Strona główna Odkrywaj Pomoc
Zaloguj się
d3m3vilurr
/
sonyoss-vita-webkit
Obserwuj 1
Polub 0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
sonyoss-vita...
/
Websites
/
bugs.webkit.org
/
Bugzilla
/
Attachment.pm

Attachment.pm 26 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960 
  1. # -*- Mode: perl; indent-tabs-mode: nil -*-
    2. 

  2. #
    3. 

  3. # The contents of this file are subject to the Mozilla Public
    4. 

  4. # License Version 1.1 (the "License"); you may not use this file
    5. 

  5. # except in compliance with the License. You may obtain a copy of
    6. 

  6. # the License at http://www.mozilla.org/MPL/
    7. 

  7. #
    8. 

  8. # Software distributed under the License is distributed on an "AS
    9. 

  9. # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
    10. 

  10. # implied. See the License for the specific language governing
    11. 

  11. # rights and limitations under the License.
    12. 

  12. #
    13. 

  13. # The Original Code is the Bugzilla Bug Tracking System.
    14. 

  14. #
    15. 

  15. # The Initial Developer of the Original Code is Netscape Communications
    16. 

  16. # Corporation. Portions created by Netscape are
    17. 

  17. # Copyright (C) 1998 Netscape Communications Corporation. All
    18. 

  18. # Rights Reserved.
    19. 

  19. #
    20. 

  20. # Contributor(s): Terry Weissman <terry@mozilla.org>
    21. 

  21. #                 Myk Melez <myk@mozilla.org>
    22. 

  22. #                 Marc Schumann <wurblzap@gmail.com>
    23. 

  23. #                 Frédéric Buclin <LpSolit@gmail.com>
    24. 

  24. 

  25. use strict;
    26. 

  26. 

  27. package Bugzilla::Attachment;
    28. 

  28. 

  29. =head1 NAME
    30. 

  30. 

  31. Bugzilla::Attachment - a file related to a bug that a user has uploaded
    32. 

  32.                        to the Bugzilla server
    33. 

  33. 

  34. =head1 SYNOPSIS
    35. 

  35. 

  36.   use Bugzilla::Attachment;
    37. 

  37. 

  38.   # Get the attachment with the given ID.
    39. 

  39.   my $attachment = Bugzilla::Attachment->get($attach_id);
    40. 

  40. 

  41.   # Get the attachments with the given IDs.
    42. 

  42.   my $attachments = Bugzilla::Attachment->get_list($attach_ids);
    43. 

  43. 

  44. =head1 DESCRIPTION
    45. 

  45. 

  46. This module defines attachment objects, which represent files related to bugs
    47. 

  47. that users upload to the Bugzilla server.
    48. 

  48. 

  49. =cut
    50. 

  50. 

  51. use Bugzilla::Constants;
    52. 

  52. use Bugzilla::Error;
    53. 

  53. use Bugzilla::Flag;
    54. 

  54. use Bugzilla::User;
    55. 

  55. use Bugzilla::Util;
    56. 

  56. use Bugzilla::Field;
    57. 

  57. 

  58. sub get {
    59. 

  59.     my $invocant = shift;
    60. 

  60.     my $id = shift;
    61. 

  61. 

  62.     my $attachments = _retrieve([$id]);
    63. 

  63.     my $self = $attachments->[0];
    64. 

  64.     bless($self, ref($invocant) || $invocant) if $self;
    65. 

  65. 

  66.     return $self;
    67. 

  67. }
    68. 

  68. 

  69. sub get_list {
    70. 

  70.     my $invocant = shift;
    71. 

  71.     my $ids = shift;
    72. 

  72. 

  73.     my $attachments = _retrieve($ids);
    74. 

  74.     foreach my $attachment (@$attachments) {
    75. 

  75.         bless($attachment, ref($invocant) || $invocant);
    76. 

  76.     }
    77. 

  77. 

  78.     return $attachments;
    79. 

  79. }
    80. 

  80. 

  81. sub _retrieve {
    82. 

  82.     my ($ids) = @_;
    83. 

  83. 

  84.     return [] if scalar(@$ids) == 0;
    85. 

  85. 

  86.     my @columns = (
    87. 

  87.         'attachments.attach_id AS id',
    88. 

  88.         'attachments.bug_id AS bug_id',
    89. 

  89.         'attachments.description AS description',
    90. 

  90.         'attachments.mimetype AS contenttype',
    91. 

  91.         'attachments.submitter_id AS attacher_id',
    92. 

  92.         Bugzilla->dbh->sql_date_format('attachments.creation_ts',
    93. 

  93.                                        '%Y.%m.%d %H:%i') . " AS attached",
    94. 

  94.         'attachments.modification_time',
    95. 

  95.         'attachments.filename AS filename',
    96. 

  96.         'attachments.ispatch AS ispatch',
    97. 

  97.         'attachments.isurl AS isurl',
    98. 

  98.         'attachments.isobsolete AS isobsolete',
    99. 

  99.         'attachments.isprivate AS isprivate'
    100. 

  100.     );
    101. 

  101.     my $columns = join(", ", @columns);
    102. 

  102.     my $dbh = Bugzilla->dbh;
    103. 

  103.     my $records = $dbh->selectall_arrayref(
    104. 

  104.                       "SELECT $columns
    105. 

  105.                          FROM attachments
    106. 

  106.                         WHERE " 
    107. 

  107.                        . Bugzilla->dbh->sql_in('attach_id', $ids) 
    108. 

  108.                  . " ORDER BY attach_id",
    109. 

  109.                        { Slice => {} });
    110. 

  110.     return $records;
    111. 

  111. }
    112. 

  112. 

  113. =pod
    114. 

  114. 

  115. =head2 Instance Properties
    116. 

  116. 

  117. =over
    118. 

  118. 

  119. =item C<id>
    120. 

  120. 

  121. the unique identifier for the attachment
    122. 

  122. 

  123. =back
    124. 

  124. 

  125. =cut
    126. 

  126. 

  127. sub id {
    128. 

  128.     my $self = shift;
    129. 

  129.     return $self->{id};
    130. 

  130. }
    131. 

  131. 

  132. =over
    133. 

  133. 

  134. =item C<bug_id>
    135. 

  135. 

  136. the ID of the bug to which the attachment is attached
    137. 

  137. 

  138. =back
    139. 

  139. 

  140. =cut
    141. 

  141. 

  142. # XXX Once Bug.pm slims down sufficiently this should become a reference
    143. 

  143. # to a bug object.
    144. 

  144. sub bug_id {
    145. 

  145.     my $self = shift;
    146. 

  146.     return $self->{bug_id};
    147. 

  147. }
    148. 

  148. 

  149. =over
    150. 

  150. 

  151. =item C<description>
    152. 

  152. 

  153. user-provided text describing the attachment
    154. 

  154. 

  155. =back
    156. 

  156. 

  157. =cut
    158. 

  158. 

  159. sub description {
    160. 

  160.     my $self = shift;
    161. 

  161.     return $self->{description};
    162. 

  162. }
    163. 

  163. 

  164. =over
    165. 

  165. 

  166. =item C<contenttype>
    167. 

  167. 

  168. the attachment's MIME media type
    169. 

  169. 

  170. =back
    171. 

  171. 

  172. =cut
    173. 

  173. 

  174. sub contenttype {
    175. 

  175.     my $self = shift;
    176. 

  176.     return $self->{contenttype};
    177. 

  177. }
    178. 

  178. 

  179. =over
    180. 

  180. 

  181. =item C<attacher>
    182. 

  182. 

  183. the user who attached the attachment
    184. 

  184. 

  185. =back
    186. 

  186. 

  187. =cut
    188. 

  188. 

  189. sub attacher {
    190. 

  190.     my $self = shift;
    191. 

  191.     return $self->{attacher} if exists $self->{attacher};
    192. 

  192.     $self->{attacher} = new Bugzilla::User($self->{attacher_id});
    193. 

  193.     return $self->{attacher};
    194. 

  194. }
    195. 

  195. 

  196. =over
    197. 

  197. 

  198. =item C<attached>
    199. 

  199. 

  200. the date and time on which the attacher attached the attachment
    201. 

  201. 

  202. =back
    203. 

  203. 

  204. =cut
    205. 

  205. 

  206. sub attached {
    207. 

  207.     my $self = shift;
    208. 

  208.     return $self->{attached};
    209. 

  209. }
    210. 

  210. 

  211. =over
    212. 

  212. 

  213. =item C<modification_time>
    214. 

  214. 

  215. the date and time on which the attachment was last modified.
    216. 

  216. 

  217. =back
    218. 

  218. 

  219. =cut
    220. 

  220. 

  221. sub modification_time {
    222. 

  222.     my $self = shift;
    223. 

  223.     return $self->{modification_time};
    224. 

  224. }
    225. 

  225. 

  226. =over
    227. 

  227. 

  228. =item C<filename>
    229. 

  229. 

  230. the name of the file the attacher attached
    231. 

  231. 

  232. =back
    233. 

  233. 

  234. =cut
    235. 

  235. 

  236. sub filename {
    237. 

  237.     my $self = shift;
    238. 

  238.     return $self->{filename};
    239. 

  239. }
    240. 

  240. 

  241. =over
    242. 

  242. 

  243. =item C<ispatch>
    244. 

  244. 

  245. whether or not the attachment is a patch
    246. 

  246. 

  247. =back
    248. 

  248. 

  249. =cut
    250. 

  250. 

  251. sub ispatch {
    252. 

  252.     my $self = shift;
    253. 

  253.     return $self->{ispatch};
    254. 

  254. }
    255. 

  255. 

  256. =over
    257. 

  257. 

  258. =item C<isurl>
    259. 

  259. 

  260. whether or not the attachment is a URL
    261. 

  261. 

  262. =back
    263. 

  263. 

  264. =cut
    265. 

  265. 

  266. sub isurl {
    267. 

  267.     my $self = shift;
    268. 

  268.     return $self->{isurl};
    269. 

  269. }
    270. 

  270. 

  271. =over
    272. 

  272. 

  273. =item C<isobsolete>
    274. 

  274. 

  275. whether or not the attachment is obsolete
    276. 

  276. 

  277. =back
    278. 

  278. 

  279. =cut
    280. 

  280. 

  281. sub isobsolete {
    282. 

  282.     my $self = shift;
    283. 

  283.     return $self->{isobsolete};
    284. 

  284. }
    285. 

  285. 

  286. =over
    287. 

  287. 

  288. =item C<isprivate>
    289. 

  289. 

  290. whether or not the attachment is private
    291. 

  291. 

  292. =back
    293. 

  293. 

  294. =cut
    295. 

  295. 

  296. sub isprivate {
    297. 

  297.     my $self = shift;
    298. 

  298.     return $self->{isprivate};
    299. 

  299. }
    300. 

  300. 

  301. =over
    302. 

  302. 

  303. =item C<is_viewable>
    304. 

  304. 

  305. Returns 1 if the attachment has a content-type viewable in this browser.
    306. 

  306. Note that we don't use $cgi->Accept()'s ability to check if a content-type
    307. 

  307. matches, because this will return a value even if it's matched by the generic
    308. 

  308. */* which most browsers add to the end of their Accept: headers.
    309. 

  309. 

  310. =back
    311. 

  311. 

  312. =cut
    313. 

  313. 

  314. sub is_viewable {
    315. 

  315.     my $self = shift;
    316. 

  316.     my $contenttype = $self->contenttype;
    317. 

  317.     my $cgi = Bugzilla->cgi;
    318. 

  318. 

  319.     # We assume we can view all text and image types.
    320. 

  320.     return 1 if ($contenttype =~ /^(text|image)\//);
    321. 

  321. 

  322.     # Mozilla can view XUL. Note the trailing slash on the Gecko detection to
    323. 

  323.     # avoid sending XUL to Safari.
    324. 

  324.     return 1 if (($contenttype =~ /^application\/vnd\.mozilla\./)
    325. 

  325.                  && ($cgi->user_agent() =~ /Gecko\//));
    326. 

  326. 

  327.     # If it's not one of the above types, we check the Accept: header for any
    328. 

  328.     # types mentioned explicitly.
    329. 

  329.     my $accept = join(",", $cgi->Accept());
    330. 

  330.     return 1 if ($accept =~ /^(.*,)?\Q$contenttype\E(,.*)?$/);
    331. 

  331. 

  332.     return 0;
    333. 

  333. }
    334. 

  334. 

  335. =over
    336. 

  336. 

  337. =item C<data>
    338. 

  338. 

  339. the content of the attachment
    340. 

  340. 

  341. =back
    342. 

  342. 

  343. =cut
    344. 

  344. 

  345. sub data {
    346. 

  346.     my $self = shift;
    347. 

  347.     return $self->{data} if exists $self->{data};
    348. 

  348. 

  349.     # First try to get the attachment data from the database.
    350. 

  350.     ($self->{data}) = Bugzilla->dbh->selectrow_array("SELECT thedata
    351. 

  351.                                                       FROM attach_data
    352. 

  352.                                                       WHERE id = ?",
    353. 

  353.                                                      undef,
    354. 

  354.                                                      $self->{id});
    355. 

  355. 

  356.     # If there's no attachment data in the database, the attachment is stored
    357. 

  357.     # in a local file, so retrieve it from there.
    358. 

  358.     if (length($self->{data}) == 0) {
    359. 

  359.         if (open(AH, $self->_get_local_filename())) {
    360. 

  360.             local $/;
    361. 

  361.             binmode AH;
    362. 

  362.             $self->{data} = <AH>;
    363. 

  363.             close(AH);
    364. 

  364.         }
    365. 

  365.     }
    366. 

  366. 

  367.     return $self->{data};
    368. 

  368. }
    369. 

  369. 

  370. =over
    371. 

  371. 

  372. =item C<datasize>
    373. 

  373. 

  374. the length (in characters) of the attachment content
    375. 

  375. 

  376. =back
    377. 

  377. 

  378. =cut
    379. 

  379. 

  380. # datasize is a property of the data itself, and it's unclear whether we should
    381. 

  381. # expose it at all, since you can easily derive it from the data itself: in TT,
    382. 

  382. # attachment.data.size; in Perl, length($attachment->{data}).  But perhaps
    383. 

  383. # it makes sense for performance reasons, since accessing the data forces it
    384. 

  384. # to get retrieved from the database/filesystem and loaded into memory,
    385. 

  385. # while datasize avoids loading the attachment into memory, calling SQL's
    386. 

  386. # LENGTH() function or stat()ing the file instead.  I've left it in for now.
    387. 

  387. 

  388. sub datasize {
    389. 

  389.     my $self = shift;
    390. 

  390.     return $self->{datasize} if exists $self->{datasize};
    391. 

  391. 

  392.     # If we have already retrieved the data, return its size.
    393. 

  393.     return length($self->{data}) if exists $self->{data};
    394. 

  394. 

  395.     $self->{datasize} =
    396. 

  396.         Bugzilla->dbh->selectrow_array("SELECT LENGTH(thedata)
    397. 

  397.                                         FROM attach_data
    398. 

  398.                                         WHERE id = ?",
    399. 

  399.                                        undef, $self->{id}) || 0;
    400. 

  400. 

  401.     # If there's no attachment data in the database, either the attachment
    402. 

  402.     # is stored in a local file, and so retrieve its size from the file,
    403. 

  403.     # or the attachment has been deleted.
    404. 

  404.     unless ($self->{datasize}) {
    405. 

  405.         if (open(AH, $self->_get_local_filename())) {
    406. 

  406.             binmode AH;
    407. 

  407.             $self->{datasize} = (stat(AH))[7];
    408. 

  408.             close(AH);
    409. 

  409.         }
    410. 

  410.     }
    411. 

  411. 

  412.     return $self->{datasize};
    413. 

  413. }
    414. 

  414. 

  415. =over
    416. 

  416. 

  417. =item C<flags>
    418. 

  418. 

  419. flags that have been set on the attachment
    420. 

  420. 

  421. =back
    422. 

  422. 

  423. =cut
    424. 

  424. 

  425. sub flags {
    426. 

  426.     my $self = shift;
    427. 

  427.     return $self->{flags} if exists $self->{flags};
    428. 

  428. 

  429.     $self->{flags} = Bugzilla::Flag->match({ 'attach_id' => $self->id });
    430. 

  430.     return $self->{flags};
    431. 

  431. }
    432. 

  432. 

  433. # Instance methods; no POD documentation here yet because the only ones so far
    434. 

  434. # are private.
    435. 

  435. 

  436. sub _get_local_filename {
    437. 

  437.     my $self = shift;
    438. 

  438.     my $hash = ($self->id % 100) + 100;
    439. 

  439.     $hash =~ s/.*(\d\d)$/group.$1/;
    440. 

  440.     return bz_locations()->{'attachdir'} . "/$hash/attachment." . $self->id;
    441. 

  441. }
    442. 

  442. 

  443. sub _validate_filename {
    444. 

  444.     my ($throw_error) = @_;
    445. 

  445.     my $cgi = Bugzilla->cgi;
    446. 

  446.     defined $cgi->upload('data')
    447. 

  447.         || ($throw_error ? ThrowUserError("file_not_specified") : return 0);
    448. 

  448. 

  449.     my $filename = $cgi->upload('data');
    450. 

  450. 

  451.     # Remove path info (if any) from the file name.  The browser should do this
    452. 

  452.     # for us, but some are buggy.  This may not work on Mac file names and could
    453. 

  453.     # mess up file names with slashes in them, but them's the breaks.  We only
    454. 

  454.     # use this as a hint to users downloading attachments anyway, so it's not
    455. 

  455.     # a big deal if it munges incorrectly occasionally.
    456. 

  456.     $filename =~ s/^.*[\/\\]//;
    457. 

  457. 

  458.     # Truncate the filename to 100 characters, counting from the end of the
    459. 

  459.     # string to make sure we keep the filename extension.
    460. 

  460.     $filename = substr($filename, -100, 100);
    461. 

  461. 

  462.     return $filename;
    463. 

  463. }
    464. 

  464. 

  465. sub _validate_data {
    466. 

  466.     my ($throw_error, $hr_vars) = @_;
    467. 

  467.     my $cgi = Bugzilla->cgi;
    468. 

  468.     my $maxsize = $cgi->param('ispatch') ? Bugzilla->params->{'maxpatchsize'} 
    469. 

  469.                   : Bugzilla->params->{'maxattachmentsize'};
    470. 

  470.     $maxsize *= 1024; # Convert from K
    471. 

  471.     my $fh;
    472. 

  472.     # Skip uploading into a local variable if the user wants to upload huge
    473. 

  473.     # attachments into local files.
    474. 

  474.     if (!$cgi->param('bigfile')) {
    475. 

  475.         $fh = $cgi->upload('data');
    476. 

  476.     }
    477. 

  477.     my $data;
    478. 

  478. 

  479.     # We could get away with reading only as much as required, except that then
    480. 

  480.     # we wouldn't have a size to print to the error handler below.
    481. 

  481.     if (!$cgi->param('bigfile')) {
    482. 

  482.         # enable 'slurp' mode
    483. 

  483.         local $/;
    484. 

  484.         $data = <$fh>;
    485. 

  485.     }
    486. 

  486. 

  487.     $data
    488. 

  488.         || ($cgi->param('bigfile'))
    489. 

  489.         || ($throw_error ? ThrowUserError("zero_length_file") : return 0);
    490. 

  490. 

  491.     # Windows screenshots are usually uncompressed BMP files which
    492. 

  492.     # makes for a quick way to eat up disk space. Let's compress them.
    493. 

  493.     # We do this before we check the size since the uncompressed version
    494. 

  494.     # could easily be greater than maxattachmentsize.
    495. 

  495.     if (Bugzilla->params->{'convert_uncompressed_images'}
    496. 

  496.         && $cgi->param('contenttype') eq 'image/bmp') {
    497. 

  497.         require Image::Magick;
    498. 

  498.         my $img = Image::Magick->new(magick=>'bmp');
    499. 

  499.         $img->BlobToImage($data);
    500. 

  500.         $img->set(magick=>'png');
    501. 

  501.         my $imgdata = $img->ImageToBlob();
    502. 

  502.         $data = $imgdata;
    503. 

  503.         $cgi->param('contenttype', 'image/png');
    504. 

  504.         $hr_vars->{'convertedbmp'} = 1;
    505. 

  505.     }
    506. 

  506. 

  507.     # Make sure the attachment does not exceed the maximum permitted size
    508. 

  508.     my $len = $data ? length($data) : 0;
    509. 

  509.     if ($maxsize && $len > $maxsize) {
    510. 

  510.         my $vars = { filesize => sprintf("%.0f", $len/1024) };
    511. 

  511.         if ($cgi->param('ispatch')) {
    512. 

  512.             $throw_error ? ThrowUserError("patch_too_large", $vars) : return 0;
    513. 

  513.         }
    514. 

  514.         else {
    515. 

  515.             $throw_error ? ThrowUserError("file_too_large", $vars) : return 0;
    516. 

  516.         }
    517. 

  517.     }
    518. 

  518. 

  519.     return $data || '';
    520. 

  520. }
    521. 

  521. 

  522. =pod
    523. 

  523. 

  524. =head2 Class Methods
    525. 

  525. 

  526. =over
    527. 

  527. 

  528. =item C<get_attachments_by_bug($bug_id)>
    529. 

  529. 

  530. Description: retrieves and returns the attachments the currently logged in
    531. 

  531.              user can view for the given bug.
    532. 

  532. 

  533. Params:     C<$bug_id> - integer - the ID of the bug for which
    534. 

  534.             to retrieve and return attachments.
    535. 

  535. 

  536. Returns:    a reference to an array of attachment objects.
    537. 

  537. 

  538. =cut
    539. 

  539. 

  540. sub get_attachments_by_bug {
    541. 

  541.     my ($class, $bug_id) = @_;
    542. 

  542.     my $user = Bugzilla->user;
    543. 

  543.     my $dbh = Bugzilla->dbh;
    544. 

  544. 

  545.     # By default, private attachments are not accessible, unless the user
    546. 

  546.     # is in the insider group or submitted the attachment.
    547. 

  547.     my $and_restriction = '';
    548. 

  548.     my @values = ($bug_id);
    549. 

  549. 

  550.     unless ($user->is_insider) {
    551. 

  551.         $and_restriction = 'AND (isprivate = 0 OR submitter_id = ?)';
    552. 

  552.         push(@values, $user->id);
    553. 

  553.     }
    554. 

  554. 

  555.     my $attach_ids = $dbh->selectcol_arrayref("SELECT attach_id FROM attachments
    556. 

  556.                                                WHERE bug_id = ? $and_restriction",
    557. 

  557.                                                undef, @values);
    558. 

  558.     my $attachments = Bugzilla::Attachment->get_list($attach_ids);
    559. 

  559.     return $attachments;
    560. 

  560. }
    561. 

  561. 

  562. =pod
    563. 

  563. 

  564. =item C<validate_is_patch()>
    565. 

  565. 

  566. Description: validates the "patch" flag passed in by CGI.
    567. 

  567. 

  568. Returns:    1 on success.
    569. 

  569. 

  570. =cut
    571. 

  571. 

  572. sub validate_is_patch {
    573. 

  573.     my ($class, $throw_error) = @_;
    574. 

  574.     my $cgi = Bugzilla->cgi;
    575. 

  575. 

  576.     # Set the ispatch flag to zero if it is undefined, since the UI uses
    577. 

  577.     # an HTML checkbox to represent this flag, and unchecked HTML checkboxes
    578. 

  578.     # do not get sent in HTML requests.
    579. 

  579.     $cgi->param('ispatch', $cgi->param('ispatch') ? 1 : 0);
    580. 

  580. 

  581.     # Set the content type to text/plain if the attachment is a patch.
    582. 

  582.     $cgi->param('contenttype', 'text/plain') if $cgi->param('ispatch');
    583. 

  583. 

  584.     return 1;
    585. 

  585. }
    586. 

  586. 

  587. =pod
    588. 

  588. 

  589. =item C<validate_description()>
    590. 

  590. 

  591. Description: validates the description passed in by CGI.
    592. 

  592. 

  593. Returns:    1 on success.
    594. 

  594. 

  595. =cut
    596. 

  596. 

  597. sub validate_description {
    598. 

  598.     my ($class, $throw_error) = @_;
    599. 

  599.     my $cgi = Bugzilla->cgi;
    600. 

  600. 

  601.     $cgi->param('description')
    602. 

  602.         || ($throw_error ? ThrowUserError("missing_attachment_description") : return 0);
    603. 

  603. 

  604.     return 1;
    605. 

  605. }
    606. 

  606. 

  607. =pod
    608. 

  608. 

  609. =item C<validate_content_type()>
    610. 

  610. 

  611. Description: validates the content type passed in by CGI.
    612. 

  612. 

  613. Returns:    1 on success.
    614. 

  614. 

  615. =cut
    616. 

  616. 

  617. sub validate_content_type {
    618. 

  618.     my ($class, $throw_error) = @_;
    619. 

  619.     my $cgi = Bugzilla->cgi;
    620. 

  620. 

  621.     if (!defined $cgi->param('contenttypemethod')) {
    622. 

  622.         $throw_error ? ThrowUserError("missing_content_type_method") : return 0;
    623. 

  623.     }
    624. 

  624.     elsif ($cgi->param('contenttypemethod') eq 'autodetect') {
    625. 

  625.         my $contenttype =
    626. 

  626.             $cgi->uploadInfo($cgi->param('data'))->{'Content-Type'};
    627. 

  627.         # The user asked us to auto-detect the content type, so use the type
    628. 

  628.         # specified in the HTTP request headers.
    629. 

  629.         if ( !$contenttype ) {
    630. 

  630.             $throw_error ? ThrowUserError("missing_content_type") : return 0;
    631. 

  631.         }
    632. 

  632.         $cgi->param('contenttype', $contenttype);
    633. 

  633.     }
    634. 

  634.     elsif ($cgi->param('contenttypemethod') eq 'list') {
    635. 

  635.         # The user selected a content type from the list, so use their
    636. 

  636.         # selection.
    637. 

  637.         $cgi->param('contenttype', $cgi->param('contenttypeselection'));
    638. 

  638.     }
    639. 

  639.     elsif ($cgi->param('contenttypemethod') eq 'manual') {
    640. 

  640.         # The user entered a content type manually, so use their entry.
    641. 

  641.         $cgi->param('contenttype', $cgi->param('contenttypeentry'));
    642. 

  642.     }
    643. 

  643.     else {
    644. 

  644.         $throw_error ?
    645. 

  645.             ThrowCodeError("illegal_content_type_method",
    646. 

  646.                            { contenttypemethod => $cgi->param('contenttypemethod') }) :
    647. 

  647.             return 0;
    648. 

  648.     }
    649. 

  649. 

  650.     if ( $cgi->param('contenttype') !~
    651. 

  651.            /^(application|audio|image|message|model|multipart|text|video)\/.+$/ ) {
    652. 

  652.         $throw_error ?
    653. 

  653.             ThrowUserError("invalid_content_type",
    654. 

  654.                            { contenttype => $cgi->param('contenttype') }) :
    655. 

  655.             return 0;
    656. 

  656.     }
    657. 

  657. 

  658.     return 1;
    659. 

  659. }
    660. 

  660. 

  661. =pod
    662. 

  662. 

  663. =item C<validate_can_edit($attachment, $product_id)>
    664. 

  664. 

  665. Description: validates if the user is allowed to view and edit the attachment.
    666. 

  666.              Only the submitter or someone with editbugs privs can edit it.
    667. 

  667.              Only the submitter and users in the insider group can view
    668. 

  668.              private attachments.
    669. 

  669. 

  670. Params:      $attachment - the attachment object being edited.
    671. 

  671.              $product_id - the product ID the attachment belongs to.
    672. 

  672. 

  673. Returns:     1 on success. Else an error is thrown.
    674. 

  674. 

  675. =cut
    676. 

  676. 

  677. sub validate_can_edit {
    678. 

  678.     my ($attachment, $product_id) = @_;
    679. 

  679.     my $user = Bugzilla->user;
    680. 

  680. 

  681.     # The submitter can edit their attachments.
    682. 

  682.     return 1 if ($attachment->attacher->id == $user->id
    683. 

  683.                  || ((!$attachment->isprivate || $user->is_insider)
    684. 

  684.                       && $user->in_group('editbugs', $product_id)));
    685. 

  685. 

  686.     # If we come here, then this attachment cannot be seen by the user.
    687. 

  687.     ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
    688. 

  688. }
    689. 

  689. 

  690. =item C<validate_obsolete($bug)>
    691. 

  691. 

  692. Description: validates if attachments the user wants to mark as obsolete
    693. 

  693.              really belong to the given bug and are not already obsolete.
    694. 

  694.              Moreover, a user cannot mark an attachment as obsolete if
    695. 

  695.              he cannot view it (due to restrictions on it).
    696. 

  696. 

  697. Params:      $bug - The bug object obsolete attachments should belong to.
    698. 

  698. 

  699. Returns:     1 on success. Else an error is thrown.
    700. 

  700. 

  701. =cut
    702. 

  702. 

  703. sub validate_obsolete {
    704. 

  704.     my ($class, $bug) = @_;
    705. 

  705.     my $cgi = Bugzilla->cgi;
    706. 

  706. 

  707.     # Make sure the attachment id is valid and the user has permissions to view
    708. 

  708.     # the bug to which it is attached. Make sure also that the user can view
    709. 

  709.     # the attachment itself.
    710. 

  710.     my @obsolete_attachments;
    711. 

  711.     foreach my $attachid ($cgi->param('obsolete')) {
    712. 

  712.         my $vars = {};
    713. 

  713.         $vars->{'attach_id'} = $attachid;
    714. 

  714. 

  715.         detaint_natural($attachid)
    716. 

  716.           || ThrowCodeError('invalid_attach_id_to_obsolete', $vars);
    717. 

  717. 

  718.         my $attachment = Bugzilla::Attachment->get($attachid);
    719. 

  719. 

  720.         # Make sure the attachment exists in the database.
    721. 

  721.         ThrowUserError('invalid_attach_id', $vars) unless $attachment;
    722. 

  722. 

  723.         # Check that the user can view and edit this attachment.
    724. 

  724.         $attachment->validate_can_edit($bug->product_id);
    725. 

  725. 

  726.         $vars->{'description'} = $attachment->description;
    727. 

  727. 

  728.         if ($attachment->bug_id != $bug->bug_id) {
    729. 

  729.             $vars->{'my_bug_id'} = $bug->bug_id;
    730. 

  730.             $vars->{'attach_bug_id'} = $attachment->bug_id;
    731. 

  731.             ThrowCodeError('mismatched_bug_ids_on_obsolete', $vars);
    732. 

  732.         }
    733. 

  733. 

  734.         if ($attachment->isobsolete) {
    735. 

  735.           ThrowCodeError('attachment_already_obsolete', $vars);
    736. 

  736.         }
    737. 

  737. 

  738.         push(@obsolete_attachments, $attachment);
    739. 

  739.     }
    740. 

  740.     return @obsolete_attachments;
    741. 

  741. }
    742. 

  742. 

  743. 

  744. =pod
    745. 

  745. 

  746. =item C<insert_attachment_for_bug($throw_error, $bug, $user, $timestamp, $hr_vars)>
    747. 

  747. 

  748. Description: inserts an attachment from CGI input for the given bug.
    749. 

  749. 

  750. Params:     C<$bug> - Bugzilla::Bug object - the bug for which to insert
    751. 

  751.             the attachment.
    752. 

  752.             C<$user> - Bugzilla::User object - the user we're inserting an
    753. 

  753.             attachment for.
    754. 

  754.             C<$timestamp> - scalar - timestamp of the insert as returned
    755. 

  755.             by SELECT NOW().
    756. 

  756.             C<$hr_vars> - hash reference - reference to a hash of template
    757. 

  757.             variables.
    758. 

  758. 

  759. Returns:    the ID of the new attachment.
    760. 

  760. 

  761. =cut
    762. 

  762. 

  763. sub insert_attachment_for_bug {
    764. 

  764.     my ($class, $throw_error, $bug, $user, $timestamp, $hr_vars) = @_;
    765. 

  765. 

  766.     my $cgi = Bugzilla->cgi;
    767. 

  767.     my $dbh = Bugzilla->dbh;
    768. 

  768.     my $attachurl = $cgi->param('attachurl') || '';
    769. 

  769.     my $data;
    770. 

  770.     my $filename;
    771. 

  771.     my $contenttype;
    772. 

  772.     my $isurl;
    773. 

  773.     $class->validate_is_patch($throw_error) || return;
    774. 

  774.     $class->validate_description($throw_error) || return;
    775. 

  775. 

  776.     if (Bugzilla->params->{'allow_attach_url'}
    777. 

  777.         && ($attachurl =~ /^(http|https|ftp):\/\/\S+/)
    778. 

  778.         && !defined $cgi->upload('data'))
    779. 

  779.     {
    780. 

  780.         $filename = '';
    781. 

  781.         $data = $attachurl;
    782. 

  782.         $isurl = 1;
    783. 

  783.         $contenttype = 'text/plain';
    784. 

  784.         $cgi->param('ispatch', 0);
    785. 

  785.         $cgi->delete('bigfile');
    786. 

  786.     }
    787. 

  787.     else {
    788. 

  788.         $filename = _validate_filename($throw_error) || return;
    789. 

  789.         # need to validate content type before data as
    790. 

  790.         # we now check the content type for image/bmp in _validate_data()
    791. 

  791.         unless ($cgi->param('ispatch')) {
    792. 

  792.             $class->validate_content_type($throw_error) || return;
    793. 

  793. 

  794.             # Set the ispatch flag to 1 if we're set to autodetect
    795. 

  795.             # and the content type is text/x-diff or text/x-patch
    796. 

  796.             if ($cgi->param('contenttypemethod') eq 'autodetect'
    797. 

  797.                 && $cgi->param('contenttype') =~ m{text/x-(?:diff|patch)})
    798. 

  798.             {
    799. 

  799.                 $cgi->param('ispatch', 1);
    800. 

  800.                 $cgi->param('contenttype', 'text/plain');
    801. 

  801.             }
    802. 

  802.         }
    803. 

  803.         $data = _validate_data($throw_error, $hr_vars);
    804. 

  804.         # If the attachment is stored locally, $data eq ''.
    805. 

  805.         # If an error is thrown, $data eq '0'.
    806. 

  806.         ($data ne '0') || return;
    807. 

  807.         $contenttype = $cgi->param('contenttype');
    808. 

  808. 

  809.         # These are inserted using placeholders so no need to panic
    810. 

  810.         trick_taint($filename);
    811. 

  811.         trick_taint($contenttype);
    812. 

  812.         $isurl = 0;
    813. 

  813.     }
    814. 

  814. 

  815.     # Check attachments the user tries to mark as obsolete.
    816. 

  816.     my @obsolete_attachments;
    817. 

  817.     if ($cgi->param('obsolete')) {
    818. 

  818.         @obsolete_attachments = $class->validate_obsolete($bug);
    819. 

  819.     }
    820. 

  820. 

  821.     # The order of these function calls is important, as Flag::validate
    822. 

  822.     # assumes User::match_field has ensured that the
    823. 

  823.     # values in the requestee fields are legitimate user email addresses.
    824. 

  824.     my $match_status = Bugzilla::User::match_field($cgi, {
    825. 

  825.         '^requestee(_type)?-(\d+)$' => { 'type' => 'multi' },
    826. 

  826.     }, MATCH_SKIP_CONFIRM);
    827. 

  827. 

  828.     $hr_vars->{'match_field'} = 'requestee';
    829. 

  829.     if ($match_status == USER_MATCH_FAILED) {
    830. 

  830.         $hr_vars->{'message'} = 'user_match_failed';
    831. 

  831.     }
    832. 

  832.     elsif ($match_status == USER_MATCH_MULTIPLE) {
    833. 

  833.         $hr_vars->{'message'} = 'user_match_multiple';
    834. 

  834.     }
    835. 

  835. 

  836.     # Escape characters in strings that will be used in SQL statements.
    837. 

  837.     my $description = $cgi->param('description');
    838. 

  838.     trick_taint($description);
    839. 

  839.     my $isprivate = $cgi->param('isprivate') ? 1 : 0;
    840. 

  840. 

  841.     # Insert the attachment into the database.
    842. 

  842.     my $sth = $dbh->do(
    843. 

  843.         "INSERT INTO attachments
    844. 

  844.             (bug_id, creation_ts, modification_time, filename, description,
    845. 

  845.              mimetype, ispatch, isurl, isprivate, submitter_id)
    846. 

  846.          VALUES (?,?,?,?,?,?,?,?,?,?)", undef, ($bug->bug_id, $timestamp, $timestamp,
    847. 

  847.               $filename, $description, $contenttype, $cgi->param('ispatch'),
    848. 

  848.               $isurl, $isprivate, $user->id));
    849. 

  849.     # Retrieve the ID of the newly created attachment record.
    850. 

  850.     my $attachid = $dbh->bz_last_key('attachments', 'attach_id');
    851. 

  851. 

  852.     # We only use $data here in this INSERT with a placeholder,
    853. 

  853.     # so it's safe.
    854. 

  854.     $sth = $dbh->prepare("INSERT INTO attach_data
    855. 

  855.                          (id, thedata) VALUES ($attachid, ?)");
    856. 

  856.     trick_taint($data);
    857. 

  857.     $sth->bind_param(1, $data, $dbh->BLOB_TYPE);
    858. 

  858.     $sth->execute();
    859. 

  859. 

  860.     # If the file is to be stored locally, stream the file from the web server
    861. 

  861.     # to the local file without reading it into a local variable.
    862. 

  862.     if ($cgi->param('bigfile')) {
    863. 

  863.         my $attachdir = bz_locations()->{'attachdir'};
    864. 

  864.         my $fh = $cgi->upload('data');
    865. 

  865.         my $hash = ($attachid % 100) + 100;
    866. 

  866.         $hash =~ s/.*(\d\d)$/group.$1/;
    867. 

  867.         mkdir "$attachdir/$hash", 0770;
    868. 

  868.         chmod 0770, "$attachdir/$hash";
    869. 

  869.         open(AH, ">$attachdir/$hash/attachment.$attachid");
    870. 

  870.         binmode AH;
    871. 

  871.         my $sizecount = 0;
    872. 

  872.         my $limit = (Bugzilla->params->{"maxlocalattachment"} * 1048576);
    873. 

  873.         while (<$fh>) {
    874. 

  874.             print AH $_;
    875. 

  875.             $sizecount += length($_);
    876. 

  876.             if ($sizecount > $limit) {
    877. 

  877.                 close AH;
    878. 

  878.                 close $fh;
    879. 

  879.                 unlink "$attachdir/$hash/attachment.$attachid";
    880. 

  880.                 $throw_error ? ThrowUserError("local_file_too_large") : return;
    881. 

  881.             }
    882. 

  882.         }
    883. 

  883.         close AH;
    884. 

  884.         close $fh;
    885. 

  885.     }
    886. 

  886. 

  887.     # Make existing attachments obsolete.
    888. 

  888.     my $fieldid = get_field_id('attachments.isobsolete');
    889. 

  889. 

  890.     foreach my $obsolete_attachment (@obsolete_attachments) {
    891. 

  891.         # If the obsolete attachment has request flags, cancel them.
    892. 

  892.         # This call must be done before updating the 'attachments' table.
    893. 

  893.         Bugzilla::Flag->CancelRequests($bug, $obsolete_attachment, $timestamp);
    894. 

  894. 

  895.         $dbh->do('UPDATE attachments SET isobsolete = 1, modification_time = ?
    896. 

  896.                   WHERE attach_id = ?',
    897. 

  897.                  undef, ($timestamp, $obsolete_attachment->id));
    898. 

  898. 

  899.         $dbh->do('INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when,
    900. 

  900.                                              fieldid, removed, added)
    901. 

  901.                        VALUES (?,?,?,?,?,?,?)',
    902. 

  902.                   undef, ($bug->bug_id, $obsolete_attachment->id, $user->id,
    903. 

  903.                           $timestamp, $fieldid, 0, 1));
    904. 

  904.     }
    905. 

  905. 

  906.     my $attachment = Bugzilla::Attachment->get($attachid);
    907. 

  907. 

  908.     # 1. Add flags, if any. To avoid dying if something goes wrong
    909. 

  909.     # while processing flags, we will eval() flag validation.
    910. 

  910.     # This requires errors to die().
    911. 

  911.     # XXX: this can go away as soon as flag validation is able to
    912. 

  912.     #      fail without dying.
    913. 

  913.     #
    914. 

  914.     # 2. Flag::validate() should not detect any reference to existing flags
    915. 

  915.     # when creating a new attachment. Setting the third param to -1 will
    916. 

  916.     # force this function to check this point.
    917. 

  917.     my $error_mode_cache = Bugzilla->error_mode;
    918. 

  918.     Bugzilla->error_mode(ERROR_MODE_DIE);
    919. 

  919.     eval {
    920. 

  920.         Bugzilla::Flag::validate($bug->bug_id, -1, SKIP_REQUESTEE_ON_ERROR);
    921. 

  921.         Bugzilla::Flag->process($bug, $attachment, $timestamp, $hr_vars);
    922. 

  922.     };
    923. 

  923.     Bugzilla->error_mode($error_mode_cache);
    924. 

  924.     if ($@) {
    925. 

  925.         $hr_vars->{'message'} = 'flag_creation_failed';
    926. 

  926.         $hr_vars->{'flag_creation_error'} = $@;
    927. 

  927.     }
    928. 

  928. 

  929.     # Return the new attachment object.
    930. 

  930.     return $attachment;
    931. 

  931. }
    932. 

  932. 

  933. =pod
    934. 

  934. 

  935. =item C<remove_from_db()>
    936. 

  936. 

  937. Description: removes an attachment from the DB.
    938. 

  938. 

  939. Params:     none
    940. 

  940. 

  941. Returns:    nothing
    942. 

  942. 

  943. =back
    944. 

  944. 

  945. =cut
    946. 

  946. 

  947. sub remove_from_db {
    948. 

  948.     my $self = shift;
    949. 

  949.     my $dbh = Bugzilla->dbh;
    950. 

  950. 

  951.     $dbh->bz_start_transaction();
    952. 

  952.     $dbh->do('DELETE FROM flags WHERE attach_id = ?', undef, $self->id);
    953. 

  953.     $dbh->do('DELETE FROM attach_data WHERE id = ?', undef, $self->id);
    954. 

  954.     $dbh->do('UPDATE attachments SET mimetype = ?, ispatch = ?, isurl = ?, isobsolete = ?
    955. 

  955.               WHERE attach_id = ?', undef, ('text/plain', 0, 0, 1, $self->id));
    956. 

  956.     $dbh->bz_commit_transaction();
    957. 

  957. }
    958. 

  958. 

  959. 1;
    960. 

  960.