use :raw for the mail messages

[debbugs.git] / cgi / bugreport.cgi

diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi
index a151b219478d8f93f1e0087e33cc2704f7ebb5ea..de4ec76371633cfe8d9760a14a7f6e2142df6250 100755 (executable)
--- a/cgi/bugreport.cgi
+++ b/cgi/bugreport.cgi
@@ -1,8 +1,16 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl
 
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+# STDOUT should be using the utf8 io layer
+binmode(STDOUT,':utf8');
+
 use POSIX qw(strftime);
 use MIME::Parser;
 use MIME::Decoder;
@@ -17,7 +25,9 @@ use Debbugs::CGI qw(:url :html :util);
 use Debbugs::CGI::Bugreport qw(:all);
 use Debbugs::Common qw(buglog getmaintainers make_list bug_status);
 use Debbugs::Packages qw(getpkgsrc);
-use Debbugs::Status qw(splitpackages get_bug_status isstrongseverity);
+use Debbugs::Status qw(splitpackages split_status_fields get_bug_status isstrongseverity);
+
+use Debbugs::User;
 
 use Scalar::Util qw(looks_like_number);
 
@@ -137,9 +147,10 @@ if ($buglog =~ m/\.gz$/) {
 }
 
 
-my %status = %{get_bug_status(bug=>$ref,
-                             bugusertags => \%bugusertags,
-                            )};
+my %status =
+    %{split_status_fields(get_bug_status(bug=>$ref,
+                                        bugusertags => \%bugusertags,
+                                       ))};
 
 my @records;
 eval{
@@ -160,6 +171,7 @@ if (defined($msg) and ($msg-1) <= $#records) {
 }
 my @log;
 if ( $mbox ) {
+     binmode(STDOUT,":raw");
      my $date = strftime "%a %b %d %T %Y", localtime;
      if (@records > 1) {
         print $q->header(-type => "text/plain",
@@ -234,6 +246,7 @@ END
 
 else {
      if (defined $att and defined $msg and @records) {
+        binmode(STDOUT,":raw");
          $msg_num++;
          print handle_email_message($records[0]->{text},
                                     ref => $ref,
@@ -289,19 +302,29 @@ unless (%status) {
 #$|=1;
 
 my %package;
-my @packages = splitpackages($status{package});
+my @packages = make_list($status{package});
 
 foreach my $pkg (@packages) {
-     $package{$pkg} = {maintainer => exists($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)',
-                      exists($pkgsrc{$pkg}) ? (source => $pkgsrc{$pkg}) : (),
-                      package    => $pkg,
-                     };
+     if ($pkg =~ /^src\:/) {
+         my ($srcpkg) = $pkg =~ /^src:(.*)/;
+         $package{$pkg} = {maintainer => exists($maintainer{$srcpkg}) ? $maintainer{$srcpkg} : '(unknown)',
+                           source     => $srcpkg,
+                           package    => $pkg,
+                           is_source  => 1,
+                          };
+     }
+     else {
+         $package{$pkg} = {maintainer => exists($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)',
+                           exists($pkgsrc{$pkg}) ? (source => $pkgsrc{$pkg}) : (),
+                           package    => $pkg,
+                          };
+     }
 }
 
 # fixup various bits of the status
-$status{tags_array} = [sort(split(/\s+/, $status{tags}))];
+$status{tags_array} = [sort(make_list($status{tags}))];
 $status{date_text} = strftime('%a, %e %b %Y %T UTC', gmtime($status{date}));
-$status{mergedwith_array} = [split(/ /,$status{mergedwith})];
+$status{mergedwith_array} = [make_list($status{mergedwith})];
 
 
 my $version_graph = '';
@@ -325,7 +348,7 @@ if (@{$status{found_versions}} or @{$status{fixed_versions}}) {
 
 
 
-my @blockedby= split(/ /, $status{blockedby});
+my @blockedby= make_list($status{blockedby});
 $status{blockedby_array} = [];
 if (@blockedby && $status{"pending"} ne 'fixed' && ! length($status{done})) {
     for my $b (@blockedby) {
@@ -335,7 +358,7 @@ if (@blockedby && $status{"pending"} ne 'fixed' && ! length($status{done})) {
    }
 }
 
-my @blocks= split(/ /, $status{blocks});
+my @blocks= make_list($status{blocks});
 $status{blocks_array} = [];
 if (@blocks && $status{"pending"} ne 'fixed' && ! length($status{done})) {
     for my $b (@blocks) {
@@ -366,6 +389,7 @@ print fill_in_template(template => 'cgi/bugreport',
                                     isstrongseverity => \&Debbugs::Status::isstrongseverity,
                                     html_escape   => \&Debbugs::CGI::html_escape,
                                     looks_like_number => \&Scalar::Util::looks_like_number,
+                                    make_list        => \&Debbugs::Common::make_list,
                                    },
                       hole_var  => {'&package_links' => \&Debbugs::CGI::package_links,
                                     '&bug_links'     => \&Debbugs::CGI::bug_links,