Fix default user for usertags

[debbugs.git] / cgi / pkgreport.cgi

diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index b7fc845a510e50a8c21958c52a42fa236d5e386b..fceec183c07896d8991e4f9ef232afeeb65cf74c 100755 (executable)
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,7 +13,14 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+binmode(STDOUT,':encoding(UTF-8)');
 use POSIX qw(strftime nice);
+use List::AllUtils qw(uniq);
 
 use Debbugs::Config qw(:globals :text :config);
 
@@ -49,11 +56,20 @@ my $default_params = {ordering => 'normal',
                      exclude      => [],
                     };
 
+if (defined $ENV{REMOTE_ADDR} and $ENV{REMOTE_ADDR} =~ /^(?:218\.175\.56\.14|64\.126\
+.93\.93|72\.17\.168\.57|208\.138\.29\.104|66\.63\.250\.28|71\.70\.91\.207|121\.14\.75\.|121\.14\.96\.|219\.129\.83\.13|58\.254\.39\.23)/) {
+    sleep(5);
+    print "Content-Type: text/html\n\nGo away.";
+    exit 0;
+}
+
+
 our %param = cgi_parameters(query => $q,
                            single => [qw(ordering archive repeatmerged),
                                       qw(bug-rev pend-rev sev-rev),
                                       qw(maxdays mindays version),
                                       qw(data which dist newest),
+                                      qw(noaffects),
                                      ],
                            default => $default_params,
                           );
@@ -78,7 +94,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
      for my $incexc (qw(include exclude)) {
          next unless exists $param{$incexc};
          # normalize tag to tags
-         $param{$incexc} = [map {s/^tag:/tags:/} grep /\S\:\S/, make_list($param{$incexc})];
+         $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})];
      }
      for my $key (keys %package_search_keys) {
          next unless exists $param{key};
@@ -99,7 +115,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
 for my $incexc (qw(include exclude)) {
     next unless exists $param{$incexc};
     # normalize tag to tags
-    $param{$incexc} = [map {s/^tag:/tags:/} make_list($param{$incexc})];
+    $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})];
 }
 
 
@@ -221,7 +237,8 @@ our %cats = (
         "ord" => [2,3,4,1,0,5],
     } ],
     "oldview" => [ qw(status severity) ],
-    "normal" => [ qw(status severity classification) ],
+            "normal" => [ qw(status severity classification) ],
+            raw => [{nam => 'Raw',def => 'Raw'}],
 );
 
 if (exists $param{which} and exists $param{data}) {
@@ -268,7 +285,8 @@ if (defined $param{usertag}) {
      }
 }
 
-quitcgi("You have to choose something to select by") unless grep {exists $param{$_}} keys %package_search_keys;
+quitcgi("You have to choose something to select by", '400 Bad Request')
+  unless grep {exists $param{$_}} keys %package_search_keys;
 
 
 my $Archived = $param{archive} ? " Archived" : "";
@@ -429,6 +447,7 @@ my $result = pkg_htmlizebugs(bugs => \@bugs,
                             (exists $param{dist})?(dist    => $param{dist}):(),
                            );
 
+print "Cache-Control: public, max-age=300\n";
 print "Content-Type: text/html; charset=utf-8\n\n";
 
 print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
@@ -486,6 +505,9 @@ print fill_in_template(template=>'cgi/pkgreport_javascript');
 
 print qq(<h2 class="outstanding"><!--<a class="options" href="javascript:toggle(1)">-->Options<!--</a>--></h2>\n);
 
+$param{orderings} =
+    [uniq((grep {!$hidden{$_}} keys %cats),
+         $param{ordering})];
 print option_form(template => 'cgi/pkgreport_options',
                  param    => \%param,
                  form_options => $form_options,