Merge tag 'bugzilla-4.4.9'gentoo-4.4.9

author: Robin H. Johnson <robbat2@gentoo.org> 2015-04-16 09:12:15 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2015-04-16 09:12:15 -0700
commit: f31fc33877281e3861ae2103158a59e40f60040e (patch)
tree: fe704c2ec79f6b263cb52efffed2fec4294c9ad3 /Bugzilla
parent: Merge remote-tracking branch 'origin/upstream' (diff)
parent: Bumped version to 4.4.9 (diff)
download: bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.gz
bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.bz2
bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.zip
5 files changed, 116 insertions, 15 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 6504d73c1..2530c4ceb 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -182,7 +182,7 @@ use Memoize;
 # CONSTANTS
 #
 # Bugzilla version
-use constant BUGZILLA_VERSION => "4.4.8";
+use constant BUGZILLA_VERSION => "4.4.9";
 
 # Location of the remote and local XML files to track new releases.
 use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index b80eb2e63..9721c1702 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -43,7 +43,22 @@ our @EXPORT = qw(
 use constant HT_DEFAULT_DENY => <<EOT;
 # nothing in this directory is retrievable unless overridden by an .htaccess
 # in a subdirectory
-deny from all
+<IfModule mod_version.c>
+  <IfVersion < 2.4>
+    Deny from all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    <IfModule mod_perl.c>
+      Deny from all
+    </IfModule>
+    <IfModule !mod_perl.c>
+      Require all denied
+    </IfModule>
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+    Deny from all
+</IfModule>
 EOT
 
 ###############
@@ -329,11 +344,41 @@ EOT
         "$graphsdir/.htaccess" => { perms => WS_SERVE, contents => <<EOT
 # Allow access to .png and .gif files.
 <FilesMatch (\\.gif|\\.png)\$>
-  Allow from all
+  <IfModule mod_version.c>
+    <IfVersion < 2.4>
+      Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+      <IfModule mod_perl.c>
+        Allow from all
+      </IfModule>
+      <IfModule !mod_perl.c>
+        Require all granted
+      </IfModule>
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from all
+  </IfModule>
 </FilesMatch>
 
 # And no directory listings, either.
-Deny from all
+<IfModule mod_version.c>
+  <IfVersion < 2.4>
+    Deny from all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    <IfModule mod_perl.c>
+      Deny from all
+    </IfModule>
+    <IfModule !mod_perl.c>
+      Require all denied
+    </IfModule>
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+  Deny from all
+</IfModule>
 EOT
         },
 
@@ -342,17 +387,65 @@ EOT
 # if research.att.com ever changes their IP, or if you use a different
 # webdot server, you'll need to edit this
 <FilesMatch \\.dot\$>
-  Allow from 192.20.225.0/24
-  Deny from all
+  <IfModule mod_version.c>
+    <IfVersion < 2.4>
+      Allow from 192.20.225.0/24
+      Deny from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+      <IfModule mod_perl.c>
+        Allow from 192.20.225.0/24
+        Deny from all
+      </IfModule>
+      <IfModule !mod_perl.c>
+        Require ip 192.20.225.0/24
+        Require all denied
+      </IfModule>
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from 192.20.225.0/24
+    Deny from all
+  </IfModule>
 </FilesMatch>
 
 # Allow access to .png files created by a local copy of 'dot'
 <FilesMatch \\.png\$>
-  Allow from all
+  <IfModule mod_version.c>
+    <IfVersion < 2.4>
+      Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+      <IfModule mod_perl.c>
+        Allow from all
+      </IfModule>
+      <IfModule !mod_perl.c>
+        Require all granted
+      </IfModule>
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from all
+  </IfModule>
 </FilesMatch>
 
 # And no directory listings, either.
-Deny from all
+<IfModule mod_version.c>
+  <IfVersion < 2.4>
+    Deny from all
+  </IfVersion>
+  <IfVersion >= 2.4>
+    <IfModule mod_perl.c>
+      Deny from all
+    </IfModule>
+    <IfModule !mod_perl.c>
+      Require all denied
+    </IfModule>
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+  Deny from all
+</IfModule>
 EOT
         },
     );
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index eaab6002e..d67df03dd 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -31,7 +31,7 @@ use Date::Format;
 use Date::Parse;
 use Scalar::Util qw(blessed);
 use List::MoreUtils qw(all firstidx part uniq);
-use POSIX qw(INT_MAX);
+use POSIX qw(INT_MAX floor);
 use Storable qw(dclone);
 use Time::HiRes qw(gettimeofday tv_interval);
 
@@ -2129,7 +2129,8 @@ sub SqlifyDate {
         }
         elsif ($unit eq 'm') {
             $month -= $amount;
-            while ($month<0) { $year--; $month += 12; }
+            $year += floor($month/12);
+            $month %= 12;
             if ($startof) {
                 return sprintf("%4d-%02d-01 00:00:00", $year+1900, $month+1);
             }
@@ -2400,11 +2401,17 @@ sub _user_nonchanged {
 sub _long_desc_changedby {
     my ($self, $args) = @_;
     my ($chart_id, $joins, $value) = @$args{qw(chart_id joins value)};
-    
+
     my $table = "longdescs_$chart_id";
     push(@$joins, { table => 'longdescs', as => $table });
     my $user_id = $self->_get_user_id($value);
     $args->{term} = "$table.who = $user_id";
+
+    # If the user is not part of the insiders group, they cannot see
+    # private comments
+    if (!$self->_user->is_insider) {
+        $args->{term} .= " AND $table.isprivate = 0";
+    }
 }
 
 sub _long_desc_changedbefore_after {
@@ -2412,7 +2419,7 @@ sub _long_desc_changedbefore_after {
     my ($chart_id, $operator, $value, $joins) =
         @$args{qw(chart_id operator value joins)};
     my $dbh = Bugzilla->dbh;
-    
+
     my $sql_operator = ($operator =~ /before/) ? '<=' : '>=';
     my $table = "longdescs_$chart_id";
     my $sql_date = $dbh->quote(SqlifyDate($value));
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index a9357a5e8..48c25fc35 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -28,7 +28,6 @@ use Bugzilla::Group;
 use DateTime::TimeZone;
 use List::Util qw(max);
 use Scalar::Util qw(blessed);
-use Storable qw(dclone);
 use URI;
 use URI::QueryParam;
 
@@ -123,7 +122,7 @@ sub new {
     my $class = ref($invocant) || $invocant;
     my ($param) = @_;
 
-    my $user = DEFAULT_USER;
+    my $user = { %{ DEFAULT_USER() } };
     bless ($user, $class);
     return $user unless $param;
 
@@ -141,7 +140,7 @@ sub super_user {
     my $class = ref($invocant) || $invocant;
     my ($param) = @_;
 
-    my $user = dclone(DEFAULT_USER);
+    my $user = { %{ DEFAULT_USER() } };
     $user->{groups} = [Bugzilla::Group->get_all];
     $user->{bless_groups} = [Bugzilla::Group->get_all];
     bless $user, $class;
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 419e5aac6..006925994 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -57,6 +57,8 @@ use constant PUBLIC_METHODS => qw(
     create
     fields
     get
+    get_bugs
+    get_history
     history
     legal_values
     possible_duplicates
author	Robin H. Johnson <robbat2@gentoo.org>	2015-04-16 09:12:15 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2015-04-16 09:12:15 -0700
commit	f31fc33877281e3861ae2103158a59e40f60040e (patch)
tree	fe704c2ec79f6b263cb52efffed2fec4294c9ad3 /Bugzilla
parent	Merge remote-tracking branch 'origin/upstream' (diff)
parent	Bumped version to 4.4.9 (diff)
download	bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.gz bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.bz2 bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.zip