Skip to content

bugzilla
bugzilla
Commit 28fa2f54 authored by kiko%async.com.br's avatar kiko%async.com.br
Browse files
Options

Fix for bug 252159: centralize time validation. Adds a ValidateTime

function to Bugzilla::Bug and uses it in relevant callsites. Patch by Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>. r=kiko, a=justdave.
parent effe8d63
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 16 deletions
Bugzilla/Bug.pm
View file @ 28fa2f54
...@@ -42,6 +42,7 @@ use Bugzilla::Flag; ...@@ -42,6 +42,7 @@ use Bugzilla::Flag;
use Bugzilla::FlagType; use Bugzilla::FlagType;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::Util; use Bugzilla::Util;
use Bugzilla::Error;
sub fields { sub fields {
# Keep this ordering in sync with bugzilla.dtd # Keep this ordering in sync with bugzilla.dtd
...@@ -489,6 +490,13 @@ sub EmitDependList { ...@@ -489,6 +490,13 @@ sub EmitDependList {
return @list; return @list;
} }
sub ValidateTime{
my ($time, $field) = @_;
if ($time > 99999.99 || $time < 0 || !($time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/)){
ThrowUserError("need_positive_number", {field => "$field"}, 1);
}
}
sub AUTOLOAD { sub AUTOLOAD {
use vars qw($AUTOLOAD); use vars qw($AUTOLOAD);
my $attr = $AUTOLOAD; my $attr = $AUTOLOAD;
......
post_bug.cgi
View file @ 28fa2f54
...@@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) && ...@@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) &&
defined $::FORM{'estimated_time'}) { defined $::FORM{'estimated_time'}) {
my $est_time = $::FORM{'estimated_time'}; my $est_time = $::FORM{'estimated_time'};
if ($est_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) { Bugzilla::Bug::ValidateTime($est_time, 'estimated_time');
$sql .= SqlQuote($est_time) . "," . SqlQuote($est_time); $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time);
} else {
ThrowUserError("need_positive_number",
{ field => 'estimated_time' });
}
} else { } else {
$sql .= "0, 0"; $sql .= "0, 0";
} }
......
process_bug.cgi
View file @ 28fa2f54
...@@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) { ...@@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) {
if (defined $::FORM{$field}) { if (defined $::FORM{$field}) {
my $er_time = trim($::FORM{$field}); my $er_time = trim($::FORM{$field});
if ($er_time ne $::FORM{'dontchange'}) { if ($er_time ne $::FORM{'dontchange'}) {
if ($er_time > 99999.99) { Bugzilla::Bug::ValidateTime($er_time, $field);
ThrowUserError("value_out_of_range", {field => $field});
}
if ($er_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) {
DoComma(); DoComma();
$::query .= "$field = " . SqlQuote($er_time); $::query .= "$field = " . SqlQuote($er_time);
} else {
ThrowUserError("need_positive_number",
{field => $field});
}
} }
} }
} }
...@@ -1274,9 +1267,7 @@ foreach my $id (@idlist) { ...@@ -1274,9 +1267,7 @@ foreach my $id (@idlist) {
delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup')); delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup'));
if ($::FORM{'work_time'} && $::FORM{'work_time'} > 99999.99) { Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time');
ThrowUserError("value_out_of_range", {field => 'work_time'});
}
if ($::FORM{'comment'} || $::FORM{'work_time'}) { if ($::FORM{'comment'} || $::FORM{'work_time'}) {
if ($::FORM{'work_time'} && if ($::FORM{'work_time'} &&
(!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) { (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment