Skip to content

bugzilla
bugzilla
Commit eb22d063 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 289373: Remove %FORM from editproducts.cgi - Patch by Teemu Mannermaa…

Bug 289373: Remove %FORM from editproducts.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
parent fa9ffe5e
Hide whitespace changes
Inline Side-by-side
Showing with 45 additions and 50 deletions
editproducts.cgi
View file @ eb22d063
...@@ -43,11 +43,6 @@ use Bugzilla::Config qw(:DEFAULT $datadir); ...@@ -43,11 +43,6 @@ use Bugzilla::Config qw(:DEFAULT $datadir);
# doesn't work for me. # doesn't work for me.
use vars qw(@legal_bug_status @legal_resolution); use vars qw(@legal_bug_status @legal_resolution);
sub sillyness {
my $zz;
$zz = %::MFORM;
}
my %ctl = ( my %ctl = (
&::CONTROLMAPNA => 'NA', &::CONTROLMAPNA => 'NA',
&::CONTROLMAPSHOWN => 'Shown', &::CONTROLMAPSHOWN => 'Shown',
...@@ -263,7 +258,8 @@ sub PutTrailer (@) ...@@ -263,7 +258,8 @@ sub PutTrailer (@)
my $user = Bugzilla->login(LOGIN_REQUIRED); my $user = Bugzilla->login(LOGIN_REQUIRED);
my $whoid = $user->id; my $whoid = $user->id;
print Bugzilla->cgi->header(); my $cgi = Bugzilla->cgi;
print $cgi->header();
UserInGroup("editcomponents") UserInGroup("editcomponents")
|| ThrowUserError("auth_failure", {group => "editcomponents", || ThrowUserError("auth_failure", {group => "editcomponents",
...@@ -273,9 +269,9 @@ UserInGroup("editcomponents") ...@@ -273,9 +269,9 @@ UserInGroup("editcomponents")
# #
# often used variables # often used variables
# #
my $classification = trim($::FORM{classification} || ''); my $classification = trim($cgi->param('classification') || '');
my $product = trim($::FORM{product} || ''); my $product = trim($cgi->param('product') || '');
my $action = trim($::FORM{action} || ''); my $action = trim($cgi->param('action') || '');
my $headerdone = 0; my $headerdone = 0;
my $localtrailer = "<A HREF=\"editproducts.cgi\">edit</A> more products"; my $localtrailer = "<A HREF=\"editproducts.cgi\">edit</A> more products";
my $classhtmlvarstart = ""; my $classhtmlvarstart = "";
...@@ -457,7 +453,7 @@ if ($action eq 'new') { ...@@ -457,7 +453,7 @@ if ($action eq 'new') {
} }
} }
my $version = trim($::FORM{version} || ''); my $version = trim($cgi->param('version') || '');
if ($version eq '') { if ($version eq '') {
print "You must enter a version for product '$product'. Please press\n"; print "You must enter a version for product '$product'. Please press\n";
...@@ -466,17 +462,17 @@ if ($action eq 'new') { ...@@ -466,17 +462,17 @@ if ($action eq 'new') {
exit; exit;
} }
my $description = trim($::FORM{description} || ''); my $description = trim($cgi->param('description') || '');
my $milestoneurl = trim($::FORM{milestoneurl} || ''); my $milestoneurl = trim($cgi->param('milestoneurl') || '');
my $disallownew = 0; my $disallownew = 0;
$disallownew = 1 if $::FORM{disallownew}; $disallownew = 1 if $cgi->param('disallownew');
my $votesperuser = $::FORM{votesperuser}; my $votesperuser = $cgi->param('votesperuser');
$votesperuser ||= 0; $votesperuser ||= 0;
my $maxvotesperbug = $::FORM{maxvotesperbug}; my $maxvotesperbug = $cgi->param('maxvotesperbug');
$maxvotesperbug = 10000 if !defined $maxvotesperbug; $maxvotesperbug = 10000 if !defined $maxvotesperbug;
my $votestoconfirm = $::FORM{votestoconfirm}; my $votestoconfirm = $cgi->param('votestoconfirm');
$votestoconfirm ||= 0; $votestoconfirm ||= 0;
my $defaultmilestone = $::FORM{defaultmilestone} || "---"; my $defaultmilestone = $cgi->param('defaultmilestone') || "---";
my $classification_id = 1; my $classification_id = 1;
if (Param('useclassification')) { if (Param('useclassification')) {
...@@ -546,14 +542,15 @@ if ($action eq 'new') { ...@@ -546,14 +542,15 @@ if ($action eq 'new') {
CONTROLMAPNA . ", 0)"); CONTROLMAPNA . ", 0)");
} }
if ($::FORM{createseries}) { if ($cgi->param('createseries')) {
# Insert default charting queries for this product. # Insert default charting queries for this product.
# If they aren't using charting, this won't do any harm. # If they aren't using charting, this won't do any harm.
GetVersionTable(); GetVersionTable();
# $::FORM{'open_name'} and $product are sqlquoted by the series # $open_name and $product are sqlquoted by the series code
# code and never used again here, so we can trick_taint them. # and never used again here, so we can trick_taint them.
trick_taint($::FORM{'open_name'}); my $open_name = $cgi->param('open_name');
trick_taint($open_name);
trick_taint($product); trick_taint($product);
my @series; my @series;
...@@ -574,11 +571,11 @@ if ($action eq 'new') { ...@@ -574,11 +571,11 @@ if ($action eq 'new') {
my @openedstatuses = OpenStates(); my @openedstatuses = OpenStates();
my $query = my $query =
join("&", map { "bug_status=" . url_quote($_) } @openedstatuses); join("&", map { "bug_status=" . url_quote($_) } @openedstatuses);
push(@series, [$::FORM{'open_name'}, $query]); push(@series, [$open_name, $query]);
foreach my $sdata (@series) { foreach my $sdata (@series) {
my $series = new Bugzilla::Series(undef, $product, my $series = new Bugzilla::Series(undef, $product,
$::FORM{'subcategory'}, scalar $cgi->param('subcategory'),
$sdata->[0], $::userid, 1, $sdata->[0], $::userid, 1,
$sdata->[1] . "&product=" . url_quote($product), 1); $sdata->[1] . "&product=" . url_quote($product), 1);
$series->writeToDatabase(); $series->writeToDatabase();
...@@ -1008,19 +1005,17 @@ if ($action eq 'updategroupcontrols') { ...@@ -1008,19 +1005,17 @@ if ($action eq 'updategroupcontrols') {
my $product_id = get_product_id($product); my $product_id = get_product_id($product);
my @now_na = (); my @now_na = ();
my @now_mandatory = (); my @now_mandatory = ();
foreach my $f (keys %::FORM) { foreach my $f ($cgi->param()) {
if ($f =~ /^membercontrol_(\d+)$/) { if ($f =~ /^membercontrol_(\d+)$/) {
my $id = $1; my $id = $1;
if ($::FORM{$f} == CONTROLMAPNA) { if ($cgi->param($f) == CONTROLMAPNA) {
push @now_na,$id; push @now_na,$id;
} elsif ($::FORM{$f} == CONTROLMAPMANDATORY) { } elsif ($cgi->param($f) == CONTROLMAPMANDATORY) {
push @now_mandatory,$id; push @now_mandatory,$id;
} }
} }
} }
if (!($::FORM{'confirmed'})) { if (!defined $cgi->param('confirmed')) {
$vars->{'form'} = \%::FORM;
$vars->{'mform'} = \%::MFORM;
my @na_groups = (); my @na_groups = ();
if (@now_na) { if (@now_na) {
SendSQL("SELECT groups.name, COUNT(bugs.bug_id) SendSQL("SELECT groups.name, COUNT(bugs.bug_id)
...@@ -1073,8 +1068,8 @@ if ($action eq 'updategroupcontrols') { ...@@ -1073,8 +1068,8 @@ if ($action eq 'updategroupcontrols') {
"WHERE isbuggroup != 0 AND isactive != 0"); "WHERE isbuggroup != 0 AND isactive != 0");
while (MoreSQLData()){ while (MoreSQLData()){
my ($groupid, $groupname) = FetchSQLData(); my ($groupid, $groupname) = FetchSQLData();
my $newmembercontrol = $::FORM{"membercontrol_$groupid"} || 0; my $newmembercontrol = $cgi->param("membercontrol_$groupid") || 0;
my $newothercontrol = $::FORM{"othercontrol_$groupid"} || 0; my $newothercontrol = $cgi->param("othercontrol_$groupid") || 0;
# Legality of control combination is a function of # Legality of control combination is a function of
# membercontrol\othercontrol # membercontrol\othercontrol
# NA SH DE MA # NA SH DE MA
...@@ -1105,10 +1100,10 @@ if ($action eq 'updategroupcontrols') { ...@@ -1105,10 +1100,10 @@ if ($action eq 'updategroupcontrols') {
while (MoreSQLData()) { while (MoreSQLData()) {
my ($groupid, $groupname, $entry, $membercontrol, my ($groupid, $groupname, $entry, $membercontrol,
$othercontrol, $canedit) = FetchSQLData(); $othercontrol, $canedit) = FetchSQLData();
my $newentry = $::FORM{"entry_$groupid"} || 0; my $newentry = $cgi->param("entry_$groupid") || 0;
my $newmembercontrol = $::FORM{"membercontrol_$groupid"} || 0; my $newmembercontrol = $cgi->param("membercontrol_$groupid") || 0;
my $newothercontrol = $::FORM{"othercontrol_$groupid"} || 0; my $newothercontrol = $cgi->param("othercontrol_$groupid") || 0;
my $newcanedit = $::FORM{"canedit_$groupid"} || 0; my $newcanedit = $cgi->param("canedit_$groupid") || 0;
my $oldentry = $entry; my $oldentry = $entry;
$entry = $entry || 0; $entry = $entry || 0;
$membercontrol = $membercontrol || 0; $membercontrol = $membercontrol || 0;
...@@ -1233,21 +1228,21 @@ if ($action eq 'updategroupcontrols') { ...@@ -1233,21 +1228,21 @@ if ($action eq 'updategroupcontrols') {
if ($action eq 'update') { if ($action eq 'update') {
PutHeader("Update product"); PutHeader("Update product");
my $productold = trim($::FORM{productold} || ''); my $productold = trim($cgi->param('productold') || '');
my $description = trim($::FORM{description} || ''); my $description = trim($cgi->param('description') || '');
my $descriptionold = trim($::FORM{descriptionold} || ''); my $descriptionold = trim($cgi->param('descriptionold') || '');
my $disallownew = trim($::FORM{disallownew} || ''); my $disallownew = trim($cgi->param('disallownew') || '');
my $disallownewold = trim($::FORM{disallownewold} || ''); my $disallownewold = trim($cgi->param('disallownewold') || '');
my $milestoneurl = trim($::FORM{milestoneurl} || ''); my $milestoneurl = trim($cgi->param('milestoneurl') || '');
my $milestoneurlold = trim($::FORM{milestoneurlold} || ''); my $milestoneurlold = trim($cgi->param('milestoneurlold') || '');
my $votesperuser = trim($::FORM{votesperuser} || 0); my $votesperuser = trim($cgi->param('votesperuser') || 0);
my $votesperuserold = trim($::FORM{votesperuserold} || 0); my $votesperuserold = trim($cgi->param('votesperuserold') || 0);
my $maxvotesperbug = trim($::FORM{maxvotesperbug} || 0); my $maxvotesperbug = trim($cgi->param('maxvotesperbug') || 0);
my $maxvotesperbugold = trim($::FORM{maxvotesperbugold} || 0); my $maxvotesperbugold = trim($cgi->param('maxvotesperbugold') || 0);
my $votestoconfirm = trim($::FORM{votestoconfirm} || 0); my $votestoconfirm = trim($cgi->param('votestoconfirm') || 0);
my $votestoconfirmold = trim($::FORM{votestoconfirmold} || 0); my $votestoconfirmold = trim($cgi->param('votestoconfirmold') || 0);
my $defaultmilestone = trim($::FORM{defaultmilestone} || '---'); my $defaultmilestone = trim($cgi->param('defaultmilestone') || '---');
my $defaultmilestoneold = trim($::FORM{defaultmilestoneold} || '---'); my $defaultmilestoneold = trim($cgi->param('defaultmilestoneold') || '---');
my $checkvotes = 0; my $checkvotes = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment