X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=cgi%2Fbugreport.cgi;h=70f42292644f437e1284a6ba0aee2eeb5aabb635;hb=37fa4f5e9b7218b8a909f2c0502a12c6b7f5303e;hp=3c6b61eb74ba12ad3356a4229cff45470485d8c3;hpb=7bb2a79abf84ff8b00bcde72856513e48afaf798;p=debbugs.git

diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi
index 3c6b61e..70f4229 100755
--- a/cgi/bugreport.cgi
+++ b/cgi/bugreport.cgi
@@ -1,8 +1,14 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl
 
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+
 use POSIX qw(strftime);
 use MIME::Parser;
 use MIME::Decoder;
@@ -15,17 +21,23 @@ use Debbugs::Config qw(:globals :text);
 use Debbugs::Log qw(read_log_records);
 use Debbugs::CGI qw(:url :html :util);
 use Debbugs::CGI::Bugreport qw(:all);
-use Debbugs::Common qw(buglog getmaintainers make_list);
+use Debbugs::Common qw(buglog getmaintainers make_list bug_status);
 use Debbugs::Packages qw(getpkgsrc);
-use Debbugs::Status qw(splitpackages get_bug_status isstrongseverity);
+use Debbugs::Status qw(splitpackages split_status_fields get_bug_status isstrongseverity);
+
+use Debbugs::User;
 
 use Scalar::Util qw(looks_like_number);
 
 use Debbugs::Text qw(:templates);
 
+use List::Util qw(max);
+
 
 use CGI::Simple;
 my $q = new CGI::Simple;
+# STDOUT should be using the utf8 io layer
+binmode(STDOUT,':raw:encoding(UTF-8)');
 
 my %param = cgi_parameters(query => $q,
 			   single => [qw(bug msg att boring terse),
@@ -63,6 +75,34 @@ my %bugusertags;
 my %ut;
 my %seen_users;
 
+my $buglog = buglog($ref);
+my $bug_status = bug_status($ref);
+if (not defined $buglog or not defined $bug_status) {
+     print $q->header(-status => "404 No such bug",
+		      -type => "text/html",
+		      -charset => 'utf-8',
+		     );
+     print fill_in_template(template=>'cgi/no_such_bug',
+			    variables => {modify_time => strftime('%a, %e %b %Y %T UTC', gmtime),
+					  bug_num     => $ref,
+					 },
+			   );
+     exit 0;
+}
+
+# the log should almost always be newer, but just in case
+my $log_mtime = +(stat $buglog)[9] || time;
+my $status_mtime = +(stat $bug_status)[9] || time;
+my $mtime = strftime '%a, %d %b %Y %T GMT', gmtime(max($status_mtime,$log_mtime));
+
+if ($q->request_method() eq 'HEAD' and not defined($att) and not $mbox) {
+     print $q->header(-type => "text/html",
+		      -charset => 'utf-8',
+		      (length $mtime)?(-last_modified => $mtime):(),
+		     );
+     exit 0;
+}
+
 for my $user (map {split /[\s*,\s*]+/} make_list($param{users}||[])) {
     next unless length($user);
     add_user($user,\%ut,\%bugusertags,\%seen_users);
@@ -94,33 +134,6 @@ $mbox = 1 if $mbox_status_message or $mbox_maint;
 my $archive = $param{'archive'} eq 'yes';
 my $repeatmerged = $param{'repeatmerged'} eq 'yes';
 
-my $buglog = buglog($ref);
-if (not defined $buglog) {
-     print $q->header(-status => "404 No such bug",
-		      -type => "text/html",
-		      -charset => 'utf-8',
-		     );
-     print fill_in_template(template=>'cgi/no_such_bug',
-			    variables => {modify_time => strftime('%a, %e %b %Y %T UTC', gmtime),
-					  bug_num     => $ref,
-					 },
-			   );
-     exit 0;
-}
-
-my @stat = stat $buglog;
-my $mtime = '';
-if (@stat) {
-     $mtime = strftime '%a, %d %b %Y %T GMT', gmtime($stat[9]);
-}
-
-if ($q->request_method() eq 'HEAD' and not defined($att) and not $mbox) {
-     print $q->header(-type => "text/html",
-		      -charset => 'utf-8',
-		      (length $mtime)?(-last_modified => $mtime):(),
-		     );
-     exit 0;
-}
 
 
 my $buglogfh;
@@ -134,9 +147,10 @@ if ($buglog =~ m/\.gz$/) {
 }
 
 
-my %status = %{get_bug_status(bug=>$ref,
-			      bugusertags => \%bugusertags,
-			     )};
+my %status =
+    %{split_status_fields(get_bug_status(bug=>$ref,
+					 bugusertags => \%bugusertags,
+					))};
 
 my @records;
 eval{
@@ -157,6 +171,7 @@ if (defined($msg) and ($msg-1) <= $#records) {
 }
 my @log;
 if ( $mbox ) {
+     binmode(STDOUT,":raw");
      my $date = strftime "%a %b %d %T %Y", localtime;
      if (@records > 1) {
 	 print $q->header(-type => "text/plain",
@@ -209,11 +224,11 @@ END
 	  # we want to include control messages anyway
 	  my $record_wanted_anyway = 0;
 	  my ($msg_id) = $record->{text} =~ /^Message-Id:\s+<(.+)>/im;
-	  next if exists $seen_message_ids{$msg_id};
-	  next if $msg_id =~/handler\..+\.ack(?:info|done)?\@/;
+	  next if defined $msg_id and exists $seen_message_ids{$msg_id};
+	  next if defined $msg_id and $msg_id =~/handler\..+\.ack(?:info|done)?\@/;
 	  $record_wanted_anyway = 1 if $record->{text} =~ /^Received: \(at control\)/;
 	  next if not $boring and not $record->{type} eq $wanted_type and not $record_wanted_anyway and @records > 1;
-	  $seen_message_ids{$msg_id} = 1;
+	  $seen_message_ids{$msg_id} = 1 if defined $msg_id;
 	  my @lines = split( "\n", $record->{text}, -1 );
 	  if ( $lines[ 1 ] =~ m/^From / ) {
 	       my $tmp = $lines[ 0 ];
@@ -231,6 +246,7 @@ END
 
 else {
      if (defined $att and defined $msg and @records) {
+	 binmode(STDOUT,":raw");
 	  $msg_num++;
 	  print handle_email_message($records[0]->{text},
 				     ref => $ref,
@@ -286,19 +302,29 @@ unless (%status) {
 #$|=1;
 
 my %package;
-my @packages = splitpackages($status{package});
+my @packages = make_list($status{package});
 
 foreach my $pkg (@packages) {
-     $package{$pkg} = {maintainer => exists($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)',
-		       exists($pkgsrc{$pkg}) ? (source => $pkgsrc{$pkg}) : (),
-		       package    => $pkg,
-		      };
+     if ($pkg =~ /^src\:/) {
+	  my ($srcpkg) = $pkg =~ /^src:(.*)/;
+	  $package{$pkg} = {maintainer => exists($maintainer{$srcpkg}) ? $maintainer{$srcpkg} : '(unknown)',
+			    source     => $srcpkg,
+			    package    => $pkg,
+			    is_source  => 1,
+			   };
+     }
+     else {
+	  $package{$pkg} = {maintainer => exists($maintainer{$pkg}) ? $maintainer{$pkg} : '(unknown)',
+			    exists($pkgsrc{$pkg}) ? (source => $pkgsrc{$pkg}) : (),
+			    package    => $pkg,
+			   };
+     }
 }
 
 # fixup various bits of the status
-$status{tags_array} = [sort(split(/\s+/, $status{tags}))];
+$status{tags_array} = [sort(make_list($status{tags}))];
 $status{date_text} = strftime('%a, %e %b %Y %T UTC', gmtime($status{date}));
-$status{mergedwith_array} = [split(/ /,$status{mergedwith})];
+$status{mergedwith_array} = [make_list($status{mergedwith})];
 
 
 my $version_graph = '';
@@ -322,7 +348,7 @@ if (@{$status{found_versions}} or @{$status{fixed_versions}}) {
 
 
 
-my @blockedby= split(/ /, $status{blockedby});
+my @blockedby= make_list($status{blockedby});
 $status{blockedby_array} = [];
 if (@blockedby && $status{"pending"} ne 'fixed' && ! length($status{done})) {
     for my $b (@blockedby) {
@@ -332,7 +358,7 @@ if (@blockedby && $status{"pending"} ne 'fixed' && ! length($status{done})) {
    }
 }
 
-my @blocks= split(/ /, $status{blocks});
+my @blocks= make_list($status{blocks});
 $status{blocks_array} = [];
 if (@blocks && $status{"pending"} ne 'fixed' && ! length($status{done})) {
     for my $b (@blocks) {
@@ -363,6 +389,7 @@ print fill_in_template(template => 'cgi/bugreport',
 				     isstrongseverity => \&Debbugs::Status::isstrongseverity,
 				     html_escape   => \&Debbugs::CGI::html_escape,
 				     looks_like_number => \&Scalar::Util::looks_like_number,
+				     make_list        => \&Debbugs::Common::make_list,
 				    },
 		       hole_var  => {'&package_links' => \&Debbugs::CGI::package_links,
 				     '&bug_links'     => \&Debbugs::CGI::bug_links,