Skip to content

bugzilla
bugzilla
Commit 36e61c47 authored by jocuri%softhome.net's avatar jocuri%softhome.net
Browse files
Options

Patch for bug 235278: eliminate %::FORM from userprefs.cgi; r=kiko, a=justdave.

parent 80e46a69
Show whitespace changes
Inline Side-by-side
Showing with 27 additions and 24 deletions
template/en/default/account/prefs/prefs.html.tmpl
View file @ 36e61c47
......@@ -20,7 +20,6 @@
#%]
[%# INTERFACE:
# login: string. The user's Bugzilla login email address.
# tabs: List of hashes. May not be empty. Each hash has three members:
# name: string. Name of the tab (used internally.)
# description: string. Description of the tab (used in tab title.)
......@@ -35,7 +34,7 @@
# message if required (which Perl still evaluates as True).
#%]
[% filtered_login = login FILTER html %]
[% filtered_login = user.login FILTER html %]
[% PROCESS global/header.html.tmpl
title = "User Preferences"
h2 = filtered_login
......
userprefs.cgi
View file @ 36e61c47
......@@ -19,6 +19,7 @@
# David Miller <justdave@syndicomm.com>
# Christopher Aillon <christopher@aillon.com>
# Gervase Markham <gerv@gerv.net>
# Vlad Dascalu <jocuri@softhome.net>
use strict;
......@@ -78,18 +79,20 @@ sub DoAccount {
}
sub SaveAccount {
my $pwd1 = $::FORM{'new_password1'};
my $pwd2 = $::FORM{'new_password2'};
my $cgi = Bugzilla->cgi;
if ($::FORM{'Bugzilla_password'} ne "" ||
my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2');
if ($cgi->param('Bugzilla_password') ne "" ||
$pwd1 ne "" || $pwd2 ne "")
{
my $old = SqlQuote($::FORM{'Bugzilla_password'});
my $old = SqlQuote($cgi->param('Bugzilla_password'));
SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
my $oldcryptedpwd = FetchOneColumn();
$oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
if (crypt($::FORM{'Bugzilla_password'}, $oldcryptedpwd) ne
if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne
$oldcryptedpwd)
{
ThrowUserError("old_password_incorrect");
......@@ -97,7 +100,8 @@ sub SaveAccount {
if ($pwd1 ne "" || $pwd2 ne "")
{
$::FORM{'new_password1'} || ThrowUserError("new_password_missing");
$cgi->param('new_password1')
|| ThrowUserError("new_password_missing");
ValidatePassword($pwd1, $pwd2);
my $cryptedpassword = SqlQuote(Crypt($pwd1));
......@@ -105,16 +109,16 @@ sub SaveAccount {
SET cryptpassword = $cryptedpassword
WHERE userid = $userid");
# Invalidate all logins except for the current one
InvalidateLogins($userid, $::COOKIE{"Bugzilla_logincookie"});
InvalidateLogins($userid, $cgi->cookie("Bugzilla_logincookie"));
}
}
if(Param("allowemailchange") && $::FORM{'new_login_name'}) {
my $old_login_name = $::FORM{'Bugzilla_login'};
my $new_login_name = trim($::FORM{'new_login_name'});
if(Param("allowemailchange") && $cgi->param('new_login_name')) {
my $old_login_name = $cgi->param('Bugzilla_login');
my $new_login_name = trim($cgi->param('new_login_name'));
if($old_login_name ne $new_login_name) {
$::FORM{'Bugzilla_password'}
$cgi->param('Bugzilla_password')
|| ThrowCodeError("old_password_required");
use Token;
......@@ -137,7 +141,7 @@ sub SaveAccount {
}
SendSQL("UPDATE profiles SET " .
"realname = " . SqlQuote(trim($::FORM{'realname'})) .
"realname = " . SqlQuote(trim($cgi->param('realname'))) .
" WHERE userid = $userid");
}
......@@ -207,15 +211,16 @@ sub DoEmail {
# Note: we no longer store "off" values in the database.
sub SaveEmail {
my $updateString = "";
my $cgi = Bugzilla->cgi;
if (defined $::FORM{'ExcludeSelf'}) {
if (defined $cgi->param('ExcludeSelf')) {
$updateString .= 'ExcludeSelf~on';
} else {
$updateString .= 'ExcludeSelf~';
}
foreach my $flag (qw(FlagRequestee FlagRequester)) {
$updateString .= "~$flag~" . (defined($::FORM{$flag}) ? "on" : "");
$updateString .= "~$flag~" . (defined $cgi->param($flag) ? "on" : "");
}
foreach my $role (@roles) {
......@@ -226,14 +231,14 @@ sub SaveEmail {
# If the form field for this preference is defined, then we
# know the checkbox was checked, so set the value to "on".
$updateString .= "on" if defined $::FORM{"email$role$reason"};
$updateString .= "on" if defined $cgi->param("email$role$reason");
}
}
SendSQL("UPDATE profiles SET emailflags = " . SqlQuote($updateString) .
" WHERE userid = $userid");
if (Param("supportwatchers") && exists $::FORM{'watchedusers'}) {
if (Param("supportwatchers") && defined $cgi->param('watchedusers')) {
# Just in case. Note that this much locking is actually overkill:
# we don't really care if anyone reads the watch table. So
# some small amount of contention could be gotten rid of by
......@@ -246,7 +251,7 @@ sub SaveEmail {
" watcher=$userid");
# Update the database to look like the form
my $newWatchedUsers = new RelationSet($::FORM{'watchedusers'});
my $newWatchedUsers = new RelationSet($cgi->param('watchedusers'));
my @CCDELTAS = $origWatchedUsers->generateSqlDeltas(
$newWatchedUsers,
"watch",
......@@ -300,10 +305,9 @@ GetVersionTable();
my $cgi = Bugzilla->cgi;
$vars->{'login'} = $::COOKIE{'Bugzilla_login'};
$vars->{'changes_saved'} = $::FORM{'dosave'};
$vars->{'changes_saved'} = $cgi->param('dosave');
my $current_tab_name = $::FORM{'tab'} || "account";
my $current_tab_name = $cgi->param('tab') || "account";
# The SWITCH below makes sure that this is valid
trick_taint($current_tab_name);
......@@ -313,12 +317,12 @@ $vars->{'current_tab_name'} = $current_tab_name;
# Do any saving, and then display the current tab.
SWITCH: for ($current_tab_name) {
/^account$/ && do {
SaveAccount() if $::FORM{'dosave'};
SaveAccount() if $cgi->param('dosave');
DoAccount();
last SWITCH;
};
/^email$/ && do {
SaveEmail() if $::FORM{'dosave'};
SaveEmail() if $cgi->param('dosave');
DoEmail();
last SWITCH;
};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment