Skip to content

bugzilla
bugzilla
Commit 24a90239 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 398976: edit*.cgi scripts should use transactions for database interaction -…

Bug 398976: edit*.cgi scripts should use transactions for database interaction - Patch by Emmanuel Seyman <eseyman@linagora.com> r/a=mkanat
parent a81a0804
Hide whitespace changes
Inline Side-by-side
Showing with 36 additions and 97 deletions
editclassifications.cgi
View file @ 24a90239
...@@ -172,7 +172,7 @@ if ($action eq 'delete') { ...@@ -172,7 +172,7 @@ if ($action eq 'delete') {
} }
# lock the tables before we start to change everything: # lock the tables before we start to change everything:
$dbh->bz_lock_tables('classifications WRITE', 'products WRITE'); $dbh->bz_start_transaction();
# delete # delete
$dbh->do("DELETE FROM classifications WHERE id = ?", undef, $dbh->do("DELETE FROM classifications WHERE id = ?", undef,
...@@ -182,7 +182,7 @@ if ($action eq 'delete') { ...@@ -182,7 +182,7 @@ if ($action eq 'delete') {
$dbh->do("UPDATE products SET classification_id = 1 $dbh->do("UPDATE products SET classification_id = 1
WHERE classification_id = ?", undef, $classification->id); WHERE classification_id = ?", undef, $classification->id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'classification'} = $classification; $vars->{'classification'} = $classification;
...@@ -229,7 +229,7 @@ if ($action eq 'update') { ...@@ -229,7 +229,7 @@ if ($action eq 'update') {
|| ThrowUserError('classification_invalid_sortkey', {'name' => $class_old->name, || ThrowUserError('classification_invalid_sortkey', {'name' => $class_old->name,
'sortkey' => $stored_sortkey}); 'sortkey' => $stored_sortkey});
$dbh->bz_lock_tables('classifications WRITE'); $dbh->bz_start_transaction();
if ($class_name ne $class_old->name) { if ($class_name ne $class_old->name) {
...@@ -262,7 +262,7 @@ if ($action eq 'update') { ...@@ -262,7 +262,7 @@ if ($action eq 'update') {
$vars->{'updated_sortkey'} = 1; $vars->{'updated_sortkey'} = 1;
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
delete_token($token); delete_token($token);
LoadTemplate($action); LoadTemplate($action);
......
editcomponents.cgi
View file @ 24a90239
...@@ -191,7 +191,7 @@ if ($action eq 'new') { ...@@ -191,7 +191,7 @@ if ($action eq 'new') {
trick_taint($comp_name); trick_taint($comp_name);
trick_taint($description); trick_taint($description);
$dbh->bz_lock_tables('components WRITE', 'component_cc WRITE'); $dbh->bz_start_transaction();
$dbh->do("INSERT INTO components $dbh->do("INSERT INTO components
(product_id, name, description, initialowner, (product_id, name, description, initialowner,
...@@ -209,7 +209,7 @@ if ($action eq 'new') { ...@@ -209,7 +209,7 @@ if ($action eq 'new') {
$sth->execute($user_id, $component->id); $sth->execute($user_id, $component->id);
} }
$dbh->bz_unlock_tables; $dbh->bz_commit_transaction();
