Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
a062bd42
Commit
a062bd42
authored
Feb 03, 2005
by
travis%sedsystems.ca
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 278018 : Eliminate deprecated Bugzilla::DB routines from buglist.cgi
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=wurblzap a=justdave
parent
1ce81369
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
111 additions
and
87 deletions
+111
-87
buglist.cgi
buglist.cgi
+111
-87
No files found.
buglist.cgi
View file @
a062bd42
...
@@ -57,6 +57,7 @@ use vars qw($db_name
...
@@ -57,6 +57,7 @@ use vars qw($db_name
@versions)
;
@versions)
;
my
$cgi
=
Bugzilla
->
cgi
;
my
$cgi
=
Bugzilla
->
cgi
;
my
$dbh
=
Bugzilla
->
dbh
;
if
(
length
(
$::buffer
)
==
0
)
{
if
(
length
(
$::buffer
)
==
0
)
{
print
$cgi
->
header
(
-
refresh
=>
'10; URL=query.cgi'
);
print
$cgi
->
header
(
-
refresh
=>
'10; URL=query.cgi'
);
...
@@ -195,10 +196,13 @@ sub iCalendarDateTime {
...
@@ -195,10 +196,13 @@ sub iCalendarDateTime {
sub
LookupNamedQuery
{
sub
LookupNamedQuery
{
my
(
$name
)
=
@_
;
my
(
$name
)
=
@_
;
Bugzilla
->
login
(
LOGIN_REQUIRED
);
Bugzilla
->
login
(
LOGIN_REQUIRED
);
my
$userid
=
Bugzilla
->
user
->
id
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$qname
=
SqlQuote
(
$name
);
# $name is safe -- we only use it below in a SELECT placeholder and then
SendSQL
(
"SELECT query FROM namedqueries WHERE userid = $userid AND name = $qname"
);
# in error messages (which are always HTML-filtered).
my
$result
=
FetchOneColumn
();
trick_taint
(
$name
);
my
$result
=
$dbh
->
selectrow_array
(
"SELECT query FROM namedqueries"
.
" WHERE userid = ? AND name = ?"
,
undef
,
(
Bugzilla
->
user
->
id
,
$name
));
defined
(
$result
)
||
ThrowUserError
(
"missing_query"
,
{
'queryname'
=>
$name
});
defined
(
$result
)
||
ThrowUserError
(
"missing_query"
,
{
'queryname'
=>
$name
});
$result
$result
...
@@ -207,60 +211,114 @@ sub LookupNamedQuery {
...
@@ -207,60 +211,114 @@ sub LookupNamedQuery {
return
$result
;
return
$result
;
}
}
# Inserts a Named Query (a "Saved Search") into the database, or
# updates a Named Query that already exists..
# Takes four arguments:
# userid - The userid who the Named Query will belong to.
# query_name - A string that names the new Named Query, or the name
# of an old Named Query to update. If this is blank, we
# will throw a UserError. Leading and trailing whitespace
# will be stripped from this value before it is inserted
# into the DB.
# query - The query part of the buglist.cgi URL, unencoded. Must not be
# empty, or we will throw a UserError.
# link_in_footer (optional) - 1 if the Named Query should be
# displayed in the user's footer, 0 otherwise.
#
# All parameters are validated before passing them into the database.
#
# Returns: A boolean true value if the query existed in the database
# before, and we updated it. A boolean false value otherwise.
sub
InsertNamedQuery
($$$;$) {
my
(
$userid
,
$query_name
,
$query
,
$link_in_footer
)
=
@_
;
$link_in_footer
||=
0
;
$query_name
=
trim
(
$query_name
);
Bugzilla
->
login
(
LOGIN_REQUIRED
);
my
$dbh
=
Bugzilla
->
dbh
;
my
$query_existed_before
;
# Validate the query name.
$query_name
||
ThrowUserError
(
"query_name_missing"
);
$query_name
!~
/[<>&]/
||
ThrowUserError
(
"illegal_query_name"
);
trick_taint
(
$query_name
);
detaint_natural
(
$userid
);
detaint_natural
(
$link_in_footer
);
$query
||
ThrowUserError
(
"buglist_parameters_required"
,
{
'queryname'
=>
$query
});
# $query is safe, because we always urlencode or html_quote
# it when we display it to the user.
trick_taint
(
$query
);
$dbh
->
do
(
"LOCK TABLES namedqueries WRITE"
);
my
$result
=
$dbh
->
selectrow_array
(
"SELECT userid FROM namedqueries"
.
" WHERE userid = ? AND name = ?"
,
undef
,
(
$userid
,
$query_name
));
if
(
$result
)
{
$query_existed_before
=
1
;
$dbh
->
do
(
"UPDATE namedqueries"
.
" SET query = ?, linkinfooter = ?"
.
" WHERE userid = ? AND name = ?"
,
undef
,
(
$query
,
$link_in_footer
,
$userid
,
$query_name
));
}
else
{
$query_existed_before
=
0
;
$dbh
->
do
(
"INSERT INTO namedqueries"
.
" (userid, name, query, linkinfooter)"
.
" VALUES (?, ?, ?, ?)"
,
undef
,
(
$userid
,
$query_name
,
$query
,
$link_in_footer
));
}
$dbh
->
do
(
"UNLOCK TABLES"
);
return
$query_existed_before
;
}
sub
LookupSeries
{
sub
LookupSeries
{
my
(
$series_id
)
=
@_
;
my
(
$series_id
)
=
@_
;
detaint_natural
(
$series_id
)
||
ThrowCodeError
(
"invalid_series_id"
);
detaint_natural
(
$series_id
)
||
ThrowCodeError
(
"invalid_series_id"
);
my
$dbh
=
Bugzilla
->
dbh
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$result
=
$dbh
->
selectrow_array
(
"SELECT query FROM series "
.
my
$result
=
$dbh
->
selectrow_array
(
"SELECT query FROM series "
.
"WHERE series_id = $series_id"
);
"WHERE series_id = ?"
,
undef
,
(
$series_id
));
$result
$result
||
ThrowCodeError
(
"invalid_series_id"
,
{
'series_id'
=>
$series_id
});
||
ThrowCodeError
(
"invalid_series_id"
,
{
'series_id'
=>
$series_id
});
return
$result
;
return
$result
;
}
}
sub
GetQuip
{
sub
GetQuip
{
my
$dbh
=
Bugzilla
->
dbh
;
my
$quip
;
# COUNT is quick because it is cached for MySQL. We may want to revisit
# COUNT is quick because it is cached for MySQL. We may want to revisit
# this when we support other databases.
# this when we support other databases.
my
$count
=
$dbh
->
selectrow_array
(
"SELECT COUNT(quip)"
SendSQL
(
"SELECT COUNT(quip) FROM quips WHERE approved = 1"
);
.
" FROM quips WHERE approved = 1"
);
my
$count
=
FetchOneColumn
();
my
$random
=
int
(
rand
(
$count
));
my
$random
=
int
(
rand
(
$count
));
SendSQL
(
"SELECT quip FROM quips WHERE approved = 1 LIMIT $random,1"
);
my
$quip
=
$dbh
->
selectrow_array
(
"SELECT quip FROM quips"
if
(
MoreSQLData
())
{
.
" WHERE approved = 1 LIMIT $random,1"
);
(
$quip
)
=
FetchSQLData
();
}
return
$quip
;
return
$quip
;
}
}
sub
GetGroupsByUserId
{
sub
GetGroupsByUserId
{
my
(
$userid
)
=
@_
;
my
(
$userid
)
=
@_
;
my
$dbh
=
Bugzilla
->
dbh
;
return
if
!
$userid
;
return
if
!
$userid
;
SendSQL
(
"
# Create an array where each item is a hash. The hash contains
SELECT DISTINCT groups.id, name, description, isactive
# as keys the name of the columns, which point to the value of
# the columns for that row.
my
$groups
=
$dbh
->
selectall_arrayref
(
"SELECT DISTINCT groups.id, name, description, isactive
FROM groups, user_group_map
FROM groups, user_group_map
WHERE user_id =
$userid
AND isbless = 0
WHERE user_id =
?
AND isbless = 0
AND user_group_map.group_id = groups.id
AND user_group_map.group_id = groups.id
AND isbuggroup = 1
AND isbuggroup = 1
ORDER BY description "
);
ORDER BY description "
,
{},
(
$userid
));
my
@groups
;
while
(
MoreSQLData
())
{
my
$group
=
{};
(
$group
->
{
'id'
},
$group
->
{
'name'
},
$group
->
{
'description'
},
$group
->
{
'isactive'
})
=
FetchSQLData
();
push
(
@groups
,
$group
);
}
return
\
@
groups
;
return
$
groups
;
}
}
...
@@ -319,9 +377,14 @@ if ($::FORM{'cmdtype'} eq "dorem") {
...
