зеркало из https://github.com/mozilla/gecko-dev.git
Bug 285112: Move ValidateBugID out of CGI.pl - Patch by Fr�d�ric Buclin <LpSolit@gmail.com> r=joel,wicked a=justdave
This commit is contained in:
Родитель
b3c6b8174a
Коммит
e1bffda42e
|
@ -50,7 +50,7 @@ use Bugzilla::Error;
|
|||
use base qw(Exporter);
|
||||
@Bugzilla::Bug::EXPORT = qw(
|
||||
AppendComment ValidateComment
|
||||
bug_alias_to_id ValidateBugAlias
|
||||
bug_alias_to_id ValidateBugAlias ValidateBugID
|
||||
RemoveVotes CheckIfVotedConfirmed
|
||||
);
|
||||
|
||||
|
@ -1102,6 +1102,50 @@ sub CheckIfVotedConfirmed {
|
|||
# Field Validation
|
||||
#
|
||||
|
||||
# Validates and verifies a bug ID, making sure the number is a
|
||||
# positive integer, that it represents an existing bug in the
|
||||
# database, and that the user is authorized to access that bug.
|
||||
# We detaint the number here, too.
|
||||
sub ValidateBugID {
|
||||
my ($id, $field) = @_;
|
||||
my $dbh = Bugzilla->dbh;
|
||||
my $user = Bugzilla->user;
|
||||
|
||||
# Get rid of white-space around the ID.
|
||||
$id = trim($id);
|
||||
|
||||
# If the ID isn't a number, it might be an alias, so try to convert it.
|
||||
my $alias = $id;
|
||||
if (!detaint_natural($id)) {
|
||||
$id = bug_alias_to_id($alias);
|
||||
$id || ThrowUserError("invalid_bug_id_or_alias",
|
||||
{'bug_id' => $alias,
|
||||
'field' => $field });
|
||||
}
|
||||
|
||||
# Modify the calling code's original variable to contain the trimmed,
|
||||
# converted-from-alias ID.
|
||||
$_[0] = $id;
|
||||
|
||||
# First check that the bug exists
|
||||
$dbh->selectrow_array("SELECT bug_id FROM bugs WHERE bug_id = ?", undef, $id)
|
||||
|| ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
|
||||
|
||||
return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
|
||||
|
||||
return if $user->can_see_bug($id);
|
||||
|
||||
# The user did not pass any of the authorization tests, which means they
|
||||
# are not authorized to see the bug. Display an error and stop execution.
|
||||
# The error the user sees depends on whether or not they are logged in
|
||||
# (i.e. $user->id contains the user's positive integer ID).
|
||||
if ($user->id) {
|
||||
ThrowUserError("bug_access_denied", {'bug_id' => $id});
|
||||
} else {
|
||||
ThrowUserError("bug_access_query", {'bug_id' => $id});
|
||||
}
|
||||
}
|
||||
|
||||
# ValidateBugAlias:
|
||||
# Check that the bug alias is valid and not used by another bug. If
|
||||
# curr_id is specified, verify the alias is not used for any other
|
||||
|
|
|
@ -107,51 +107,6 @@ sub CheckFormFieldDefined ($$) {
|
|||
}
|
||||
}
|
||||
|
||||
sub ValidateBugID {
|
||||
# Validates and verifies a bug ID, making sure the number is a
|
||||
# positive integer, that it represents an existing bug in the
|
||||
# database, and that the user is authorized to access that bug.
|
||||
# We detaint the number here, too
|
||||
|
||||
my ($id, $field) = @_;
|
||||
|
||||
# Get rid of white-space around the ID.
|
||||
$id = trim($id);
|
||||
|
||||
# If the ID isn't a number, it might be an alias, so try to convert it.
|
||||
my $alias = $id;
|
||||
if (!detaint_natural($id)) {
|
||||
$id = bug_alias_to_id($alias);
|
||||
$id || ThrowUserError("invalid_bug_id_or_alias",
|
||||
{'bug_id' => $alias,
|
||||
'field' => $field });
|
||||
}
|
||||
|
||||
# Modify the calling code's original variable to contain the trimmed,
|
||||
# converted-from-alias ID.
|
||||
$_[0] = $id;
|
||||
|
||||
# First check that the bug exists
|
||||
SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $id");
|
||||
|
||||
FetchOneColumn()
|
||||
|| ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
|
||||
|
||||
return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
|
||||
|
||||
return if Bugzilla->user->can_see_bug($id);
|
||||
|
||||
# The user did not pass any of the authorization tests, which means they
|
||||
# are not authorized to see the bug. Display an error and stop execution.
|
||||
# The error the user sees depends on whether or not they are logged in
|
||||
# (i.e. $::userid contains the user's positive integer ID).
|
||||
if ($::userid) {
|
||||
ThrowUserError("bug_access_denied", {'bug_id' => $id});
|
||||
} else {
|
||||
ThrowUserError("bug_access_query", {'bug_id' => $id});
|
||||
}
|
||||
}
|
||||
|
||||
sub CheckEmailSyntax {
|
||||
my ($addr) = (@_);
|
||||
my $match = Param('emailregexp');
|
||||
|
|
|
@ -30,6 +30,7 @@ use Bugzilla;
|
|||
use Bugzilla::Config qw(:DEFAULT $webdotdir);
|
||||
use Bugzilla::Util;
|
||||
use Bugzilla::BugMail;
|
||||
use Bugzilla::Bug;
|
||||
|
||||
require "CGI.pl";
|
||||
|
||||
|
|
|
@ -28,6 +28,7 @@ use strict;
|
|||
use lib qw(.);
|
||||
require "CGI.pl";
|
||||
use Bugzilla::User;
|
||||
use Bugzilla::Bug;
|
||||
|
||||
# Use global template variables.
|
||||
use vars qw($template $vars);
|
||||
|
|
Загрузка…
Ссылка в новой задаче