X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=blobdiff_plain;f=cgi%2Fbugreport.cgi;h=b68eac64b7f9ba7c92d38e0d151ce1431362d18f;hp=dcb6482345f984479a7e20499232cb6e0d60c239;hb=2e9c5a7baf46c2fed7baa3616cb451adabf6e0b2;hpb=c768b2faebc3e56f8e519e6ea3661c79d954defe diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi index dcb6482..b68eac6 100755 --- a/cgi/bugreport.cgi +++ b/cgi/bugreport.cgi @@ -1,9 +1,15 @@ -#!/usr/bin/perl -wT +#!/usr/bin/perl use warnings; use strict; -use POSIX qw(strftime tzset); +# Sanitize environent for taint +BEGIN{ + delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; +} + + +use POSIX qw(strftime); use MIME::Parser; use MIME::Decoder; use IO::Scalar; @@ -12,25 +18,34 @@ use IO::File; use Debbugs::Config qw(:globals :text); # for read_log_records -use Debbugs::Log qw(read_log_records); -use Debbugs::MIME qw(convert_to_utf8 decode_rfc1522 create_mime_message); +use Debbugs::Log qw(:read); use Debbugs::CGI qw(:url :html :util); use Debbugs::CGI::Bugreport qw(:all); -use Debbugs::Common qw(buglog getmaintainers); +use Debbugs::Common qw(buglog getmaintainers make_list bug_status); use Debbugs::Packages qw(getpkgsrc); -use Debbugs::Status qw(splitpackages get_bug_status isstrongseverity); +use Debbugs::Status qw(splitpackages split_status_fields get_bug_status isstrongseverity); + +use Debbugs::User; use Scalar::Util qw(looks_like_number); + +use Debbugs::Text qw(:templates); + +use List::Util qw(max); + + use CGI::Simple; my $q = new CGI::Simple; +# STDOUT should be using the utf8 io layer +binmode(STDOUT,':raw:encoding(UTF-8)'); my %param = cgi_parameters(query => $q, single => [qw(bug msg att boring terse), qw(reverse mbox mime trim), qw(mboxstat mboxmaint archive), - qw(repeatmerged) + qw(repeatmerged avatars), ], - default => {msg => '', + default => {# msg => '', boring => 'no', terse => 'no', reverse => 'no', @@ -40,64 +55,113 @@ my %param = cgi_parameters(query => $q, mboxmaint => 'no', archive => 'no', repeatmerged => 'yes', + avatars => 'yes', }, ); # This is craptacular. -my $tail_html; - my $ref = $param{bug} or quitcgi("No bug number"); $ref =~ /(\d+)/ or quitcgi("Invalid bug number"); $ref = $1; my $short = "#$ref"; -my $msg = $param{'msg'}; -my $att = $param{'att'}; +my ($msg) = $param{msg} =~ /^(\d+)$/ if exists $param{msg}; +my ($att) = $param{att} =~ /^(\d+)$/ if exists $param{att}; my $boring = $param{'boring'} eq 'yes'; my $terse = $param{'terse'} eq 'yes'; my $reverse = $param{'reverse'} eq 'yes'; my $mbox = $param{'mbox'} eq 'yes'; my $mime = $param{'mime'} eq 'yes'; +my $avatars = $param{avatars} eq 'yes'; -my $trim_headers = ($param{trim} || ($msg?'no':'yes')) eq 'yes'; +my $trim_headers = ($param{trim} || ((defined $msg and $msg)?'no':'yes')) eq 'yes'; my $mbox_status_message = $param{mboxstat} eq 'yes'; my $mbox_maint = $param{mboxmaint} eq 'yes'; $mbox = 1 if $mbox_status_message or $mbox_maint; - # Not used by this script directly, but fetch these so that pkgurl() and # friends can propagate them correctly. my $archive = $param{'archive'} eq 'yes'; my $repeatmerged = $param{'repeatmerged'} eq 'yes'; +my %bugusertags; +my %ut; +my %seen_users; + my $buglog = buglog($ref); +my $bug_status = bug_status($ref); +if (not defined $buglog or not defined $bug_status) { + no_such_bug($q,$ref); +} -if (defined $ENV{REQUEST_METHOD} and $ENV{REQUEST_METHOD} eq 'HEAD' and not defined($att) and not $mbox) { - print "Content-Type: text/html; charset=utf-8\n"; - my @stat = stat $buglog; - if (@stat) { - my $mtime = strftime '%a, %d %b %Y %T GMT', gmtime($stat[9]); - print "Last-Modified: $mtime\n"; - } - print "\n"; +sub no_such_bug { + my ($q,$ref) = @_; + print $q->header(-status => 404, + -content_type => "text/html", + -charset => 'utf-8', + -cache_control => 'public, max-age=600', + ); + print fill_in_template(template=>'cgi/no_such_bug', + variables => {modify_time => strftime('%a, %e %b %Y %T UTC', gmtime), + bug_num => $ref, + }, + ); exit 0; } +} + +# the log should almost always be newer, but just in case +my $log_mtime = +(stat $buglog)[9] || time; +my $status_mtime = +(stat $bug_status)[9] || time; +my $mtime = strftime '%a, %d %b %Y %T GMT', gmtime(max($status_mtime,$log_mtime)); + +if ($q->request_method() eq 'HEAD' and not defined($att) and not $mbox) { + print $q->header(-type => "text/html", + -charset => 'utf-8', + (length $mtime)?(-last_modified => $mtime):(), + ); + exit 0; +} + +for my $user (map {split /[\s*,\s*]+/} make_list($param{users}||[])) { + next unless length($user); + add_user($user,\%ut,\%bugusertags,\%seen_users); +} + +if (defined $param{usertag}) { + for my $usertag (make_list($param{usertag})) { + my %select_ut = (); + my ($u, $t) = split /:/, $usertag, 2; + Debbugs::User::read_usertags(\%select_ut, $u); + unless (defined $t && $t ne "") { + $t = join(",", keys(%select_ut)); + } + add_user($u,\%ut,\%bugusertags,\%seen_users); + push @{$param{tag}}, split /,/, $t; + } +} + my $buglogfh; if ($buglog =~ m/\.gz$/) { my $oldpath = $ENV{'PATH'}; $ENV{'PATH'} = '/bin:/usr/bin'; - $buglogfh = new IO::File "zcat $buglog |" or &quitcgi("open log for $ref: $!"); + $buglogfh = IO::File->new("zcat $buglog |") or quitcgi("open log for $ref: $!"); $ENV{'PATH'} = $oldpath; } else { - $buglogfh = new IO::File "<$buglog" or &quitcgi("open log for $ref: $!"); + $buglogfh = IO::File->new($buglog,'r') or quitcgi("open log for $ref: $!"); } +my %status = + %{split_status_fields(get_bug_status(bug=>$ref, + bugusertags => \%bugusertags, + ))}; + my @records; eval{ - @records = read_log_records($buglogfh); + @records = read_log_records(logfh => $buglogfh,inner_file => 1); }; if ($@) { quitcgi("Bad bug log for $gBug $ref. Unable to read records: $@"); @@ -108,21 +172,26 @@ undef $buglogfh; my $log=''; my $msg_num = 0; my $skip_next = 0; -if (looks_like_number($msg) and ($msg-1) <= $#records) { +if (defined($msg) and ($msg-1) <= $#records) { @records = ($records[$msg-1]); $msg_num = $msg - 1; } my @log; if ( $mbox ) { + binmode(STDOUT,":raw"); my $date = strftime "%a %b %d %T %Y", localtime; if (@records > 1) { - print qq(Content-Disposition: attachment; filename="bug_${ref}.mbox"\n); - print "Content-Type: text/plain\n\n"; + print $q->header(-type => "text/plain", + content_disposition => qq(attachment; filename="bug_${ref}.mbox"), + (length $mtime)?(-last_modified => $mtime):(), + ); } else { $msg_num++; - print qq(Content-Disposition: attachment; filename="bug_${ref}_message_${msg_num}.mbox"\n); - print "Content-Type: message/rfc822\n\n"; + print $q->header(-type => "message/rfc822", + content_disposition => qq(attachment; filename="bug_${ref}_message_${msg_num}.mbox"), + (length $mtime)?(-last_modified => $mtime):(), + ); } if ($mbox_status_message and @records > 1) { my $status_message=''; @@ -161,28 +230,50 @@ END my $wanted_type = $mbox_maint?'recips':'incoming-recv'; # we want to include control messages anyway my $record_wanted_anyway = 0; - my ($msg_id) = $record->{text} =~ /^Message-Id:\s+<(.+)>/im; - next if exists $seen_message_ids{$msg_id}; - next if $msg_id =~/handler\..+\.ack(?:info|done)?\@/; - $record_wanted_anyway = 1 if $record->{text} =~ /^Received: \(at control\)/; + my ($msg_id) = record_regex($record,qr/^Message-Id:\s+<(.+)>/im); + next if defined $msg_id and exists $seen_message_ids{$msg_id}; + next if defined $msg_id and $msg_id =~/handler\..+\.ack(?:info|done)?\@/; + $record_wanted_anyway = 1 if record_regex($record,qr/^Received: \(at control\)/); next if not $boring and not $record->{type} eq $wanted_type and not $record_wanted_anyway and @records > 1; - $seen_message_ids{$msg_id} = 1; - my @lines = split( "\n", $record->{text}, -1 ); + $seen_message_ids{$msg_id} = 1 if defined $msg_id; + my @lines; + if ($record->{inner_file}) { + push @lines, $record->{fh}->getline; + push @lines, $record->{fh}->getline; + chomp $lines[0]; + chomp $lines[1]; + } else { + @lines = split( "\n", $record->{text}, -1 ); + } if ( $lines[ 1 ] =~ m/^From / ) { - my $tmp = $lines[ 0 ]; - $lines[ 0 ] = $lines[ 1 ]; - $lines[ 1 ] = $tmp; + @lines = reverse @lines; } if ( !( $lines[ 0 ] =~ m/^From / ) ) { unshift @lines, "From unknown $date"; - } - map { s/^(>*From )/>$1/ } @lines[ 1 .. $#lines ]; - print join( "\n", @lines ) . "\n"; + } + print $lines[0]."\n"; + print map { s/^(>*From )/>$1/; $_."\n" } @lines[ 1 .. $#lines ]; + if ($record->{inner_file}) { + my $fh = $record->{fh}; + print $_ while (<$fh>); + } } exit 0; } else { + if (defined $att and defined $msg and @records) { + binmode(STDOUT,":raw"); + $msg_num++; + print handle_email_message($records[0], + ref => $ref, + msg_num => $msg_num, + att => $att, + msg => $msg, + trim_headers => $trim_headers, + ); + exit 0; + } my %seen_msg_ids; for my $record (@records) { $msg_num++; @@ -191,7 +282,11 @@ else { next; } $skip_next = 1 if $record->{type} eq 'html' and not $boring; - push @log, handle_record($record,$ref,$msg_num,\%seen_msg_ids); + push @log, handle_record($record,$ref,$msg_num, + \%seen_msg_ids, + trim_headers => $trim_headers, + avatars => $avatars, + ); } } @@ -211,218 +306,115 @@ my $tpack; my $tmain; my $dtime = strftime "%a, %e %b %Y %T UTC", gmtime; -$tail_html = $gHTMLTail; -$tail_html =~ s/SUBSTITUTE_DTIME/$dtime/; -my %status = %{get_bug_status(bug=>$ref)}; unless (%status) { - print "Content-Type: text/html; charset=utf-8\n\n"; - print fill_in_template(template=>'cgi/no_such_bug', - variables => {modify_time => $dtime, - bug_num => $ref, - }, - ) - exit 0; -} - -$|=1; - -$tpack = lc $status{'package'}; -my @tpacks = splitpackages($tpack); - -if ($status{severity} eq 'normal') { - $showseverity = ''; -} elsif (isstrongseverity($status{severity})) { - $showseverity = "Severity: $status{severity};\n"; -} else { - $showseverity = "Severity: $status{severity};\n"; + no_such_bug($q,$ref); } -if (@{$status{found_versions}} or @{$status{fixed_versions}}) { - $indexentry.= q(
version graph
}; -} +#$|=1; -$indexentry .= "
\n"; -$indexentry .= htmlize_packagelinks($status{package}, 0) . ";\n"; +my @packages = make_list($status{package}); -foreach my $pkg (@tpacks) { - my $tmaint = defined($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)'; - my $tsrc = defined($pkgsrc{$pkg}) ? $pkgsrc{$pkg} : '(unknown)'; - $indexentry .= - htmlize_maintlinks(sub { $_[0] == 1 ? "Maintainer for $pkg is\n" - : "Maintainers for $pkg are\n" }, - $tmaint); - $indexentry .= ";\nSource for $pkg is\n". - '$tsrc" if ($tsrc ne "(unknown)"); - $indexentry .= ".\n"; +my %packages_affects; +for my $p_a (qw(package affects)) { + foreach my $pkg (make_list($status{$p_a})) { + if ($pkg =~ /^src\:/) { + my ($srcpkg) = $pkg =~ /^src:(.*)/; + $packages_affects{$p_a}{$pkg} = + {maintainer => exists($maintainer{$srcpkg}) ? $maintainer{$srcpkg} : '(unknown)', + source => $srcpkg, + package => $pkg, + is_source => 1, + }; + } + else { + $packages_affects{$p_a}{$pkg} = + {maintainer => exists($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)', + exists($pkgsrc{$pkg}) ? (source => $pkgsrc{$pkg}) : (), + package => $pkg, + }; + } + } } -$indexentry .= "
"; -$indexentry .= htmlize_addresslinks("Reported by: ", \&submitterurl, - $status{originator}) . ";\n"; -$indexentry .= sprintf "Date: %s.\n", - (strftime "%a, %e %b %Y %T UTC", localtime($status{date})); - -$indexentry .= "
Owned by: " . html_escape($status{owner}) . ".\n" - if length $status{owner}; - -$indexentry .= "
\n"; - -my @descstates; - -$indexentry .= "

$showseverity"; -$indexentry .= sprintf "Tags: %s;\n", - html_escape(join(", ", sort(split(/\s+/, $status{tags})))) - if length($status{tags}); -$indexentry .= "
" if (length($showseverity) or length($status{tags})); - -my @merged= split(/ /,$status{mergedwith}); -if (@merged) { - my $descmerged = 'Merged with '; - my $mseparator = ''; - for my $m (@merged) { - $descmerged .= $mseparator."#$m"; - $mseparator= ",\n"; - } - push @descstates, $descmerged; -} +# fixup various bits of the status +$status{tags_array} = [sort(make_list($status{tags}))]; +$status{date_text} = strftime('%a, %e %b %Y %T UTC', gmtime($status{date})); +$status{mergedwith_array} = [make_list($status{mergedwith})]; -if (@{$status{found_versions}}) { - my $foundtext = 'Found in '; - $foundtext .= (@{$status{found_versions}} == 1) ? 'version ' : 'versions '; - $foundtext .= join ', ', map html_escape($_), @{$status{found_versions}}; - push @descstates, $foundtext; -} -if (@{$status{fixed_versions}}) { - my $fixedtext = 'Fixed in '; - $fixedtext .= (@{$status{fixed_versions}} == 1) ? 'version ' : 'versions '; - $fixedtext .= join ', ', map html_escape($_), @{$status{fixed_versions}}; - if (length($status{done})) { - $fixedtext .= ' by ' . html_escape(decode_rfc1522($status{done})); - } - push @descstates, $fixedtext; -} +my $version_graph = ''; if (@{$status{found_versions}} or @{$status{fixed_versions}}) { - push @descstates, 'Version Graph}; -} - -if (length($status{done})) { - push @descstates, "Done: ".html_escape(decode_rfc1522($status{done})); + $version_graph = q(version graph}; } -if (length($status{forwarded})) { - my $forward_link = html_escape($status{forwarded}); - $forward_link =~ s,((ftp|http|https)://[\S~-]+?/?)((\>\;)?[)]?[']?[:.\,]?(\s|$)),$1$3,go; - push @descstates, "Forwarded to $forward_link"; -} -my @blockedby= split(/ /, $status{blockedby}); +my @blockedby= make_list($status{blockedby}); +$status{blockedby_array} = []; if (@blockedby && $status{"pending"} ne 'fixed' && ! length($status{done})) { for my $b (@blockedby) { my %s = %{get_bug_status($b)}; next if $s{"pending"} eq 'fixed' || length $s{done}; - push @descstates, "Fix blocked by #$b: ".html_escape($s{subject}); - } + push @{$status{blockedby_array}},{bug_num => $b, subject => $s{subject}, status => \%s}; + } } -my @blocks= split(/ /, $status{blocks}); +my @blocks= make_list($status{blocks}); +$status{blocks_array} = []; if (@blocks && $status{"pending"} ne 'fixed' && ! length($status{done})) { for my $b (@blocks) { my %s = %{get_bug_status($b)}; next if $s{"pending"} eq 'fixed' || length $s{done}; - push @descstates, "Blocking fix for #$b: ".html_escape($s{subject}); + push @{$status{blocks_array}}, {bug_num => $b, subject => $s{subject}, status => \%s}; } } if ($buglog !~ m#^\Q$gSpoolDir/db#) { - push @descstates, "Bug is archived. No further changes may be made"; + $status{archived} = 1; } -$indexentry .= join(";\n
", @descstates) . ".\n" if @descstates; -$indexentry .= "

\n"; - my $descriptivehead = $indexentry; -print "Content-Type: text/html; charset=utf-8\n"; - -my @stat = stat $buglog; -if (@stat) { - my $mtime = strftime '%a, %d %b %Y %T GMT', gmtime($stat[9]); - print "Last-Modified: $mtime\n"; -} - -print "\n"; - -my $title = html_escape($status{subject}); - -my $dummy2 = $gWebHostBugDir; - -print "\n"; -print < -$short - $title - $gProject $gBug report logs - - - - - -END -print "

" . "$gProject $gBug report logs - $short" . - "
" . $title . "

\n"; -print "$descriptivehead\n"; - -if (looks_like_number($msg)) { - printf qq(

Full log

),html_escape(bug_url($ref)); -} -else { - print qq(

Reply ), - qq(or subscribe ), - qq(to this bug.

\n); - print qq(

Toggle useless messages

); - printf qq(

View this report as an mbox folder, ). - qq(status mbox, maintainer mbox

\n), - html_escape(bug_url($ref, mbox=>'yes')), - html_escape(bug_url($ref, mbox=>'yes',mboxstatus=>'yes')), - html_escape(bug_url($ref, mbox=>'yes',mboxmaint=>'yes')); -} -print "$log"; -print "
"; -print "

Send a report that this bug log contains spam.

\n
\n"; -print $tail_html; - -print "\n"; - -exit 0; +print $q->header(-type => "text/html", + -charset => 'utf-8', + (length $mtime)?(-last_modified => $mtime):(), + ); + +print fill_in_template(template => 'cgi/bugreport', + variables => {status => \%status, + package => $packages_affects{'package'}, + affects => $packages_affects{'affects'}, + log => $log, + bug_num => $ref, + version_graph => $version_graph, + msg => $msg, + isstrongseverity => \&Debbugs::Status::isstrongseverity, + html_escape => \&Debbugs::CGI::html_escape, + looks_like_number => \&Scalar::Util::looks_like_number, + make_list => \&Debbugs::Common::make_list, + }, + hole_var => {'&package_links' => \&Debbugs::CGI::package_links, + '&bug_links' => \&Debbugs::CGI::bug_links, + '&version_url' => \&Debbugs::CGI::version_url, + '&bug_url' => \&Debbugs::CGI::bug_url, + '&strftime' => \&POSIX::strftime, + '&maybelink' => \&Debbugs::CGI::maybelink, + }, + );