Skip to content

bugzilla
bugzilla
Commit fa82fac5 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 303703: Eliminate deprecated Bugzilla::DB routines from editflagtypes.cgi -…

Bug 303703: Eliminate deprecated Bugzilla::DB routines from editflagtypes.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=joel a=justdave
parent d0ca2c2f
Hide whitespace changes
Inline Side-by-side
Showing with 107 additions and 97 deletions
editflagtypes.cgi
View file @ fa82fac5
...@@ -112,6 +112,7 @@ sub list { ...@@ -112,6 +112,7 @@ sub list {
sub edit { sub edit {
$action eq 'enter' ? validateTargetType() : (my $id = validateID()); $action eq 'enter' ? validateTargetType() : (my $id = validateID());
my $dbh = Bugzilla->dbh;
# Get this installation's products and components. # Get this installation's products and components.
GetVersionTable(); GetVersionTable();
...@@ -140,8 +141,9 @@ sub edit { ...@@ -140,8 +141,9 @@ sub edit {
foreach my $group ("grant_gid", "request_gid") { foreach my $group ("grant_gid", "request_gid") {
my $gid = $vars->{'type'}->{$group}; my $gid = $vars->{'type'}->{$group};
next if (!$gid); next if (!$gid);
SendSQL("SELECT name FROM groups WHERE id = $gid"); ($vars->{'type'}->{$group}) =
$vars->{'type'}->{$group} = FetchOneColumn(); $dbh->selectrow_array('SELECT name FROM groups WHERE id = ?',
undef, $gid);
} }
} }
# Otherwise set the target type (the minimal information about the type # Otherwise set the target type (the minimal information about the type
...@@ -238,9 +240,9 @@ sub clusion_array_to_hash { ...@@ -238,9 +240,9 @@ sub clusion_array_to_hash {
} }
sub insert { sub insert {
validateName(); my $name = validateName();
validateDescription(); my $description = validateDescription();
validateCCList(); my $cc_list = validateCCList();
validateTargetType(); validateTargetType();
validateSortKey(); validateSortKey();
validateIsActive(); validateIsActive();
...@@ -251,9 +253,6 @@ sub insert { ...@@ -251,9 +253,6 @@ sub insert {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $name = SqlQuote($cgi->param('name'));
my $description = SqlQuote($cgi->param('description'));
my $cc_list = SqlQuote($cgi->param('cc_list'));
my $target_type = $cgi->param('target_type') eq "bug" ? "b" : "a"; my $target_type = $cgi->param('target_type') eq "bug" ? "b" : "a";
$dbh->bz_lock_tables('flagtypes WRITE', 'products READ', $dbh->bz_lock_tables('flagtypes WRITE', 'products READ',
...@@ -261,23 +260,21 @@ sub insert { ...@@ -261,23 +260,21 @@ sub insert {
'flagexclusions WRITE'); 'flagexclusions WRITE');
# Determine the new flag type's unique identifier. # Determine the new flag type's unique identifier.
SendSQL("SELECT MAX(id) FROM flagtypes"); my $id = $dbh->selectrow_array('SELECT MAX(id) FROM flagtypes') + 1;
my $id = FetchSQLData() + 1;
# Insert a record for the new flag type into the database. # Insert a record for the new flag type into the database.
SendSQL("INSERT INTO flagtypes (id, name, description, cc_list, $dbh->do('INSERT INTO flagtypes
target_type, sortkey, is_active, is_requestable, (id, name, description, cc_list, target_type,
is_requesteeble, is_multiplicable, sortkey, is_active, is_requestable,
grant_group_id, request_group_id) is_requesteeble, is_multiplicable,
VALUES ($id, $name, $description, $cc_list, '$target_type', " . grant_group_id, request_group_id)
$cgi->param('sortkey') . ", " . VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
$cgi->param('is_active') . ", " . undef, ($id, $name, $description, $cc_list, $target_type,
$cgi->param('is_requestable') . ", " . $cgi->param('sortkey'), $cgi->param('is_active'),
$cgi->param('is_requesteeble') . ", " . $cgi->param('is_requestable'), $cgi->param('is_requesteeble'),
$cgi->param('is_multiplicable') . ", " . $cgi->param('is_multiplicable'), scalar($cgi->param('grant_gid')),
$cgi->param('grant_gid') . ", " . scalar($cgi->param('request_gid'))));
$cgi->param('request_gid') . ")");
# Populate the list of inclusions/exclusions for this flag type. # Populate the list of inclusions/exclusions for this flag type.
validateAndSubmit($id); validateAndSubmit($id);
...@@ -297,9 +294,9 @@ sub insert { ...@@ -297,9 +294,9 @@ sub insert {
sub update { sub update {
my $id = validateID(); my $id = validateID();
validateName(); my $name = validateName();
validateDescription(); my $description = validateDescription();
validateCCList(); my $cc_list = validateCCList();
validateTargetType(); validateTargetType();
validateSortKey(); validateSortKey();
validateIsActive(); validateIsActive();
...@@ -309,26 +306,20 @@ sub update { ...@@ -309,26 +306,20 @@ sub update {
validateGroups(); validateGroups();
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $name = SqlQuote($cgi->param('name'));
my $description = SqlQuote($cgi->param('description'));
my $cc_list = SqlQuote($cgi->param('cc_list'));
$dbh->bz_lock_tables('flagtypes WRITE', 'products READ', $dbh->bz_lock_tables('flagtypes WRITE', 'products READ',
'components READ', 'flaginclusions WRITE', 'components READ', 'flaginclusions WRITE',
'flagexclusions WRITE'); 'flagexclusions WRITE');
SendSQL("UPDATE flagtypes $dbh->do('UPDATE flagtypes
SET name = $name , SET name = ?, description = ?, cc_list = ?,
description = $description , sortkey = ?, is_active = ?, is_requestable = ?,
cc_list = $cc_list , is_requesteeble = ?, is_multiplicable = ?,
sortkey = " . $cgi->param('sortkey') . ", grant_group_id = ?, request_group_id = ?
is_active = " . $cgi->param('is_active') . ", WHERE id = ?',
is_requestable = " . $cgi->param('is_requestable') . ", undef, ($name, $description, $cc_list, $cgi->param('sortkey'),
is_requesteeble = " . $cgi->param('is_requesteeble') . ", $cgi->param('is_active'), $cgi->param('is_requestable'),
is_multiplicable = " . $cgi->param('is_multiplicable') . ", $cgi->param('is_requesteeble'), $cgi->param('is_multiplicable'),
grant_group_id = " . $cgi->param('grant_gid') . ", scalar($cgi->param('grant_gid')), scalar($cgi->param('request_gid')),
request_group_id = " . $cgi->param('request_gid') . " $id));
WHERE id = $id");
# Update the list of inclusions/exclusions for this flag type. # Update the list of inclusions/exclusions for this flag type.
validateAndSubmit($id); validateAndSubmit($id);
...@@ -337,34 +328,40 @@ sub update { ...@@ -337,34 +328,40 @@ sub update {
# Clear existing flags for bugs/attachments in categories no longer on # Clear existing flags for bugs/attachments in categories no longer on
# the list of inclusions or that have been added to the list of exclusions. # the list of inclusions or that have been added to the list of exclusions.
SendSQL(" my $flag_ids = $dbh->selectcol_arrayref('SELECT flags.id
SELECT flags.id FROM flags
FROM flags INNER JOIN bugs
INNER JOIN bugs ON flags.bug_id = bugs.bug_id
ON flags.bug_id = bugs.bug_id LEFT OUTER JOIN flaginclusions AS i
LEFT OUTER JOIN flaginclusions AS i ON (flags.type_id = i.type_id
ON (flags.type_id = i.type_id AND (bugs.product_id = i.product_id
AND (bugs.product_id = i.product_id OR i.product_id IS NULL) OR i.product_id IS NULL)
AND (bugs.component_id = i.component_id OR i.component_id IS NULL)) AND (bugs.component_id = i.component_id
WHERE flags.type_id = $id OR i.component_id IS NULL))
AND flags.is_active = 1 WHERE flags.type_id = ?
AND i.type_id IS NULL AND flags.is_active = 1
"); AND i.type_id IS NULL',
Bugzilla::Flag::clear(FetchOneColumn()) while MoreSQLData(); undef, $id);
foreach my $flag_id (@$flag_ids) {
Bugzilla::Flag::clear($flag_id);
}
SendSQL(" $flag_ids = $dbh->selectcol_arrayref('SELECT flags.id
SELECT flags.id FROM flags
FROM flags INNER JOIN bugs
INNER JOIN bugs ON flags.bug_id = bugs.bug_id
ON flags.bug_id = bugs.bug_id INNER JOIN flagexclusions AS e
INNER JOIN flagexclusions AS e ON flags.type_id = e.type_id
ON flags.type_id = e.type_id WHERE flags.type_id = ?
WHERE flags.type_id = $id AND flags.is_active = 1
AND flags.is_active = 1 AND (bugs.product_id = e.product_id
AND (bugs.product_id = e.product_id OR e.product_id IS NULL) OR e.product_id IS NULL)
AND (bugs.component_id = e.component_id OR e.component_id IS NULL) AND (bugs.component_id = e.component_id
"); OR e.component_id IS NULL)',
Bugzilla::Flag::clear(FetchOneColumn()) while MoreSQLData(); undef, $id);
foreach my $flag_id (@$flag_ids) {
Bugzilla::Flag::clear($flag_id);
}
$vars->{'name'} = $cgi->param('name'); $vars->{'name'} = $cgi->param('name');
$vars->{'message'} = "flag_type_changes_saved"; $vars->{'message'} = "flag_type_changes_saved";
...@@ -413,13 +410,13 @@ sub deleteType { ...@@ -413,13 +410,13 @@ sub deleteType {
# Get the name of the flag type so we can tell users # Get the name of the flag type so we can tell users
# what was deleted. # what was deleted.
SendSQL("SELECT name FROM flagtypes WHERE id = $id"); ($vars->{'name'}) = $dbh->selectrow_array('SELECT name FROM flagtypes
$vars->{'name'} = FetchOneColumn(); WHERE id = ?', undef, $id);
SendSQL("DELETE FROM flags WHERE type_id = $id"); $dbh->do('DELETE FROM flags WHERE type_id = ?', undef, $id);
SendSQL("DELETE FROM flaginclusions WHERE type_id = $id"); $dbh->do('DELETE FROM flaginclusions WHERE type_id = ?', undef, $id);
SendSQL("DELETE FROM flagexclusions WHERE type_id = $id"); $dbh->do('DELETE FROM flagexclusions WHERE type_id = ?', undef, $id);
SendSQL("DELETE FROM flagtypes WHERE id = $id"); $dbh->do('DELETE FROM flagtypes WHERE id = ?', undef, $id);
$dbh->bz_unlock_tables(); $dbh->bz_unlock_tables();
$vars->{'message'} = "flag_type_deleted"; $vars->{'message'} = "flag_type_deleted";
...@@ -440,7 +437,7 @@ sub deactivate { ...@@ -440,7 +437,7 @@ sub deactivate {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
$dbh->bz_lock_tables('flagtypes WRITE'); $dbh->bz_lock_tables('flagtypes WRITE');
SendSQL("UPDATE flagtypes SET is_active = 0 WHERE id = $id"); $dbh->do('UPDATE flagtypes SET is_active = 0 WHERE id = ?', undef, $id);
$dbh->bz_unlock_tables(); $dbh->bz_unlock_tables();
$vars->{'message'} = "flag_type_deactivated"; $vars->{'message'} = "flag_type_deactivated";
...@@ -460,42 +457,52 @@ sub deactivate { ...@@ -460,42 +457,52 @@ sub deactivate {
################################################################################ ################################################################################
sub validateID { sub validateID {
my $dbh = Bugzilla->dbh;
# $flagtype_id is destroyed if detaint_natural fails. # $flagtype_id is destroyed if detaint_natural fails.
my $flagtype_id = $cgi->param('id'); my $flagtype_id = $cgi->param('id');
detaint_natural($flagtype_id) detaint_natural($flagtype_id)
|| ThrowCodeError("flag_type_id_invalid", || ThrowCodeError("flag_type_id_invalid",
{ id => scalar $cgi->param('id') }); { id => scalar $cgi->param('id') });
SendSQL("SELECT 1 FROM flagtypes WHERE id = $flagtype_id"); my $flagtype_exists =
FetchOneColumn() $dbh->selectrow_array('SELECT 1 FROM flagtypes WHERE id = ?',
undef, $flagtype_id);
$flagtype_exists
|| ThrowCodeError("flag_type_nonexistent", { id => $flagtype_id }); || ThrowCodeError("flag_type_nonexistent", { id => $flagtype_id });
return $flagtype_id; return $flagtype_id;
} }
sub validateName { sub validateName {
$cgi->param('name') my $name = $cgi->param('name');
&& $cgi->param('name') !~ /[ ,]/ ($name && $name !~ /[ ,]/ && length($name) <= 50)
&& length($cgi->param('name')) <= 50
|| ThrowUserError("flag_type_name_invalid", || ThrowUserError("flag_type_name_invalid",
{ name => scalar $cgi->param('name') }); { name => $name });
trick_taint($name);
return $name;
} }
sub validateDescription { sub validateDescription {
length($cgi->param('description')) < 2**16-1 my $description = $cgi->param('description');
length($description) < 2**16-1
|| ThrowUserError("flag_type_description_invalid"); || ThrowUserError("flag_type_description_invalid");
trick_taint($description);
return $description;
} }
sub validateCCList { sub validateCCList {
length($cgi->param('cc_list')) <= 200 my $cc_list = $cgi->param('cc_list');
length($cc_list) <= 200
|| ThrowUserError("flag_type_cc_list_invalid", || ThrowUserError("flag_type_cc_list_invalid",
{ cc_list => $cgi->param('cc_list') }); { cc_list => $cc_list });
my @addresses = split(/[, ]+/, $cgi->param('cc_list')); my @addresses = split(/[, ]+/, $cc_list);
foreach my $address (@addresses) { foreach my $address (@addresses) {
validate_email_syntax($address) validate_email_syntax($address)
|| ThrowUserError('illegal_email_address', {addr => $address}); || ThrowUserError('illegal_email_address', {addr => $address});
} }
trick_taint($cc_list);
return $cc_list;
} }
sub validateProduct { sub validateProduct {
...@@ -555,17 +562,20 @@ sub validateAllowMultiple { ...@@ -555,17 +562,20 @@ sub validateAllowMultiple {
} }
sub validateGroups { sub validateGroups {
my $dbh = Bugzilla->dbh;
# Convert group names to group IDs # Convert group names to group IDs
foreach my $col ("grant_gid", "request_gid") { foreach my $col ("grant_gid", "request_gid") {
my $name = $cgi->param($col); my $name = $cgi->param($col);
$cgi->param($col, "NULL") unless $name; if ($name) {
next if (!$name); trick_taint($name);
SendSQL("SELECT id FROM groups WHERE name = " . SqlQuote($name)); my $gid = $dbh->selectrow_array('SELECT id FROM groups
my $gid = FetchOneColumn(); WHERE name = ?', undef, $name);
if (!$gid) { $gid || ThrowUserError("group_unknown", { name => $name });
ThrowUserError("group_unknown", { name => $name }); $cgi->param($col, $gid);
}
else {
$cgi->delete($col);
} }
$cgi->param($col, $gid);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment