Use the CSRF token from the attachment page, rather than the bug page, when attaching files.

This fixes breakage caused by a recent BMO change.

A similar change was made to bzapi: http://hg.mozilla.org/webtools/bzapi/rev/5ca3562f2e6c

1 files changed, 14 insertions, 0 deletions

diff --git a/git-bz b/git-bz
index 4273acf..ae6f756 100755
--- a/git-bz
+++ b/git-bz
@@ -1178,6 +1178,18 @@ class Bug(object):
         if error != None:
             die ("Failed to retrieve bug information: %s" % error)
 
+        # Bugzilla now requires a separate token from the attachment creation
+        # page to create an attachment. There doesn't appear to be an XML
+        # interface to it, so we scrape away.
+        attachment_url = "/attachment.cgi?bugid=" + id + "&action=enter"
+        attachment_response = self.server.send_request("GET", attachment_url)
+        self.attachment_token = None
+        if response.status == 200:
+          attachment_match = re.search(r'name="token" value="([^"]+)',
+                                       attachment_response.read())
+          if attachment_match:
+            self.attachment_token = attachment_match.group(1)
+
         self.id = int(bug.find("bug_id").text)
         self.short_desc = bug.find("short_desc").text
         self.bug_status = bug.find("bug_status").text
@@ -1286,6 +1298,8 @@ class Bug(object):
     def create_patch(self, description, comment, filename, data, obsoletes=[], status='none'):
         fields = {}
         fields['bugid'] = str(self.id)
+        if self.attachment_token:
+          fields['token'] = self.attachment_token
         fields['action'] = 'insert'
         fields['ispatch'] = '1'
         fields['attachments.status'] = status