X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=cgi%2Fpkgreport.cgi;h=d27caa13dc39c58dd5dc0a7216d1086fd39c32a1;hb=9e1812518c39ffaaa9000f08a4966323c58937ef;hp=8b733497728f8cd921fdc882dd60d96d4a16e5cb;hpb=9e9371254528241edc90f34f8b0d7a08dd1830ca;p=debbugs.git

diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index 8b73349..d27caa1 100755
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,7 +13,14 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+binmode(STDOUT,':encoding(UTF-8)');
 use POSIX qw(strftime nice);
+use List::AllUtils qw(uniq);
 
 use Debbugs::Config qw(:globals :text :config);
 
@@ -32,6 +39,14 @@ use Debbugs::CGI::Pkgreport qw(:all);
 
 use Debbugs::Text qw(:templates);
 
+use Debbugs::DB;
+
+my $s;
+if (defined $config{database}) {
+    $s = Debbugs::DB->connect($config{database}) or
+        die "Unable to connect to DB";
+}
+
 use CGI::Simple;
 my $q = new CGI::Simple;
 
@@ -54,6 +69,7 @@ our %param = cgi_parameters(query => $q,
 				       qw(bug-rev pend-rev sev-rev),
 				       qw(maxdays mindays version),
 				       qw(data which dist newest),
+				       qw(noaffects),
 				      ],
 			    default => $default_params,
 			   );
@@ -77,7 +93,8 @@ if (exists $param{form_options} and defined $param{form_options}) {
      }
      for my $incexc (qw(include exclude)) {
 	  next unless exists $param{$incexc};
-	  $param{$incexc} = [grep /\S\:\S/, make_list($param{$incexc})];
+	  # normalize tag to tags
+	  $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})];
      }
      for my $key (keys %package_search_keys) {
 	  next unless exists $param{key};
@@ -93,6 +110,16 @@ if (exists $param{form_options} and defined $param{form_options}) {
      exit 0;
 }
 
+# normalize innclude/exclude keys; currently this is in two locations,
+# which is suboptimal. Closes: #567407
+for my $incexc (qw(include exclude)) {
+    next unless exists $param{$incexc};
+    # normalize tag to tags
+    $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})];
+}
+
+
+
 # map from yes|no to 1|0
 for my $key (qw(repeatmerged bug-rev pend-rev sev-rev)) {
      if (exists $param{$key}){
@@ -210,7 +237,8 @@ our %cats = (
         "ord" => [2,3,4,1,0,5],
     } ],
     "oldview" => [ qw(status severity) ],
-    "normal" => [ qw(status severity classification) ],
+	     "normal" => [ qw(status severity classification) ],
+	     raw => [{nam => 'Raw',def => 'Raw'}],
 );
 
 if (exists $param{which} and exists $param{data}) {
@@ -257,7 +285,8 @@ if (defined $param{usertag}) {
      }
 }
 
-quitcgi("You have to choose something to select by") unless grep {exists $param{$_}} keys %package_search_keys;
+quitcgi("You have to choose something to select by", '400 Bad Request')
+  unless grep {exists $param{$_}} keys %package_search_keys;
 
 
 my $Archived = $param{archive} ? " Archived" : "";
@@ -358,21 +387,27 @@ my $title = $gBugs.' '.join(' and ', map {/ or /?"($_)":$_} @title);
 		  grep {$_ ne 'newest'}
 		  keys %package_search_keys, 'archive'),
 		 usertags => \%ut,
+		 defined $s?(schema => $s):(),
 		);
 
 # shove in bugs which affect this package if there is a package or a
 # source given (by default), but no affects options given
 if (not exists $param{affects} and not exists $param{noaffects} and
-    (exists $param{source} or
+    (exists $param{src} or
      exists $param{package})) {
-    push @bugs, get_bugs((map {exists $param{$_}?($_ =~ /^(?:package|source)$/?'affects':$_,
-						  ($_ eq 'source'?'src:'.$param{$_}:$param{$_})):()}
+    push @bugs, get_bugs((map {my $key = $_;
+			       exists $param{$key}?($key =~ /^(?:package|src)$/?'affects':$key,
+						  ($key eq 'src'?[map {"src:$_"}make_list($param{$key})]:$param{$_})):()}
 			  grep {$_ ne 'newest'}
 			  keys %package_search_keys, 'archive'),
 			 usertags => \%ut,
+                         defined $s?(schema => $s):(),
 			);
 }
 
+# filter out included or excluded bugs
+
+
 if (defined $param{version}) {
      $title .= " at version $param{version}";
 }
@@ -411,9 +446,11 @@ my $result = pkg_htmlizebugs(bugs => \@bugs,
 			     exclude => $exclude,
 			     this => $this,
 			     options => \%param,
+                             defined $s?(schema => $s):(),
 			     (exists $param{dist})?(dist    => $param{dist}):(),
 			    );
 
+print "Cache-Control: public, max-age=300\n";
 print "Content-Type: text/html; charset=utf-8\n\n";
 
 print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
@@ -467,10 +504,13 @@ if (exists $param{submitter}) {
 
 print $result;
 
-print pkg_javascript() . "\n";
+print fill_in_template(template=>'cgi/pkgreport_javascript');
 
 print qq(<h2 class="outstanding"><!--<a class="options" href="javascript:toggle(1)">-->Options<!--</a>--></h2>\n);
 
+$param{orderings} =
+    [uniq((grep {!$hidden{$_}} keys %cats),
+	  $param{ordering})];
 print option_form(template => 'cgi/pkgreport_options',
 		  param    => \%param,
 		  form_options => $form_options,