Bug 285112: Move ValidateBugID out of CGI.pl - Patch by Frédéric Buclin…

Bugzilla/Bug.pm

@@ -50,7 +50,7 @@ use Bugzilla::Error;
 use base qw(Exporter);
 @Bugzilla::Bug::EXPORT = qw(
     AppendComment ValidateComment
-    bug_alias_to_id ValidateBugAlias
+    bug_alias_to_id ValidateBugAlias ValidateBugID
     RemoveVotes CheckIfVotedConfirmed
 );
 
@@ -1102,6 +1102,50 @@ sub CheckIfVotedConfirmed {
 # Field Validation
 #
 
+# Validates and verifies a bug ID, making sure the number is a 
+# positive integer, that it represents an existing bug in the
+# database, and that the user is authorized to access that bug.
+# We detaint the number here, too.
+sub ValidateBugID {
+    my ($id, $field) = @_;
+    my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
+
+    # Get rid of white-space around the ID.
+    $id = trim($id);
+    
+    # If the ID isn't a number, it might be an alias, so try to convert it.
+    my $alias = $id;
+    if (!detaint_natural($id)) {
+        $id = bug_alias_to_id($alias);
+        $id || ThrowUserError("invalid_bug_id_or_alias",
+                              {'bug_id' => $alias,
+                               'field'  => $field });
+    }
+    
+    # Modify the calling code's original variable to contain the trimmed,
+    # converted-from-alias ID.
+    $_[0] = $id;
+    
+    # First check that the bug exists
+    $dbh->selectrow_array("SELECT bug_id FROM bugs WHERE bug_id = ?", undef, $id)
+      || ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
+
+    return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
+    
+    return if $user->can_see_bug($id);
+
+    # The user did not pass any of the authorization tests, which means they
+    # are not authorized to see the bug.  Display an error and stop execution.
+    # The error the user sees depends on whether or not they are logged in
+    # (i.e. $user->id contains the user's positive integer ID).
+    if ($user->id) {
+        ThrowUserError("bug_access_denied", {'bug_id' => $id});
+    } else {
+        ThrowUserError("bug_access_query", {'bug_id' => $id});
+    }
+}
+
 # ValidateBugAlias:
 #   Check that the bug alias is valid and not used by another bug.  If 
 #   curr_id is specified, verify the alias is not used for any other

CGI.pl

@@ -107,51 +107,6 @@ sub CheckFormFieldDefined ($$) {
     }
 }
 
-sub ValidateBugID {
-    # Validates and verifies a bug ID, making sure the number is a 
-    # positive integer, that it represents an existing bug in the
-    # database, and that the user is authorized to access that bug.
-    # We detaint the number here, too
-
-    my ($id, $field) = @_;
-    
-    # Get rid of white-space around the ID.
-    $id = trim($id);
-    
-    # If the ID isn't a number, it might be an alias, so try to convert it.
-    my $alias = $id;
-    if (!detaint_natural($id)) {
-        $id = bug_alias_to_id($alias);
-        $id || ThrowUserError("invalid_bug_id_or_alias",
-                              {'bug_id' => $alias,
-                               'field'  => $field });
-    }
-    
-    # Modify the calling code's original variable to contain the trimmed,
-    # converted-from-alias ID.
-    $_[0] = $id;
-    
-    # First check that the bug exists
-    SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $id");
-
-    FetchOneColumn()
-      || ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
-
-    return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
-    
-    return if Bugzilla->user->can_see_bug($id);
-
-    # The user did not pass any of the authorization tests, which means they
-    # are not authorized to see the bug.  Display an error and stop execution.
-    # The error the user sees depends on whether or not they are logged in
-    # (i.e. $::userid contains the user's positive integer ID).
-    if ($::userid) {
-        ThrowUserError("bug_access_denied", {'bug_id' => $id});
-    } else {
-        ThrowUserError("bug_access_query", {'bug_id' => $id});
-    }
-}
-
 sub CheckEmailSyntax {
     my ($addr) = (@_);
     my $match = Param('emailregexp');

showdependencygraph.cgi

@@ -30,6 +30,7 @@ use Bugzilla;
 use Bugzilla::Config qw(:DEFAULT $webdotdir);
 use Bugzilla::Util;
 use Bugzilla::BugMail;
+use Bugzilla::Bug;
 
 require "CGI.pl";
 

showdependencytree.cgi

@@ -28,6 +28,7 @@ use strict;
 use lib qw(.);
 require "CGI.pl";
 use Bugzilla::User;
+use Bugzilla::Bug;
 
 # Use global template variables.
 use vars qw($template $vars);