# Insert default charting queries for this product. # Insert default charting queries for this product.
# If they aren't using charting, this won't do any harm. # If they aren't using charting, this won't do any harm.
...@@ -301,8 +301,7 @@ if ($action eq 'delete') { ...@@ -301,8 +301,7 @@ if ($action eq 'delete') {
} }
} }
$dbh->bz_lock_tables('components WRITE', 'component_cc WRITE', $dbh->bz_start_transaction();
'flaginclusions WRITE', 'flagexclusions WRITE');
$dbh->do("DELETE FROM flaginclusions WHERE component_id = ?", $dbh->do("DELETE FROM flaginclusions WHERE component_id = ?",
undef, $component->id); undef, $component->id);
...@@ -313,7 +312,7 @@ if ($action eq 'delete') { ...@@ -313,7 +312,7 @@ if ($action eq 'delete') {
$dbh->do("DELETE FROM components WHERE id = ?", $dbh->do("DELETE FROM components WHERE id = ?",
undef, $component->id); undef, $component->id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'comp'} = $component; $vars->{'comp'} = $component;
$vars->{'product'} = $product; $vars->{'product'} = $product;
...@@ -402,8 +401,7 @@ if ($action eq 'update') { ...@@ -402,8 +401,7 @@ if ($action eq 'update') {
my $initial_cc_ids = check_initial_cc(\@initial_cc); my $initial_cc_ids = check_initial_cc(\@initial_cc);
$dbh->bz_lock_tables('components WRITE', 'component_cc WRITE', $dbh->bz_start_transaction();
'profiles READ');
if ($comp_name ne $component_old->name) { if ($comp_name ne $component_old->name) {
...@@ -457,7 +455,7 @@ if ($action eq 'update') { ...@@ -457,7 +455,7 @@ if ($action eq 'update') {
$vars->{'updated_initialcc'} = 1; $vars->{'updated_initialcc'} = 1;
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
my $component = new Bugzilla::Component($component_old->id); my $component = new Bugzilla::Component($component_old->id);
......
editflagtypes.cgi
View file @ 24a90239
...@@ -309,9 +309,7 @@ sub insert { ...@@ -309,9 +309,7 @@ sub insert {
my $target_type = $cgi->param('target_type') eq "bug" ? "b" : "a"; my $target_type = $cgi->param('target_type') eq "bug" ? "b" : "a";
$dbh->bz_lock_tables('flagtypes WRITE', 'products READ', $dbh->bz_start_transaction();
'components READ', 'flaginclusions WRITE',
'flagexclusions WRITE');
# Insert a record for the new flag type into the database. # Insert a record for the new flag type into the database.
$dbh->do('INSERT INTO flagtypes $dbh->do('INSERT INTO flagtypes
...@@ -332,7 +330,7 @@ sub insert { ...@@ -332,7 +330,7 @@ sub insert {
# Populate the list of inclusions/exclusions for this flag type. # Populate the list of inclusions/exclusions for this flag type.
validateAndSubmit($id); validateAndSubmit($id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'name'} = $cgi->param('name'); $vars->{'name'} = $cgi->param('name');
$vars->{'message'} = "flag_type_created"; $vars->{'message'} = "flag_type_created";
...@@ -365,9 +363,7 @@ sub update { ...@@ -365,9 +363,7 @@ sub update {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user; my $user = Bugzilla->user;
$dbh->bz_lock_tables('flagtypes WRITE', 'products READ', $dbh->bz_start_transaction();
'components READ', 'flaginclusions WRITE',
'flagexclusions WRITE');
$dbh->do('UPDATE flagtypes $dbh->do('UPDATE flagtypes
SET name = ?, description = ?, cc_list = ?, SET name = ?, description = ?, cc_list = ?,
sortkey = ?, is_active = ?, is_requestable = ?, sortkey = ?, is_active = ?, is_requestable = ?,
...@@ -383,7 +379,7 @@ sub update { ...@@ -383,7 +379,7 @@ sub update {
# Update the list of inclusions/exclusions for this flag type. # Update the list of inclusions/exclusions for this flag type.
validateAndSubmit($id); validateAndSubmit($id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
# Clear existing flags for bugs/attachments in categories no longer on # Clear existing flags for bugs/attachments in categories no longer on
# the list of inclusions or that have been added to the list of exclusions. # the list of inclusions or that have been added to the list of exclusions.
...@@ -473,8 +469,7 @@ sub deleteType { ...@@ -473,8 +469,7 @@ sub deleteType {
my $id = $flag_type->id; my $id = $flag_type->id;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
$dbh->bz_lock_tables('flagtypes WRITE', 'flags WRITE', $dbh->bz_start_transaction();
'flaginclusions WRITE', 'flagexclusions WRITE');
# Get the name of the flag type so we can tell users # Get the name of the flag type so we can tell users
# what was deleted. # what was deleted.
...@@ -484,7 +479,7 @@ sub deleteType { ...@@ -484,7 +479,7 @@ sub deleteType {
$dbh->do('DELETE FROM flaginclusions WHERE type_id = ?', undef, $id); $dbh->do('DELETE FROM flaginclusions WHERE type_id = ?', undef, $id);
$dbh->do('DELETE FROM flagexclusions WHERE type_id = ?', undef, $id); $dbh->do('DELETE FROM flagexclusions WHERE type_id = ?', undef, $id);
$dbh->do('DELETE FROM flagtypes WHERE id = ?', undef, $id); $dbh->do('DELETE FROM flagtypes WHERE id = ?', undef, $id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'message'} = "flag_type_deleted"; $vars->{'message'} = "flag_type_deleted";
delete_token($token); delete_token($token);
...@@ -506,9 +501,9 @@ sub deactivate { ...@@ -506,9 +501,9 @@ sub deactivate {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
$dbh->bz_lock_tables('flagtypes WRITE'); $dbh->bz_start_transaction();
$dbh->do('UPDATE flagtypes SET is_active = 0 WHERE id = ?', undef, $flag_type->id); $dbh->do('UPDATE flagtypes SET is_active = 0 WHERE id = ?', undef, $flag_type->id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'message'} = "flag_type_deactivated"; $vars->{'message'} = "flag_type_deactivated";
$vars->{'flag_type'} = $flag_type; $vars->{'flag_type'} = $flag_type;
......
editgroups.cgi
View file @ 24a90239
...@@ -502,8 +502,7 @@ if ($action eq 'remove_regexp') { ...@@ -502,8 +502,7 @@ if ($action eq 'remove_regexp') {
my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id')));
my $regexp = CheckGroupRegexp($cgi->param('regexp')); my $regexp = CheckGroupRegexp($cgi->param('regexp'));
$dbh->bz_lock_tables('groups WRITE', 'profiles READ', $dbh->bz_start_transaction();
'user_group_map WRITE');
my $users = $group->members_direct(); my $users = $group->members_direct();
my $sth_delete = $dbh->prepare( my $sth_delete = $dbh->prepare(
...@@ -517,7 +516,7 @@ if ($action eq 'remove_regexp') { ...@@ -517,7 +516,7 @@ if ($action eq 'remove_regexp') {
push(@deleted, $member); push(@deleted, $member);
} }
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
$vars->{'users'} = \@deleted; $vars->{'users'} = \@deleted;
$vars->{'regexp'} = $regexp; $vars->{'regexp'} = $regexp;
...@@ -543,13 +542,7 @@ sub doGroupChanges { ...@@ -543,13 +542,7 @@ sub doGroupChanges {
my $cgi = Bugzilla->cgi; my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
$dbh->bz_lock_tables('groups WRITE', 'group_group_map WRITE', $dbh->bz_start_transaction();
'bug_group_map WRITE', 'user_group_map WRITE',
'group_control_map READ', 'bugs READ', 'profiles READ',
# Due to the way Bugzilla::Config::BugFields::get_param_list()
# works, we need to lock these tables too.
'priority READ', 'bug_severity READ', 'rep_platform READ',
'op_sys READ');
# Check that the given group ID is valid and make a Group. # Check that the given group ID is valid and make a Group.
my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id'))); my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id')));
...@@ -603,7 +596,7 @@ sub doGroupChanges { ...@@ -603,7 +596,7 @@ sub doGroupChanges {
$data->[0], $data->[1]); $data->[0], $data->[1]);
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
return $changes; return $changes;
} }
......
