Merge branch '4.4.9-to-5.0-vanilla-nohist' into 5.0-migration

Move @gentoo.org restriction for new accounts into the Gentoo extentions.
Reset some templates to vanilla/default. We'll use custom ones from now on

1 files changed, 86 insertions, 88 deletions

diff --git a/attachment.cgi b/attachment.cgi
index 5902bcc46..c16e0f012 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl -T
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -6,12 +6,9 @@
 # This Source Code Form is "Incompatible With Secondary Licenses", as
 # defined by the Mozilla Public License, v. 2.0.
 
-################################################################################
-# Script Initialization
-################################################################################
-
-# Make it harder for us to do dangerous things in Perl.
+use 5.10.1;
 use strict;
+use warnings;
 
 use lib qw(. lib);
 
@@ -24,11 +21,9 @@ use Bugzilla::FlagType;
 use Bugzilla::User;
 use Bugzilla::Util;
 use Bugzilla::Bug;
-use Bugzilla::Field;
 use Bugzilla::Attachment;
 use Bugzilla::Attachment::PatchReader;
 use Bugzilla::Token;
-use Bugzilla::Keyword;
 
 use Encode qw(encode find_encoding);
 
@@ -40,10 +35,6 @@ local our $cgi = Bugzilla->cgi;
 local our $template = Bugzilla->template;
 local our $vars = {};
 
-################################################################################
-# Main Body Execution
-################################################################################
-
 # All calls to this script should contain an "action" variable whose
 # value determines what the user wants to do.  The code below checks
 # the value of that variable and runs the appropriate code. If none is
@@ -151,7 +142,7 @@ sub validateID {
                           { attach_id => scalar $cgi->param($param) });
   
     # Make sure the attachment exists in the database.
-    my $attachment = new Bugzilla::Attachment($attach_id)
+    my $attachment = new Bugzilla::Attachment({ id => $attach_id, cache => 1 })
         || ThrowUserError("invalid_attach_id", { attach_id => $attach_id });
 
     return $attachment if ($dont_validate_access || check_can_access($attachment));
@@ -163,7 +154,7 @@ sub check_can_access {
     my $user = Bugzilla->user;
 
     # Make sure the user is authorized to access this attachment's bug.
-    Bugzilla::Bug->check($attachment->bug_id);
+    Bugzilla::Bug->check({ id => $attachment->bug_id, cache => 1 });
     if ($attachment->isprivate && $user->id != $attachment->attacher->id 
         && !$user->is_insider) 
     {
@@ -199,20 +190,6 @@ sub validateFormat {
   return $format;
 }
 
-# Validates context of a diff/interdiff. Will throw an error if the context
-# is not number, "file" or "patch". Returns the validated, detainted context.
-sub validateContext
-{
-  my $context = $cgi->param('context') || "patch";
-  if ($context ne "file" && $context ne "patch") {
-      my $orig_context = $context;
-      detaint_natural($context)
-        || ThrowUserError("invalid_context", { context => $orig_context });
-  }
-
-  return $context;
-}
-
 # Gets the attachment object(s) generated by validateID, while ensuring
 # attachbase and token authentication is used when required.
 sub get_attachment {
@@ -401,17 +378,15 @@ sub interdiff {
         $old_attachment = validateID('oldid');
         $new_attachment = validateID('newid');
     }
-    my $context = validateContext();
 
     Bugzilla::Attachment::PatchReader::process_interdiff(
-        $old_attachment, $new_attachment, $format, $context);
+        $old_attachment, $new_attachment, $format);
 }
 
 sub diff {
     # Retrieve and validate parameters
     my $format = validateFormat('html', 'raw');
     my $attachment = $format eq 'raw' ? get_attachment() : validateID();
-    my $context = validateContext();
 
     # If it is not a patch, view normally.
     if (!$attachment->ispatch) {
@@ -419,14 +394,14 @@ sub diff {
         return;
     }
 
-    Bugzilla::Attachment::PatchReader::process_diff($attachment, $format, $context);
+    Bugzilla::Attachment::PatchReader::process_diff($attachment, $format);
 }
 
 # Display all attachments for a given bug in a series of IFRAMEs within one
 # HTML page.
 sub viewall {
     # Retrieve and validate parameters
-    my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
+    my $bug = Bugzilla::Bug->check({ id => scalar $cgi->param('bugid'), cache => 1 });
 
     my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bug);
     # Ignore deleted attachments.
@@ -557,49 +532,50 @@ sub insert {
                                   type => CMT_ATTACHMENT_CREATED,
                                   extra_data => $attachment->id });
 
-  # Assign the bug to the user, if they are allowed to take it
-  my $owner = "";
-  if ($cgi->param('takebug') && $user->in_group('editbugs', $bug->product_id)) {
-      # When taking a bug, we have to follow the workflow.
-      my $bug_status = $cgi->param('bug_status') || '';
-      ($bug_status) = grep {$_->name eq $bug_status} @{$bug->status->can_change_to};
-
-      if ($bug_status && $bug_status->is_open
-          && ($bug_status->name ne 'UNCONFIRMED' 
-              || $bug->product_obj->allows_unconfirmed))
-      {
-          $bug->set_bug_status($bug_status->name);
-          $bug->clear_resolution();
-      }
-      # Make sure the person we are taking the bug from gets mail.
-      $owner = $bug->assigned_to->login;
-      $bug->set_assigned_to($user);
-  }
+    # Assign the bug to the user, if they are allowed to take it
+    my $owner = "";
+    if ($cgi->param('takebug') && $user->in_group('editbugs', $bug->product_id)) {
+        # When taking a bug, we have to follow the workflow.
+        my $bug_status = $cgi->param('bug_status') || '';
+        ($bug_status) = grep { $_->name eq $bug_status }
+                        @{ $bug->status->can_change_to };
+
+        if ($bug_status && $bug_status->is_open
+            && ($bug_status->name ne 'UNCONFIRMED'
+                || $bug->product_obj->allows_unconfirmed))
+        {
+            $bug->set_bug_status($bug_status->name);
+            $bug->clear_resolution();
+        }
+        # Make sure the person we are taking the bug from gets mail.
+        $owner = $bug->assigned_to->login;
+        $bug->set_assigned_to($user);
+    }
 
-  $bug->add_cc($user) if $cgi->param('addselfcc');
-  $bug->update($timestamp);
+    $bug->add_cc($user) if $cgi->param('addselfcc');
+    $bug->update($timestamp);
 
-  # We have to update the attachment after updating the bug, to ensure new
-  # comments are available.
-  $attachment->update($timestamp);
+    # We have to update the attachment after updating the bug, to ensure new
+    # comments are available.
+    $attachment->update($timestamp);
 
-  $dbh->bz_commit_transaction;
+    $dbh->bz_commit_transaction;
 
-  # Define the variables and functions that will be passed to the UI template.
-  $vars->{'attachment'} = $attachment;
-  # We cannot reuse the $bug object as delta_ts has eventually been updated
-  # since the object was created.
-  $vars->{'bugs'} = [new Bugzilla::Bug($bugid)];
-  $vars->{'header_done'} = 1;
-  $vars->{'contenttypemethod'} = $cgi->param('contenttypemethod');
+    # Define the variables and functions that will be passed to the UI template.
+    $vars->{'attachment'} = $attachment;
+    # We cannot reuse the $bug object as delta_ts has eventually been updated
+    # since the object was created.
+    $vars->{'bugs'} = [new Bugzilla::Bug($bugid)];
+    $vars->{'header_done'} = 1;
+    $vars->{'contenttypemethod'} = $cgi->param('contenttypemethod');
 
-  my $recipients =  { 'changer' => $user, 'owner' => $owner };
-  $vars->{'sent_bugmail'} = Bugzilla::BugMail::Send($bugid, $recipients);
+    my $recipients = { 'changer' => $user, 'owner' => $owner };
+    $vars->{'sent_bugmail'} = Bugzilla::BugMail::Send($bugid, $recipients);
 
-  print $cgi->header();
-  # Generate and return the UI (HTML page) from the appropriate template.
-  $template->process("attachment/created.html.tmpl", $vars)
-    || ThrowTemplateError($template->error());
+    print $cgi->header();
+    # Generate and return the UI (HTML page) from the appropriate template.
+    $template->process("attachment/created.html.tmpl", $vars)
+        || ThrowTemplateError($template->error());
 }
 
 # Displays a form for editing attachment properties.
@@ -607,25 +583,25 @@ sub insert {
 # is private and the user does not belong to the insider group.
 # Validations are done later when the user submits changes.
 sub edit {
-  my $attachment = validateID();
+    my $attachment = validateID();
 
-  my $bugattachments =
-      Bugzilla::Attachment->get_attachments_by_bug($attachment->bug);
+    my $bugattachments =
+        Bugzilla::Attachment->get_attachments_by_bug($attachment->bug);
 
-  my $any_flags_requesteeble =
-    grep { $_->is_requestable && $_->is_requesteeble } @{$attachment->flag_types};
-  # Useful in case a flagtype is no longer requestable but a requestee
-  # has been set before we turned off that bit.
-  $any_flags_requesteeble ||= grep { $_->requestee_id } @{$attachment->flags};
-  $vars->{'any_flags_requesteeble'} = $any_flags_requesteeble;
-  $vars->{'attachment'} = $attachment;
-  $vars->{'attachments'} = $bugattachments;
+    my $any_flags_requesteeble = grep { $_->is_requestable && $_->is_requesteeble }
+                                 @{ $attachment->flag_types };
+    # Useful in case a flagtype is no longer requestable but a requestee
+    # has been set before we turned off that bit.
+    $any_flags_requesteeble ||= grep { $_->requestee_id } @{ $attachment->flags };
+    $vars->{'any_flags_requesteeble'} = $any_flags_requesteeble;
+    $vars->{'attachment'} = $attachment;
+    $vars->{'attachments'} = $bugattachments;
 
-  print $cgi->header();
+    print $cgi->header();
 
-  # Generate and return the UI (HTML page) from the appropriate template.
-  $template->process("attachment/edit.html.tmpl", $vars)
-    || ThrowTemplateError($template->error());
+    # Generate and return the UI (HTML page) from the appropriate template.
+    $template->process("attachment/edit.html.tmpl", $vars)
+        || ThrowTemplateError($template->error());
 }
 
 # Updates an attachment record. Only users with "editbugs" privileges,
@@ -642,7 +618,7 @@ sub update {
     my $attachment = validateID();
     my $bug = $attachment->bug;
     $attachment->_check_bug;
-    my $can_edit = $attachment->validate_can_edit($bug->product_id);
+    my $can_edit = $attachment->validate_can_edit;
 
     if ($can_edit) {
         $attachment->set_description(scalar $cgi->param('description'));
@@ -696,11 +672,33 @@ sub update {
 
     $bug->add_cc($user) if $cgi->param('addselfcc');
 
+    my ($flags, $new_flags) =
+      Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars);
+
     if ($can_edit) {
-        my ($flags, $new_flags) =
-          Bugzilla::Flag->extract_flags_from_cgi($bug, $attachment, $vars);
         $attachment->set_flags($flags, $new_flags);
     }
+    # Requestees can set flags targetted to them, even if they cannot
+    # edit the attachment. Flag setters can edit their own flags too.
+    elsif (scalar @$flags) {
+        my %flag_list = map { $_->{id} => $_ } @$flags;
+        my $flag_objs = Bugzilla::Flag->new_from_list([keys %flag_list]);
+
+        my @editable_flags;
+        foreach my $flag_obj (@$flag_objs) {
+            if ($flag_obj->setter_id == $user->id
+                || ($flag_obj->requestee_id && $flag_obj->requestee_id == $user->id))
+            {
+                push(@editable_flags, $flag_list{$flag_obj->id});
+            }
+        }
+
+        if (scalar @editable_flags) {
+            $attachment->set_flags(\@editable_flags, []);
+            # Flag changes must be committed.
+            $can_edit = 1;
+        }
+    }
 
     # Figure out when the changes were made.
     my $timestamp = $dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)');