forked from bugzilla/bugzilla
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpage.cgi
More file actions
executable file
·85 lines (70 loc) · 2.47 KB
/
page.cgi
File metadata and controls
executable file
·85 lines (70 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/perl -T
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
###############################################################################
# This CGI is a general template display engine. To display templates using it,
# put them in the "pages" subdirectory of en/default, call them
# "foo.<ctype>.tmpl" and use the URL page.cgi?id=foo.<ctype> , where <ctype> is
# a content-type, e.g. html.
###############################################################################
use 5.14.0;
use strict;
use warnings;
use lib qw(. lib local/lib/perl5);
use Bugzilla;
use Bugzilla::Error;
use Bugzilla::Hook;
use Bugzilla::Search::Quicksearch;
###############
# Subroutines #
###############
# For quicksearch.html.
sub quicksearch_field_names {
my $fields = Bugzilla::Search::Quicksearch->FIELD_MAP;
my %fields_reverse;
# Put longer names before shorter names.
my @nicknames = sort { length($b) <=> length($a) } (keys %$fields);
foreach my $nickname (@nicknames) {
my $db_field = $fields->{$nickname};
$fields_reverse{$db_field} ||= [];
push(@{ $fields_reverse{$db_field} }, $nickname);
}
return \%fields_reverse;
}
###############
# Main Script #
###############
Bugzilla->login();
my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
my $id = $cgi->param('id');
if ($id) {
# Be careful not to allow directory traversal.
if ($id =~ /\.\./) {
# two dots in a row is bad
ThrowUserError("bad_page_cgi_id", { "page_id" => $id });
}
# Split into name and ctype.
$id =~ /^([\w\-\/\.]+)\.(\w+)$/;
if (!$2) {
# if this regexp fails to match completely, something bad came in
ThrowUserError("bad_page_cgi_id", { "page_id" => $id });
}
my %vars = (
quicksearch_field_names => \&quicksearch_field_names,
);
Bugzilla::Hook::process('page_before_template',
{ page_id => $id, vars => \%vars });
my $format = $template->get_format("pages/$1", undef, $2);
$cgi->param('id', $id);
print $cgi->header($format->{'ctype'});
$template->process("$format->{'template'}", \%vars)
|| ThrowTemplateError($template->error());
}
else {
ThrowUserError("no_page_specified");
}