@@ -319,9 +377,14 @@ if ($::FORM{'cmdtype'} eq "dorem") {
}
}
elsif
(
$::FORM
{
'remaction'
}
eq
"forget"
)
{
elsif
(
$::FORM
{
'remaction'
}
eq
"forget"
)
{
Bugzilla
->
login
(
LOGIN_REQUIRED
);
Bugzilla
->
login
(
LOGIN_REQUIRED
);
my
$userid
=
Bugzilla
->
user
->
id
;
# Copy the name into a variable, so that we can trick_taint it for
my
$qname
=
SqlQuote
(
$::FORM
{
'namedcmd'
});
# the DB. We know it's safe, because we're using placeholders in
SendSQL
(
"DELETE FROM namedqueries WHERE userid = $userid AND name = $qname"
);
# the SQL, and the SQL is only a DELETE.
my
$qname
=
$::FORM
{
'namedcmd'
};
trick_taint
(
$qname
);
$dbh
->
do
(
"DELETE FROM namedqueries"
.
" WHERE userid = ? AND name = ?"
,
undef
,
(
$userid
,
$qname
));
# Now reset the cached queries
# Now reset the cached queries
Bugzilla
->
user
->
flush_queries_cache
();
Bugzilla
->
user
->
flush_queries_cache
();
...
@@ -339,70 +402,29 @@ if ($::FORM{'cmdtype'} eq "dorem") {
...
@@ -339,70 +402,29 @@ if ($::FORM{'cmdtype'} eq "dorem") {
elsif
((
$::FORM
{
'cmdtype'
}
eq
"doit"
)
&&
$::FORM
{
'remtype'
})
{
elsif
((
$::FORM
{
'cmdtype'
}
eq
"doit"
)
&&
$::FORM
{
'remtype'
})
{
if
(
$::FORM
{
'remtype'
}
eq
"asdefault"
)
{
if
(
$::FORM
{
'remtype'
}
eq
"asdefault"
)
{
Bugzilla
->
login
(
LOGIN_REQUIRED
);
Bugzilla
->
login
(
LOGIN_REQUIRED
);
my
$userid
=
Bugzilla
->
user
->
id
;
InsertNamedQuery
(
Bugzilla
->
user
->
id
,
DEFAULT_QUERY_NAME
,
$::buffer
);
my
$qname
=
SqlQuote
(
DEFAULT_QUERY_NAME
);
my
$qbuffer
=
SqlQuote
(
$::buffer
);
SendSQL
(
"LOCK TABLES namedqueries WRITE"
);
SendSQL
(
"SELECT userid FROM namedqueries WHERE userid = $userid "
.
"AND name = $qname"
);
my
$result
=
FetchOneColumn
();
if
(
$result
)
{
SendSQL
(
"UPDATE namedqueries SET query = $qbuffer "
.
"WHERE userid = $userid AND name = $qname"
);
}
else
{
SendSQL
(
"INSERT INTO namedqueries (userid, name, query, linkinfooter) VALUES "
.
"($userid, $qname, $qbuffer, 0)"
);
}
SendSQL
(
"UNLOCK TABLES"
);
$vars
->
{
'message'
}
=
"buglist_new_default_query"
;
$vars
->
{
'message'
}
=
"buglist_new_default_query"
;
}
}
elsif
(
$::FORM
{
'remtype'
}
eq
"asnamed"
)
{
elsif
(
$::FORM
{
'remtype'
}
eq
"asnamed"
)
{
Bugzilla
->
login
(
LOGIN_REQUIRED
);
Bugzilla
->
login
(
LOGIN_REQUIRED
);
my
$userid
=
Bugzilla
->
user
->
id
;
my
$userid
=
Bugzilla
->
user
->
id
;
my
$query_name
=
$::FORM
{
'newqueryname'
};
my
$name
=
trim
(
$::FORM
{
'newqueryname'
});
$name
||
ThrowUserError
(
"query_name_missing"
);
$name
!~
/[<>&]/
||
ThrowUserError
(
"illegal_query_name"
);
my
$qname
=
SqlQuote
(
$name
);
$::FORM
{
'newquery'
}
||
ThrowUserError
(
"buglist_parameters_required"
,
{
'queryname'
=>
$name
});
my
$qbuffer
=
SqlQuote
(
$::FORM
{
'newquery'
});
my
$tofooter
=
1
;
my
$tofooter
=
1
;
my
$existed_before
=
InsertNamedQuery
(
$userid
,
$query_name
,
$vars
->
{
'message'
}
=
"buglist_new_named_query"
;
$::FORM
{
'newquery'
},
$tofooter
);
if
(
$existed_before
)
{
# We want to display the correct message. Check if it existed before
# we insert, because ->queries may fetch from the db anyway
if
(
grep
{
$_
->
{
name
}
eq
$name
}
@
{
Bugzilla
->
user
->
queries
()})
{
$vars
->
{
'message'
}
=
"buglist_updated_named_query"
;
$vars
->
{
'message'
}
=
"buglist_updated_named_query"
;
}
}
SendSQL
(
"LOCK TABLES namedqueries WRITE"
);
SendSQL
(
"SELECT query FROM namedqueries WHERE userid = $userid AND name = $qname"
);
if
(
FetchOneColumn
())
{
SendSQL
(
"UPDATE namedqueries
SET query = $qbuffer , linkinfooter = $tofooter
WHERE userid = $userid AND name = $qname"
);
}
else
{
else
{
SendSQL
(
"INSERT INTO namedqueries (userid, name, query, linkinfooter)
$vars
->
{
'message'
}
=
"buglist_new_named_query"
;
VALUES ($userid, $qname, $qbuffer, $tofooter)"
);
}
}
SendSQL
(
"UNLOCK TABLES"
);
# Make sure to invalidate any cached query data, so that the footer is
# Make sure to invalidate any cached query data, so that the footer is
# correctly displayed
# correctly displayed
Bugzilla
->
user
->
flush_queries_cache
();
Bugzilla
->
user
->
flush_queries_cache
();
$vars
->
{
'queryname'
}
=
$name
;
$vars
->
{
'queryname'
}
=
$
query_
name
;
print
$cgi
->
header
();
print
$cgi
->
header
();
$template
->
process
(
"global/message.html.tmpl"
,
$vars
)
$template
->
process
(
"global/message.html.tmpl"
,
$vars
)
...
@@ -766,7 +788,8 @@ $::SIG{TERM} = 'DEFAULT';
...
@@ -766,7 +788,8 @@ $::SIG{TERM} = 'DEFAULT';
$::SIG
{
PIPE
}
=
'DEFAULT'
;
$::SIG
{
PIPE
}
=
'DEFAULT'
;
# Execute the query.
# Execute the query.
SendSQL
(
$query
);
my
$buglist_sth
=
$dbh
->
prepare
(
$query
);
$buglist_sth
->
execute
();
################################################################################
################################################################################
...
@@ -783,7 +806,7 @@ my @bugidlist;
...
@@ -783,7 +806,7 @@ my @bugidlist;
my
@bugs
;
# the list of records
my
@bugs
;
# the list of records
while
(
my
@row
=
FetchSQLData
())
{
while
(
my
@row
=
$buglist_sth
->
fetchrow_array
())
{
my
$bug
=
{};
# a record
my
$bug
=
{};
# a record
# Slurp the row of data into the record.
# Slurp the row of data into the record.
...
@@ -833,7 +856,8 @@ while (my @row = FetchSQLData()) {
...
@@ -833,7 +856,8 @@ while (my @row = FetchSQLData()) {
# or because of human choice
# or because of human choice
my
%
min_membercontrol
;
my
%
min_membercontrol
;
if
(
@bugidlist
)
{
if
(
@bugidlist
)
{
SendSQL
(
"SELECT DISTINCT bugs.bug_id, MIN(group_control_map.membercontrol) "
.
my
$sth
=
$dbh
->
prepare
(
"SELECT DISTINCT bugs.bug_id, "
.
"MIN(group_control_map.membercontrol) "
.
"FROM bugs, bug_group_map "
.
"FROM bugs, bug_group_map "
.
"LEFT JOIN group_control_map "
.
"LEFT JOIN group_control_map "
.
"ON group_control_map.product_id=bugs.product_id "
.
"ON group_control_map.product_id=bugs.product_id "
.
...
@@ -841,8 +865,8 @@ if (@bugidlist) {
...
@@ -841,8 +865,8 @@ if (@bugidlist) {
"WHERE bugs.bug_id = bug_group_map.bug_id "
.
"WHERE bugs.bug_id = bug_group_map.bug_id "
.
"AND bugs.bug_id IN ("
.
join
(
','
,
@bugidlist
)
.
") "
.
"AND bugs.bug_id IN ("
.
join
(
','
,
@bugidlist
)
.
") "
.
"GROUP BY bugs.bug_id"
);
"GROUP BY bugs.bug_id"
);
while
(
MoreSQLData
())
{
$sth
->
execute
();
my
(
$bug_id
,
$min_membercontrol
)
=
FetchSQLData
();
while
(
my
(
$bug_id
,
$min_membercontrol
)
=
$sth
->
fetchrow_array
())
{
$min_membercontrol
{
$bug_id
}
=
$min_membercontrol
;
$min_membercontrol
{
$bug_id
}
=
$min_membercontrol
;
}
}
foreach
my
$bug
(
@bugs
)
{
foreach
my
$bug
(
@bugs
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
