Skip to content

bugzilla
bugzilla
Commit 4b4188d7 authored by jocuri%softhome.net's avatar jocuri%softhome.net
Browse files
Options

Patch for bug 236019; make request.cgi use $cgi->param instead of %::FORM; r=kiko, a=justdave.

parent aa76a6cc
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 49 deletions
request.cgi
View file @ 4b4188d7
......@@ -58,8 +58,10 @@ exit;
################################################################################
sub queue {
validateStatus();
validateGroup();
my $cgi = Bugzilla->cgi;
validateStatus($cgi->param('status'));
validateGroup($cgi->param('group'));
my $attach_join_clause = "flags.attach_id = attachments.attach_id";
if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) {
......@@ -118,7 +120,7 @@ sub queue {
";
# Limit query to pending requests.
$query .= " AND flags.status = '?' " unless $::FORM{'status'};
$query .= " AND flags.status = '?' " unless $cgi->param('status');
# The set of criteria by which we filter records to display in the queue.
my @criteria = ();
......@@ -132,50 +134,52 @@ sub queue {
# Filter requests by status: "pending", "granted", "denied", "all"
# (which means any), or "fulfilled" (which means "granted" or "denied").
if ($::FORM{'status'}) {
if ($::FORM{'status'} eq "+-") {
if ($cgi->param('status')) {
if ($cgi->param('status') eq "+-") {
push(@criteria, "flags.status IN ('+', '-')");
push(@excluded_columns, 'status') unless $::FORM{'do_union'};
push(@excluded_columns, 'status') unless $cgi->param('do_union');
}
elsif ($::FORM{'status'} ne "all") {
push(@criteria, "flags.status = '$::FORM{'status'}'");
push(@excluded_columns, 'status') unless $::FORM{'do_union'};
elsif ($cgi->param('status') ne "all") {
push(@criteria, "flags.status = '" . $cgi->param('status') . "'");
push(@excluded_columns, 'status') unless $cgi->param('do_union');
}
}
# Filter results by exact email address of requester or requestee.
if (defined($::FORM{'requester'}) && $::FORM{'requester'} ne "") {
push(@criteria, "requesters.login_name = " . SqlQuote($::FORM{'requester'}));
push(@excluded_columns, 'requester') unless $::FORM{'do_union'};
if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
push(@criteria, "requesters.login_name = " . SqlQuote($cgi->param('requester')));
push(@excluded_columns, 'requester') unless $cgi->param('do_union');
}
if (defined($::FORM{'requestee'}) && $::FORM{'requestee'} ne "") {
push(@criteria, "requestees.login_name = " . SqlQuote($::FORM{'requestee'}));
push(@excluded_columns, 'requestee') unless $::FORM{'do_union'};
if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
push(@criteria, "requestees.login_name = " .
SqlQuote($cgi->param('requestee')));
push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
}
# Filter results by exact product or component.
if (defined($::FORM{'product'}) && $::FORM{'product'} ne "") {
my $product_id = get_product_id($::FORM{'product'});
if (defined $cgi->param('product') && $cgi->param('product') ne "") {
my $product_id = get_product_id($cgi->param('product'));
if ($product_id) {
push(@criteria, "bugs.product_id = $product_id");
push(@excluded_columns, 'product') unless $::FORM{'do_union'};
if (defined($::FORM{'component'}) && $::FORM{'component'} ne "") {
my $component_id = get_component_id($product_id, $::FORM{'component'});
push(@excluded_columns, 'product') unless $cgi->param('do_union');
if (defined $cgi->param('component') && $cgi->param('component') ne "") {
my $component_id = get_component_id($product_id, $cgi->param('component'));
if ($component_id) {
push(@criteria, "bugs.component_id = $component_id");
push(@excluded_columns, 'component') unless $::FORM{'do_union'};
push(@excluded_columns, 'component') unless $cgi->param('do_union');
}
else { ThrowCodeError("unknown_component", { component => $::FORM{component} }) }
else { ThrowCodeError("unknown_component", { component => $cgi->param('component') }) }
}
}
else { ThrowCodeError("unknown_product", { product => $::FORM{product} }) }
else { ThrowCodeError("unknown_product", { product => $cgi->param('product') }) }
}
# Filter results by flag types.
if (defined($::FORM{'type'}) && !grep($::FORM{'type'} eq $_, ("", "all"))) {
my $form_type = $cgi->param('type');
if (defined $form_type && !grep($form_type eq $_, ("", "all"))) {
# Check if any matching types are for attachments. If not, don't show
# the attachment column in the report.
my $types = Bugzilla::FlagType::match({ 'name' => $::FORM{'type'} });
my $types = Bugzilla::FlagType::match({ 'name' => $form_type });
my $has_attachment_type = 0;
foreach my $type (@$types) {
if ($type->{'target_type'} eq "attachment") {
......@@ -185,14 +189,14 @@ sub queue {
}
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
push(@criteria, "flagtypes.name = " . SqlQuote($::FORM{'type'}));
push(@excluded_columns, 'type') unless $::FORM{'do_union'};
push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
push(@excluded_columns, 'type') unless $cgi->param('do_union');
}
# Add the criteria to the query. We do an intersection by default
# but do a union if the "do_union" URL parameter (for which there is no UI
# because it's an advanced feature that people won't usually want) is true.
my $and_or = $::FORM{'do_union'} ? " OR " : " AND ";
my $and_or = $cgi->param('do_union') ? " OR " : " AND ";
$query .= " AND (" . join($and_or, @criteria) . ") " if scalar(@criteria);
# Group the records by flag ID so we don't get multiple rows of data
......@@ -204,17 +208,19 @@ sub queue {
# Group the records, in other words order them by the group column
# so the loop in the display template can break them up into separate
# tables every time the value in the group column changes.
$::FORM{'group'} ||= "requestee";
if ($::FORM{'group'} eq "requester") {
my $form_group = $cgi->param('group');
$form_group ||= "requestee";
if ($form_group eq "requester") {
$query .= " ORDER BY requesters.realname, requesters.login_name";
}
elsif ($::FORM{'group'} eq "requestee") {
elsif ($form_group eq "requestee") {
$query .= " ORDER BY requestees.realname, requestees.login_name";
}
elsif ($::FORM{'group'} eq "category") {
elsif ($form_group eq "category") {
$query .= " ORDER BY products.name, components.name";
}
elsif ($::FORM{'group'} eq "type") {
elsif ($form_group eq "type") {
$query .= " ORDER BY flagtypes.name";
}
......@@ -223,7 +229,7 @@ sub queue {
# Pass the query to the template for use when debugging this script.
$vars->{'query'} = $query;
$vars->{'debug'} = $::FORM{'debug'} ? 1 : 0;
$vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
SendSQL($query);
my @requests = ();
......@@ -260,9 +266,8 @@ sub queue {
$vars->{'components_by_product'} = $selectable->{components};
$vars->{'excluded_columns'} = \@excluded_columns;
$vars->{'group_field'} = $::FORM{'group'};
$vars->{'group_field'} = $form_group;
$vars->{'requests'} = \@requests;
$vars->{'form'} = \%::FORM;
$vars->{'types'} = \@types;
# Return the appropriate HTTP response headers.
......@@ -278,18 +283,20 @@ sub queue {
################################################################################
sub validateStatus {
return if !defined($::FORM{'status'});
my $status = $_[0];
return if !defined $status;
grep($::FORM{'status'} eq $_, qw(? +- + - all))
grep($status eq $_, qw(? +- + - all))
|| ThrowCodeError("flag_status_invalid",
{ status => $::FORM{'status'} });
{ status => $status });
}
sub validateGroup {
return if !defined($::FORM{'group'});
my $group = $_[0];
return if !defined $group;
grep($::FORM{'group'} eq $_, qw(requester requestee category type))
grep($group eq $_, qw(requester requestee category type))
|| ThrowCodeError("request_queue_group_invalid",
{ group => $::FORM{'group'} });
{ group => $group });
}
template/en/default/request/queue.html.tmpl
View file @ 4b4188d7
......@@ -21,6 +21,9 @@
[% PROCESS global/variables.none.tmpl %]
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
[%# The javascript and header_html blocks get used in header.html.tmpl. %]
[% javascript = BLOCK %]
var usetms = 0; // do we have target milestone?
......@@ -44,14 +47,14 @@
<table id="filter">
<tr>
<th>Requester:</th>
<td><input type="text" name="requester" value="[% form.requester FILTER html %]" size="20"></td>
<td><input type="text" name="requester" value="[% cgi.param('requester') FILTER html %]" size="20"></td>
<th>Product:</th>
<td>
<select name="product" onchange="selectProduct(this.form, 'product', 'component', 'Any');">
<option value="">Any</option>
[% FOREACH item = products %]
<option value="[% item FILTER html %]"
[% "selected" IF form.product == item %]>[% item FILTER html %]</option>
[% "selected" IF cgi.param('product') == item %]>[% item FILTER html %]</option>
[% END %]
</select>
</td>
......@@ -60,7 +63,7 @@
[% PROCESS "global/select-menu.html.tmpl"
name="type"
options=types
default=form.type %]
default=cgi.param('type') %]
</td>
[%# We could let people see a "queue" of non-pending requests. %]
......@@ -70,20 +73,20 @@
[%# PROCESS "global/select-menu.html.tmpl"
name="status"
options=["all", "?", "+-", "+", "-"]
default=form.status %]
default=cgi.param('status') %]
</td>
-->
</tr>
<tr>
<th>Requestee:</th>
<td><input type="text" name="requestee" value="[% form.requestee FILTER html %]" size="20"></td>
<td><input type="text" name="requestee" value="[% cgi.param('requestee') FILTER html %]" size="20"></td>
<th>Component:</th>
<td>
<select name="component">
<option value="">Any</option>
[% FOREACH item = components %]
<option value="[% item FILTER html %]" [% "selected" IF form.component == item %]>
<option value="[% item FILTER html %]" [% "selected" IF cgi.param('component') == item %]>
[% item FILTER html %]</option>
[% END %]
</select>
......@@ -96,7 +99,7 @@
"Flag" => 'type' ,
"Product/Component" => 'category'
} %]
[% PROCESS "global/select-menu.html.tmpl" name="group" options=groups default=form.group %]
[% PROCESS "global/select-menu.html.tmpl" name="group" options=groups default=cgi.param('group') %]
</td>
<td><input type="submit" value="Filter"></td>
</tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment