1
# -*- Mode: perl; indent-tabs-mode: nil -*-
3
# The contents of this file are subject to the Mozilla Public
4
# License Version 1.1 (the "License"); you may not use this file
5
# except in compliance with the License. You may obtain a copy of
6
# the License at http://www.mozilla.org/MPL/
8
# Software distributed under the License is distributed on an "AS
9
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
10
# implied. See the License for the specific language governing
11
# rights and limitations under the License.
13
# The Original Code is the Bugzilla Bug Tracking System.
15
# The Initial Developer of the Original Code is Netscape Communications
16
# Corporation. Portions created by Netscape are
17
# Copyright (C) 1998 Netscape Communications Corporation. All
20
# Contributor(s): Bradley Baetz <bbaetz@student.usyd.edu.au>
21
# Byron Jones <bugzilla@glob.com.au>
22
# Marc Schumann <wurblzap@gmail.com>
26
package Bugzilla::CGI;
29
if ($^O =~ /MSWin32/i) {
30
# Help CGI find the correct temp directory as the default list
31
# isn't Windows friendly (Bug 248988)
32
$ENV{'TMPDIR'} = $ENV{'TEMP'} || $ENV{'TMP'} || "$ENV{'WINDIR'}\\TEMP";
36
use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles :unique_headers SERVER_PUSH);
40
use Bugzilla::Constants;
44
# We need to disable output buffering - see bug 179174
47
# Ignore SIGTERM and SIGPIPE - this prevents DB corruption. If the user closes
48
# their browser window while a script is running, the webserver sends these
49
# signals, and we don't want to die half way through a write.
50
$::SIG{TERM} = 'IGNORE';
51
$::SIG{PIPE} = 'IGNORE';
53
# CGI.pm uses AUTOLOAD, but explicitly defines a DESTROY sub.
54
# We need to do so, too, otherwise perl dies when the object is destroyed
55
# and we don't have a DESTROY method (because CGI.pm's AUTOLOAD will |die|
56
# on getting an unknown sub to try to call)
59
$self->SUPER::DESTROY(@_);
63
my ($invocant, @args) = @_;
64
my $class = ref($invocant) || $invocant;
66
my $self = $class->SUPER::new(@args);
68
if (Bugzilla->error_mode eq ERROR_MODE_WEBPAGE) {
69
# This happens here so that command-line scripts don't spit out
70
# their errors in HTML format.
72
import CGI::Carp qw(fatalsToBrowser);
75
# Make sure our outgoing cookie list is empty on each invocation
76
$self->{Bugzilla_cookie_list} = [];
78
# Send appropriate charset
79
$self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : '');
81
# Redirect to SSL if required
82
if (Bugzilla->params->{'sslbase'} ne ''
83
&& Bugzilla->params->{'ssl'} eq 'always'
86
$self->require_https(Bugzilla->params->{'sslbase'});
90
# All of the Bugzilla code wants to do this, so do it here instead of
93
my $err = $self->cgi_error;
96
# Note that this error block is only triggered by CGI.pm for malformed
97
# multipart requests, and so should never happen unless there is a
100
print $self->header(-status => $err);
102
# ThrowCodeError wants to print the header, so it grabs Bugzilla->cgi
103
# which creates a new Bugzilla::CGI object, which fails again, which
104
# ends up here, and calls ThrowCodeError, and then recurses forever.
106
# In fact, we can't use templates at all, because we need a CGI object
107
# to determine the template lang as well as the current url (from the
109
# Since this is an internal error which indicates a severe browser bug,
111
die "CGI parsing error: $err";
117
# We want this sorted plus the ability to exclude certain params
118
sub canonicalise_query {
119
my ($self, @exclude) = @_;
121
# Reconstruct the URL by concatenating the sorted param=value pairs
123
foreach my $key (sort($self->param())) {
124
# Leave this key out if it's in the exclude list
125
next if lsearch(\@exclude, $key) != -1;
127
my $esc_key = url_quote($key);
129
foreach my $value ($self->param($key)) {
130
if (defined($value)) {
131
my $esc_value = url_quote($value);
133
push(@parameters, "$esc_key=$esc_value");
138
return join("&", @parameters);
141
sub clean_search_url {
143
# Delete any empty URL parameter
144
my @cgi_params = $self->param;
146
foreach my $param (@cgi_params) {
147
if (defined $self->param($param) && $self->param($param) eq '') {
148
$self->delete($param);
149
$self->delete("${param}_type");
152
# Boolean Chart stuff is empty if it's "noop"
153
if ($param =~ /\d-\d-\d/ && defined $self->param($param)
154
&& $self->param($param) eq 'noop')
156
$self->delete($param);
160
# Delete certain parameters if the associated parameter is empty.
161
$self->delete('bugidtype') if !$self->param('bug_id');
162
$self->delete('emailtype1') if !$self->param('email1');
163
$self->delete('emailtype2') if !$self->param('email2');
166
# Overwrite to ensure nph doesn't get set, and unset HEADERS_ONCE
170
# Keys are case-insensitive, map to lowercase
173
foreach my $key (keys %args) {
174
$param{lc $key} = $args{$key};
177
# Set the MIME boundary and content-type
178
my $boundary = $param{'-boundary'} || '------- =_aaaaaaaaaa0';
179
delete $param{'-boundary'};
180
$self->{'separator'} = "\r\n--$boundary\r\n";
181
$self->{'final_separator'} = "\r\n--$boundary--\r\n";
182
$param{'-type'} = SERVER_PUSH($boundary);
184
# Note: CGI.pm::multipart_init up to v3.04 explicitly set nph to 0
185
# CGI.pm::multipart_init v3.05 explicitly sets nph to 1
186
# CGI.pm's header() sets nph according to a param or $CGI::NPH, which
187
# is the desired behaviour.
189
return $self->header(
191
) . "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY." . $self->multipart_end;
194
# Have to add the cookies in.
195
sub multipart_start {
200
# CGI.pm::multipart_start doesn't accept a -charset parameter, so
201
# we do it ourselves here
202
if (defined $args{-charset} && defined $args{-type}) {
203
# Remove any existing charset specifier
204
$args{-type} =~ s/;.*$//;
205
# and add the specified one
206
$args{-type} .= "; charset=$args{-charset}";
209
my $headers = $self->SUPER::multipart_start(%args);
210
# Eliminate the one extra CRLF at the end.
211
$headers =~ s/$CGI::CRLF$//;
212
# Add the cookies. We have to do it this way instead of
213
# passing them to multpart_start, because CGI.pm's multipart_start
214
# doesn't understand a '-cookie' argument pointing to an arrayref.
215
foreach my $cookie (@{$self->{Bugzilla_cookie_list}}) {
216
$headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
218
$headers .= $CGI::CRLF;
222
# Override header so we can add the cookies in
226
# Add the cookies in if we have any
227
if (scalar(@{$self->{Bugzilla_cookie_list}})) {
228
if (scalar(@_) == 1) {
229
# if there's only one parameter, then it's a Content-Type.
230
# Since we're adding parameters we have to name it.
231
unshift(@_, '-type' => shift(@_));
233
unshift(@_, '-cookie' => $self->{Bugzilla_cookie_list});
236
return $self->SUPER::header(@_) || "";
239
# The various parts of Bugzilla which create cookies don't want to have to
240
# pass them around to all of the callers. Instead, store them locally here,
241
# and then output as required from |header|.
245
# Move the param list into a hash for easier handling.
249
while ($key = shift) {
251
$paramhash{$key} = $value;
254
# Complain if -value is not given or empty (bug 268146).
255
if (!exists($paramhash{'-value'}) || !$paramhash{'-value'}) {
256
ThrowCodeError('cookies_need_value');
259
# Add the default path and the domain in.
260
$paramhash{'-path'} = Bugzilla->params->{'cookiepath'};
261
$paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'}
262
if Bugzilla->params->{'cookiedomain'};
264
# Move the param list back into an array for the call to cookie().
265
foreach (keys(%paramhash)) {
266
unshift(@paramlist, $_ => $paramhash{$_});
269
push(@{$self->{'Bugzilla_cookie_list'}}, $self->cookie(@paramlist));
272
# Cookies are removed by setting an expiry date in the past.
273
# This method is a send_cookie wrapper doing exactly this.
276
my ($cookiename) = (@_);
278
# Expire the cookie, giving a non-empty dummy value (bug 268146).
279
$self->send_cookie('-name' => $cookiename,
280
'-expires' => 'Tue, 15-Sep-1998 21:49:00 GMT',
284
# Redirect to https if required
287
if ($self->protocol ne 'https') {
290
$url .= $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1);
292
$url = $self->self_url;
293
$url =~ s/^http:/https:/i;
295
print $self->redirect(-location => $url);
306
Bugzilla::CGI - CGI handling for Bugzilla
312
my $cgi = new Bugzilla::CGI();
316
This package inherits from the standard CGI module, to provide additional
317
Bugzilla-specific functionality. In general, see L<the CGI.pm docs|CGI> for
320
=head1 CHANGES FROM L<CGI.PM|CGI>
322
Bugzilla::CGI has some differences from L<CGI.pm|CGI>.
326
=item C<cgi_error> is automatically checked
328
After creating the CGI object, C<Bugzilla::CGI> automatically checks
329
I<cgi_error>, and throws a CodeError if a problem is detected.
333
=head1 ADDITIONAL FUNCTIONS
335
I<Bugzilla::CGI> also includes additional functions.
339
=item C<canonicalise_query(@exclude)>
341
This returns a sorted string of the parameters, suitable for use in a url.
342
Values in C<@exclude> are not included in the result.
346
This routine is identical to the cookie generation part of CGI.pm's C<cookie>
347
routine, except that it knows about Bugzilla's cookie_path and cookie_domain
348
parameters and takes them into account if necessary.
349
This should be used by all Bugzilla code (instead of C<cookie> or the C<-cookie>
350
argument to C<header>), so that under mod_perl the headers can be sent
351
correctly, using C<print> or the mod_perl APIs as appropriate.
353
To remove (expire) a cookie, use C<remove_cookie>.
355
=item C<remove_cookie>
357
This is a wrapper around send_cookie, setting an expiry date in the past,
358
effectively removing the cookie.
360
As its only argument, it takes the name of the cookie to expire.
362
=item C<require_https($baseurl)>
364
This routine checks if the current page is being served over https, and
365
redirects to the https protocol if required, retaining QUERY_STRING.
367
It takes an option argument which will be used as the base URL. If $baseurl
368
is not provided, the current URL is used.
374
L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>