editproducts.cgi
View file @ 24a90239
...@@ -407,10 +407,7 @@ if ($action eq 'delete') { ...@@ -407,10 +407,7 @@ if ($action eq 'delete') {
} }
} }
$dbh->bz_lock_tables('products WRITE', 'components WRITE', $dbh->bz_start_transaction();
'versions WRITE', 'milestones WRITE',
'group_control_map WRITE', 'component_cc WRITE',
'flaginclusions WRITE', 'flagexclusions WRITE');
my $comp_ids = $dbh->selectcol_arrayref('SELECT id FROM components my $comp_ids = $dbh->selectcol_arrayref('SELECT id FROM components
WHERE product_id = ?', WHERE product_id = ?',
...@@ -440,7 +437,7 @@ if ($action eq 'delete') { ...@@ -440,7 +437,7 @@ if ($action eq 'delete') {
$dbh->do("DELETE FROM products WHERE id = ?", $dbh->do("DELETE FROM products WHERE id = ?",
undef, $product->id); undef, $product->id);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
delete_token($token); delete_token($token);
...@@ -587,12 +584,7 @@ if ($action eq 'updategroupcontrols') { ...@@ -587,12 +584,7 @@ if ($action eq 'updategroupcontrols') {
{groupname => $groupname}); {groupname => $groupname});
} }
} }
$dbh->bz_lock_tables('groups READ', $dbh->bz_start_transaction();
'group_control_map WRITE',
'bugs WRITE',
'bugs_activity WRITE',
'bug_group_map WRITE',
'fielddefs READ');
my $sth_Insert = $dbh->prepare('INSERT INTO group_control_map my $sth_Insert = $dbh->prepare('INSERT INTO group_control_map
(group_id, product_id, entry, membercontrol, (group_id, product_id, entry, membercontrol,
...@@ -771,7 +763,7 @@ if ($action eq 'updategroupcontrols') { ...@@ -771,7 +763,7 @@ if ($action eq 'updategroupcontrols') {
push(@added_mandatory, \%group); push(@added_mandatory, \%group);
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
delete_token($token); delete_token($token);
...@@ -847,7 +839,7 @@ if ($action eq 'update') { ...@@ -847,7 +839,7 @@ if ($action eq 'update') {
{votestoconfirm => $stored_votestoconfirm}); {votestoconfirm => $stored_votestoconfirm});
} }
$dbh->bz_lock_tables('products WRITE', 'milestones READ'); $dbh->bz_start_transaction();
my $testproduct = my $testproduct =
new Bugzilla::Product({name => $product_name}); new Bugzilla::Product({name => $product_name});
...@@ -917,7 +909,7 @@ if ($action eq 'update') { ...@@ -917,7 +909,7 @@ if ($action eq 'update') {
undef, ($product_name, $product_old->id)); undef, ($product_name, $product_old->id));
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
my $product = new Bugzilla::Product({name => $product_name}); my $product = new Bugzilla::Product({name => $product_name});
......
editusers.cgi
View file @ 24a90239
...@@ -227,18 +227,7 @@ if ($action eq 'search') { ...@@ -227,18 +227,7 @@ if ($action eq 'search') {
$otherUserID = $otherUser->id; $otherUserID = $otherUser->id;
# Lock tables during the check+update session. # Lock tables during the check+update session.
$dbh->bz_lock_tables('profiles WRITE', $dbh->bz_start_transaction();
'profiles_activity WRITE',
'fielddefs READ',
'tokens WRITE',
'logincookies WRITE',
'groups READ',
'user_group_map WRITE',
'group_group_map READ',
'group_group_map AS ggm READ',
'user_group_map AS directmember READ',
'user_group_map AS regexpmember READ',
'user_group_map AS directbless READ');
$editusers || $user->can_see_user($otherUser) $editusers || $user->can_see_user($otherUser)
|| ThrowUserError('auth_failure', {reason => "not_visible", || ThrowUserError('auth_failure', {reason => "not_visible",
...@@ -338,7 +327,7 @@ if ($action eq 'search') { ...@@ -338,7 +327,7 @@ if ($action eq 'search') {
} }
# XXX: should create profiles_activity entries for blesser changes. # XXX: should create profiles_activity entries for blesser changes.
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
# XXX: userDataToVars may be off when editing ourselves. # XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID); userDataToVars($otherUserID);
...@@ -454,33 +443,7 @@ if ($action eq 'search') { ...@@ -454,33 +443,7 @@ if ($action eq 'search') {
# XXX: if there was some change on these tables after the deletion # XXX: if there was some change on these tables after the deletion
# confirmation checks, we may do something here we haven't warned # confirmation checks, we may do something here we haven't warned
# about. # about.
$dbh->bz_lock_tables('bugs WRITE', $dbh->bz_start_transaction();
'bugs_activity WRITE',
'attachments READ',
'fielddefs READ',
'products READ',
'components READ',
'logincookies WRITE',
'profiles WRITE',
'profiles_activity WRITE',
'email_setting WRITE',
'profile_setting WRITE',
'bug_group_map READ',
'user_group_map WRITE',
'flags WRITE',
'flagtypes READ',
'cc WRITE',
'namedqueries WRITE',
'namedqueries_link_in_footer WRITE',
'namedquery_group_map WRITE',
'tokens WRITE',
'votes WRITE',
'watch WRITE',
'series WRITE',
'series_data WRITE',
'whine_schedules WRITE',
'whine_queries WRITE',
'whine_events WRITE');
Bugzilla->params->{'allowuserdeletion'} Bugzilla->params->{'allowuserdeletion'}
|| ThrowUserError('users_deletion_disabled'); || ThrowUserError('users_deletion_disabled');
...@@ -664,7 +627,7 @@ if ($action eq 'search') { ...@@ -664,7 +627,7 @@ if ($action eq 'search') {
# Finally, remove the user account itself. # Finally, remove the user account itself.
$dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID); $dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
delete_token($token); delete_token($token);
$vars->{'message'} = 'account_deleted'; $vars->{'message'} = 'account_deleted';
......
editvalues.cgi
View file @ 24a90239
...@@ -312,9 +312,7 @@ if ($action eq 'delete') { ...@@ -312,9 +312,7 @@ if ($action eq 'delete') {
trick_taint($value); trick_taint($value);
my @lock_tables = ('bugs READ', "$field WRITE"); $dbh->bz_start_transaction();
push(@lock_tables, 'status_workflow WRITE') if ($field eq 'bug_status');
$dbh->bz_lock_tables(@lock_tables);
# Check if there are any bugs that still have this value. # Check if there are any bugs that still have this value.
my $bug_ids = $dbh->selectcol_arrayref( my $bug_ids = $dbh->selectcol_arrayref(
...@@ -338,7 +336,7 @@ if ($action eq 'delete') { ...@@ -338,7 +336,7 @@ if ($action eq 'delete') {
$dbh->do("DELETE FROM $field WHERE value = ?", undef, $value); $dbh->do("DELETE FROM $field WHERE value = ?", undef, $value);
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
delete_token($token); delete_token($token);
$template->process("admin/fieldvalues/deleted.html.tmpl", $template->process("admin/fieldvalues/deleted.html.tmpl",
...@@ -396,7 +394,7 @@ if ($action eq 'update') { ...@@ -396,7 +394,7 @@ if ($action eq 'update') {
ThrowUserError('fieldvalue_name_too_long', $vars); ThrowUserError('fieldvalue_name_too_long', $vars);
} }
$dbh->bz_lock_tables('bugs WRITE', "$field WRITE"); $dbh->bz_start_transaction();
# Need to store because detaint_natural() will delete this if # Need to store because detaint_natural() will delete this if
# invalid # invalid
...@@ -442,7 +440,7 @@ if ($action eq 'update') { ...@@ -442,7 +440,7 @@ if ($action eq 'update') {
$vars->{'updated_value'} = 1; $vars->{'updated_value'} = 1;
} }
$dbh->bz_unlock_tables(); $dbh->bz_commit_transaction();
# If the old value was the default value for the field, # If the old value was the default value for the field,
# update data/params accordingly. # update data/params accordingly.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment