else {
923 ThrowCodeError("invalid_column_name_form", $vars);
924 }
925 }
926 }
927 $order = join(",", @order);
928 # Now that we have checked that all columns in the order are valid,
929 # detaint the order string.
930 trick_taint($order) if $order;
931 };
932 }
933 }
934
935 if (!$order) {
936 # DEFAULT
937 $order = "bugs.bug_status, bugs.priority, map_assigned_to.login_name, bugs.bug_id";
938 }
939
940 # Make sure ORDER BY columns are included in the field list.
941 foreach my $fragment (split(/,/, $order)) {
942 $fragment = trim($fragment);
943 if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @selectnames)) {
944 # Add order columns to selectnames
945 # The fragment has already been validated
946 $fragment =~ s/\s+(asc|desc)$//;
947
948 # While newer fragments contain IDs for aliased columns, older
949 # LASTORDER cookies (or bookmarks) may contain full names.
950 # Convert them to an ID here.
951 if ($fragment =~ / AS (\w+)/) {
952 $fragment = $1;
953 }
954
955 $fragment =~ tr/a-zA-Z\.0-9\-_//cd;
956
957 # If the order fragment is an ID, we need its corresponding name
958 # to be in the field list.
959 if (exists($columns->{$fragment})) {
960 $fragment = $columns->{$fragment}->{'name'};
961 }
962
963 push @selectnames, $fragment;
964 }
965 }
966
967 $db_order = $order; # Copy $order into $db_order for use with SQL query
968
969 # If we are sorting by votes, sort in descending order if no explicit
970 # sort order was given
971 $db_order =~ s/bugs.votes\s*(,|$)/bugs.votes desc$1/i;
972
973 # the 'actual_time' field is defined as an aggregate function, but
974 # for order we just need the column name 'actual_time'
975 my $aggregate_search = quotemeta($columns->{'actual_time'}->{'name'});
976 $db_order =~ s/$aggregate_search/actual_time/g;
977
978 # the 'percentage_complete' field is defined as an aggregate too
979 $aggregate_search = quotemeta($columns->{'percentage_complete'}->{'name'});
980 $db_order =~ s/$aggregate_search/percentage_complete/g;
981
982 # Now put $db_order into a format that Bugzilla::Search can use.
983 # (We create $db_order as a string first because that's the way
984 # we did it before Bugzilla::Search took an "order" argument.)
985 my @orderstrings = split(/,\s*/, $db_order);
986
987 # Generate the basic SQL query that will be used to generate the bug list.
988 my $search = new Bugzilla::Search('fields' => \@selectnames,
989 'params' => $params,
990 'order' => \@orderstrings);
991 my $query = $search->getSQL();
992
993 if (defined $cgi->param('limit')) {
994 my $limit = $cgi->param('limit');
995 if (detaint_natural($limit)) {
996 $query .= " " . $dbh->sql_limit($limit);
997 }
998 }
999 elsif ($fulltext) {
1000 $query .= " " . $dbh->sql_limit(FULLTEXT_BUGLIST_LIMIT);
1001 $vars->{'message'} = 'buglist_sorted_by_relevance' if ($cgi->param('order') =~ /^relevance/);
1002 }
1003
1004
1005 ################################################################################
1006 # Query Execution
1007 ################################################################################
1008
1009 if ($cgi->param('debug')) {
1010 $vars->{'debug'} = 1;
1011 $vars->{'query'} = $query;
1012 $vars->{'debugdata'} = $search->getDebugData();
1013 }
1014
1015 # Time to use server push to display an interim message to the user until
1016 # the query completes and we can display the bug list.
1017 if ($serverpush) {
1018 print $cgi->multipart_init();
1019 print $cgi->multipart_start(-type => 'text/html');
1020
1021 # Generate and return the UI (HTML page) from the appropriate template.
1022 $template->process("list/server-push.html.tmpl", $vars)
1023 || ThrowTemplateError($template->error());
1024
1025 # Under mod_perl, flush stdout so that the page actually shows up.
1026 if ($ENV{MOD_PERL}) {
1027 require Apache2::RequestUtil;
1028 Apache2::RequestUtil->request->rflush();
1029 }
1030
1031 # Don't do multipart_end() until we're ready to display the replacement
1032 # page, otherwise any errors that happen before then (like SQL errors)
1033 # will result in a blank page being shown to the user instead of the error.
1034 }
1035
1036 # Connect to the shadow database if this installation is using one to improve
1037 # query performance.
1038 $dbh = Bugzilla->switch_to_shadow_db();
1039
1040 # Normally, we ignore SIGTERM and SIGPIPE, but we need to
1041 # respond to them here to prevent someone DOSing us by reloading a query
1042 # a large number of times.
1043 $::SIG{TERM} = 'DEFAULT';
1044 $::SIG{PIPE} = 'DEFAULT';
1045
1046 # Execute the query.
1047 my $buglist_sth = $dbh->prepare($query);
1048 $buglist_sth->execute();
1049
1050
1051 ################################################################################
1052 # Results Retrieval
1053 ################################################################################
1054
1055 # Retrieve the query results one row at a time and write the data into a list
1056 # of Perl records.
1057
1058 my $bugowners = {};
1059 my $bugproducts = {};
1060 my $bugstatuses = {};
1061 my @bugidlist;
1062
1063 my @bugs; # the list of records
1064
1065 while (my @row = $buglist_sth->fetchrow_array()) {
1066 my $bug = {}; # a record
1067
1068 # Slurp the row of data into the record.
1069 # The second from last column in the record is the number of groups
1070 # to which the bug is restricted.
1071 foreach my $column (@selectcolumns) {
1072 $bug->{$column} = shift @row;
1073 }
1074
1075 # Process certain values further (i.e. date format conversion).
1076 if ($bug->{'changeddate'}) {
1077 $bug->{'changeddate'} =~
1078 s/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/$1-$2-$3 $4:$5:$6/;
1079
1080 # Put in the change date as a time, so that the template date plugin
1081 # can format the date in any way needed by the template. ICS and Atom
1082 # have specific, and different, date and time formatting.
1083 $bug->{'changedtime'} = str2time($bug->{'changeddate'}, Bugzilla->params->{'timezone'});
1084 $bug->{'changeddate'} = DiffDate($bug->{'changeddate'});
1085 }
1086
1087 if ($bug->{'opendate'}) {
1088 # Put in the open date as a time for the template date plugin.
1089 $bug->{'opentime'} = str2time($bug->{'opendate'}, Bugzilla->params->{'timezone'});
1090 $bug->{'opendate'} = DiffDate($bug->{'opendate'});
1091 }
1092
1093 # Record the assignee, product, and status in the big hashes of those things.
1094 $bugowners->{$bug->{'assigned_to'}} = 1 if $bug->{'assigned_to'};
1095 $bugproducts->{$bug->{'product'}} = 1 if $bug->{'product'};
1096 $bugstatuses->{$bug->{'bug_status'}} = 1 if $bug->{'bug_status'};
1097
1098 $bug->{'secure_mode'} = undef;
1099
1100 # Add the record to the list.
1101 push(@bugs, $bug);
1102
1103 # Add id to list for checking for bug privacy later
1104 push(@bugidlist, $bug->{'bug_id'});
1105 }
1106
1107 # Check for bug privacy and set $bug->{'secure_mode'} to 'implied' or 'manual'
1108 # based on whether the privacy is simply product implied (by mandatory groups)
1109 # or because of human choice
1110 my %min_membercontrol;
1111 if (@bugidlist) {
1112 my $sth = $dbh->prepare(
1113 "SELECT DISTINCT bugs.bug_id, MIN(group_control_map.membercontrol) " .
1114 "FROM bugs " .
1115 "INNER JOIN bug_group_map " .
1116 "ON bugs.bug_id = bug_group_map.bug_id " .
1117 "LEFT JOIN group_control_map " .
1118 "ON group_control_map.product_id = bugs.product_id " .
1119 "AND group_control_map.group_id = bug_group_map.group_id " .
1120 "WHERE " . $dbh->sql_in('bugs.bug_id', \@bugidlist) .
1121 $dbh->sql_group_by('bugs.bug_id'));
1122 $sth->execute();
1123 while (my ($bug_id, $min_membercontrol) = $sth->fetchrow_array()) {
1124 $min_membercontrol{$bug_id} = $min_membercontrol || CONTROLMAPNA;
1125 }
1126 foreach my $bug (@bugs) {
1127 next unless defined($min_membercontrol{$bug->{'bug_id'}});
1128 if ($min_membercontrol{$bug->{'bug_id'}} == CONTROLMAPMANDATORY) {
1129 $bug->{'secure_mode'} = 'implied';
1130 }
1131 else {
1132 $bug->{'secure_mode'} = 'manual';
1133 }
1134 }
1135 }
1136
1137 ################################################################################
1138 # Template Variable Definition
1139 ################################################################################
1140
1141 # Define the variables and functions that will be passed to the UI template.
1142
1143 $vars->{'bugs'} = \@bugs;
1144 $vars->{'buglist'} = \@bugidlist;
1145 $vars->{'buglist_joined'} = join(',', @bugidlist);
1146 $vars->{'columns'} = $columns;
1147 $vars->{'displaycolumns'} = \@displaycolumns;
1148
1149 $vars->{'openstates'} = [BUG_STATE_OPEN];
1150 $vars->{'closedstates'} = [map {$_->name} closed_bug_statuses()];
1151
1152 # The list of query fields in URL query string format, used when creating
1153 # URLs to the same query results page with different parameters (such as
1154 # a different sort order or when taking some action on the set of query
1155 # results). To get this string, we call the Bugzilla::CGI::canoncalise_query
1156 # function with a list of elements to be removed from the URL.
1157 $vars->{'urlquerypart'} = $params->canonicalise_query('order',
1158 'cmdtype',
1159 'query_based_on');
1160 $vars->{'order'} = $order;
1161 $vars->{'caneditbugs'} = 1;
1162
1163 if (!Bugzilla->user->in_group('editbugs')) {
1164 foreach my $product (keys %$bugproducts) {
1165 my $prod = new Bugzilla::Product({name => $product});
1166 if (!Bugzilla->user->in_group('editbugs', $prod->id)) {
1167 $vars->{'caneditbugs'} = 0;
1168 last;
1169 }
1170 }
1171 }
1172
1173 my @bugowners = keys %$bugowners;
1174 if (scalar(@bugowners) > 1 && Bugzilla->user->in_group('editbugs')) {
1175 my $suffix = Bugzilla->params->{'emailsuffix'};
1176 map(s/$/$suffix/, @bugowners) if $suffix;
1177 my $bugowners = join(",", @bugowners);
1178 $vars->{'bugowners'} = $bugowners;
1179 }
1180
1181 # Whether or not to split the column titles across two rows to make
1182 # the list more compact.
1183 $vars->{'splitheader'} = $cgi->cookie('SPLITHEADER') ? 1 : 0;
1184
1185 $vars->{'quip'} = GetQuip();
1186 $vars->{'currenttime'} = time();
1187
1188 # The following variables are used when the user is making changes to multiple bugs.
1189 if ($dotweak && scalar @bugs) {
1190 if (!$vars->{'caneditbugs'}) {
1191 _close_standby_message('text/html', 'inline', $serverpush);
1192 ThrowUserError('auth_failure', {group => 'editbugs',
1193 action => 'modify',
1194 object => 'multiple_bugs'});
1195 }
1196 $vars->{'dotweak'} = 1;
1197 $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
1198
1199 # issue_session_token needs to write to the master DB.
1200 Bugzilla->switch_to_main_db();
1201 $vars->{'token'} = issue_session_token('buglist_mass_change');
1202 Bugzilla->switch_to_shadow_db();
1203
1204 $vars->{'products'} = Bugzilla->user->get_enterable_products;
1205 $vars->{'platforms'} = get_legal_field_values('rep_platform');
1206 $vars->{'op_sys'} = get_legal_field_values('op_sys');
1207 $vars->{'priorities'} = get_legal_field_values('priority');
1208 $vars->{'severities'} = get_legal_field_values('bug_severity');
1209 $vars->{'resolutions'} = get_legal_field_values('resolution');
1210
1211 $vars->{'unconfirmedstate'} = 'UNCONFIRMED';
1212
1213 # Convert bug statuses to their ID.
1214 my @bug_statuses = map {$dbh->quote($_)} keys %$bugstatuses;
1215 my $bug_status_ids =
1216 $dbh->selectcol_arrayref('SELECT id FROM bug_status
1217 WHERE ' . $dbh->sql_in('value', \@bug_statuses));
1218
1219 # This query collects new statuses which are common to all current bug statuses.
1220 # It also accepts transitions where the bug status doesn't change.
1221 $bug_status_ids =
1222 $dbh->selectcol_arrayref(
1223 'SELECT DISTINCT sw1.new_status
1224 FROM status_workflow sw1
1225 INNER JOIN bug_status
1226 ON bug_status.id = sw1.new_status
1227 WHERE bug_status.isactive = 1
1228 AND NOT EXISTS
1229 (SELECT * FROM status_workflow sw2
1230 WHERE sw2.old_status != sw1.new_status
1231 AND '
1232 . $dbh->sql_in('sw2.old_status', $bug_status_ids)
1233 . ' AND NOT EXISTS
1234 (SELECT * FROM status_workflow sw3
1235 WHERE sw3.new_status = sw1.new_status
1236 AND sw3.old_status = sw2.old_status))');
1237
1238 $vars->{'current_bug_statuses'} = [keys %$bugstatuses];
1239 $vars->{'new_bug_statuses'} = Bugzilla::Status->new_from_list($bug_status_ids);
1240
1241 # The groups the user belongs to and which are editable for the given buglist.
1242 my @products = keys %$bugproducts;
1243 $vars->{'groups'} = GetGroups(\@products);
1244
1245 # If all bugs being changed are in the same product, the user can change
1246 # their version and component, so generate a list of products, a list of
1247 # versions for the product (if there is only one product on the list of
1248 # products), and a list of components for the product.
1249 if (scalar(@products) == 1) {
1250 my $product = new Bugzilla::Product({name => $products[0]});
1251 $vars->{'versions'} = [map($_->name ,@{$product->versions})];
1252 $vars->{'components'} = [map($_->name, @{$product->components})];
1253 $vars->{'targetmilestones'} = [map($_->name, @{$product->milestones})]
1254 if Bugzilla->params->{'usetargetmilestone'};
1255 }
1256 }
1257
1258 # If we're editing a stored query, use the existing query name as default for
1259 # the "Remember search as" field.
1260 $vars->{'defaultsavename'} = $cgi->param('query_based_on');
1261
1262
1263 ################################################################################
1264 # HTTP Header Generation
1265 ################################################################################
1266
1267 # Generate HTTP headers
1268
1269 my $contenttype;
1270 my $disposition = "inline";
1271
1272 if ($format->{'extension'} eq "html" && !$agent) {
1273 if ($order) {
1274 $cgi->send_cookie(-name => 'LASTORDER',
1275 -value => $order,
1276 -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
1277 }
1278 my $bugids = join(":", @bugidlist);
1279 # See also Bug 111999
1280 if (length($bugids) == 0) {
1281 $cgi->remove_cookie('BUGLIST');
1282 }
1283 elsif (length($bugids) < 4000) {
1284 $cgi->send_cookie(-name => 'BUGLIST',
1285 -value => $bugids,
1286 -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
1287 }
1288 else {
1289 $cgi->remove_cookie('BUGLIST');
1290 $vars->{'toolong'} = 1;
1291 }
1292
1293 $contenttype = "text/html";
1294 }
1295 else {
1296 $contenttype = $format->{'ctype'};
1297 }
1298
1299 if ($format->{'extension'} eq "csv") {
1300 # We set CSV files to be downloaded, as they are designed for importing
1301 # into other programs.
1302 $disposition = "attachment";
1303 }
1304
1305 # Suggest a name for the bug list if the user wants to save it as a file.
1306 $disposition .= "; filename=\"$filename\"";
1307
1308 _close_standby_message($contenttype, $disposition, $serverpush);
1309
1310 ################################################################################
1311 # Content Generation
1312 ################################################################################
1313
1314 # Generate and return the UI (HTML page) from the appropriate template.
1315 $template->process($format->{'template'}, $vars)
1316 || ThrowTemplateError($template->error());
1317
1318
1319 ################################################################################
1320 # Script Conclusion
1321 ################################################################################
1322
1323 print $cgi->multipart_final() if $serverpush;
Experimental WebKit port