aboutsummaryrefslogtreecommitdiff
blob: 930eb58df36e15c7ae60ae51d7118eb5795baada (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/usr/bin/perl -T
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

###############################################################################
# This CGI is a general template display engine. To display templates using it,
# put them in the "pages" subdirectory of en/default, call them
# "foo.<ctype>.tmpl" and use the URL page.cgi?id=foo.<ctype> , where <ctype> is
# a content-type, e.g. html.
###############################################################################

use 5.10.1;
use strict;
use warnings;

use lib qw(. lib);

use Bugzilla;
use Bugzilla::Error;
use Bugzilla::Hook;
use Bugzilla::Search::Quicksearch;

###############
# Subroutines #
###############

# For quicksearch.html.
sub quicksearch_field_names {
  my $fields = Bugzilla::Search::Quicksearch->FIELD_MAP;
  my %fields_reverse;

  # Put longer names before shorter names.
  my @nicknames = sort { length($b) <=> length($a) } (keys %$fields);
  foreach my $nickname (@nicknames) {
    my $db_field = $fields->{$nickname};
    $fields_reverse{$db_field} ||= [];
    push(@{$fields_reverse{$db_field}}, $nickname);
  }
  return \%fields_reverse;
}

###############
# Main Script #
###############

Bugzilla->login();

my $cgi      = Bugzilla->cgi;
my $template = Bugzilla->template;

my $id = $cgi->param('id');
if ($id) {

  # Be careful not to allow directory traversal.
  if ($id =~ /\.\./) {

    # two dots in a row is bad
    ThrowUserError("bad_page_cgi_id", {"page_id" => $id});
  }

  # Split into name and ctype.
  $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
  if (!$2) {

    # if this regexp fails to match completely, something bad came in
    ThrowUserError("bad_page_cgi_id", {"page_id" => $id});
  }

  my %vars = (quicksearch_field_names => \&quicksearch_field_names,);
  Bugzilla::Hook::process('page_before_template',
    {page_id => $id, vars => \%vars});

  my $format = $template->get_format("pages/$1", undef, $2);

  $cgi->param('id', $id);

  print $cgi->header($format->{'ctype'});

  $template->process("$format->{'template'}", \%vars)
    || ThrowTemplateError($template->error());
}
else {
  ThrowUserError("no_page_specified");
}