Commit 4b4188d7 authored by jocuri%softhome.net's avatar jocuri%softhome.net

Patch for bug 236019; make request.cgi use $cgi->param instead of %::FORM; r=kiko, a=justdave.

parent aa76a6cc
...@@ -58,8 +58,10 @@ exit; ...@@ -58,8 +58,10 @@ exit;
################################################################################ ################################################################################
sub queue { sub queue {
validateStatus(); my $cgi = Bugzilla->cgi;
validateGroup();
validateStatus($cgi->param('status'));
validateGroup($cgi->param('group'));
my $attach_join_clause = "flags.attach_id = attachments.attach_id"; my $attach_join_clause = "flags.attach_id = attachments.attach_id";
if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) {
...@@ -118,7 +120,7 @@ sub queue { ...@@ -118,7 +120,7 @@ sub queue {
"; ";
# Limit query to pending requests. # Limit query to pending requests.
$query .= " AND flags.status = '?' " unless $::FORM{'status'}; $query .= " AND flags.status = '?' " unless $cgi->param('status');
# The set of criteria by which we filter records to display in the queue. # The set of criteria by which we filter records to display in the queue.
my @criteria = (); my @criteria = ();
...@@ -132,50 +134,52 @@ sub queue { ...@@ -132,50 +134,52 @@ sub queue {
# Filter requests by status: "pending", "granted", "denied", "all" # Filter requests by status: "pending", "granted", "denied", "all"
# (which means any), or "fulfilled" (which means "granted" or "denied"). # (which means any), or "fulfilled" (which means "granted" or "denied").
if ($::FORM{'status'}) { if ($cgi->param('status')) {
if ($::FORM{'status'} eq "+-") { if ($cgi->param('status') eq "+-") {
push(@criteria, "flags.status IN ('+', '-')"); push(@criteria, "flags.status IN ('+', '-')");
push(@excluded_columns, 'status') unless $::FORM{'do_union'}; push(@excluded_columns, 'status') unless $cgi->param('do_union');
} }
elsif ($::FORM{'status'} ne "all") { elsif ($cgi->param('status') ne "all") {
push(@criteria, "flags.status = '$::FORM{'status'}'"); push(@criteria, "flags.status = '" . $cgi->param('status') . "'");
push(@excluded_columns, 'status') unless $::FORM{'do_union'}; push(@excluded_columns, 'status') unless $cgi->param('do_union');
} }
} }
# Filter results by exact email address of requester or requestee. # Filter results by exact email address of requester or requestee.
if (defined($::FORM{'requester'}) && $::FORM{'requester'} ne "") { if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
push(@criteria, "requesters.login_name = " . SqlQuote($::FORM{'requester'})); push(@criteria, "requesters.login_name = " . SqlQuote($cgi->param('requester')));
push(@excluded_columns, 'requester') unless $::FORM{'do_union'}; push(@excluded_columns, 'requester') unless $cgi->param('do_union');
} }
if (defined($::FORM{'requestee'}) && $::FORM{'requestee'} ne "") { if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
push(@criteria, "requestees.login_name = " . SqlQuote($::FORM{'requestee'})); push(@criteria, "requestees.login_name = " .
push(@excluded_columns, 'requestee') unless $::FORM{'do_union'}; SqlQuote($cgi->param('requestee')));
push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
} }
# Filter results by exact product or component. # Filter results by exact product or component.
if (defined($::FORM{'product'}) && $::FORM{'product'} ne "") { if (defined $cgi->param('product') && $cgi->param('product') ne "") {
my $product_id = get_product_id($::FORM{'product'}); my $product_id = get_product_id($cgi->param('product'));
if ($product_id) { if ($product_id) {
push(@criteria, "bugs.product_id = $product_id"); push(@criteria, "bugs.product_id = $product_id");
push(@excluded_columns, 'product') unless $::FORM{'do_union'}; push(@excluded_columns, 'product') unless $cgi->param('do_union');
if (defined($::FORM{'component'}) && $::FORM{'component'} ne "") { if (defined $cgi->param('component') && $cgi->param('component') ne "") {
my $component_id = get_component_id($product_id, $::FORM{'component'}); my $component_id = get_component_id($product_id, $cgi->param('component'));
if ($component_id) { if ($component_id) {
push(@criteria, "bugs.component_id = $component_id"); push(@criteria, "bugs.component_id = $component_id");
push(@excluded_columns, 'component') unless $::FORM{'do_union'}; push(@excluded_columns, 'component') unless $cgi->param('do_union');
} }
else { ThrowCodeError("unknown_component", { component => $::FORM{component} }) } else { ThrowCodeError("unknown_component", { component => $cgi->param('component') }) }
} }
} }
else { ThrowCodeError("unknown_product", { product => $::FORM{product} }) } else { ThrowCodeError("unknown_product", { product => $cgi->param('product') }) }
} }
# Filter results by flag types. # Filter results by flag types.
if (defined($::FORM{'type'}) && !grep($::FORM{'type'} eq $_, ("", "all"))) { my $form_type = $cgi->param('type');
if (defined $form_type && !grep($form_type eq $_, ("", "all"))) {
# Check if any matching types are for attachments. If not, don't show # Check if any matching types are for attachments. If not, don't show
# the attachment column in the report. # the attachment column in the report.
my $types = Bugzilla::FlagType::match({ 'name' => $::FORM{'type'} }); my $types = Bugzilla::FlagType::match({ 'name' => $form_type });
my $has_attachment_type = 0; my $has_attachment_type = 0;
foreach my $type (@$types) { foreach my $type (@$types) {
if ($type->{'target_type'} eq "attachment") { if ($type->{'target_type'} eq "attachment") {
...@@ -185,14 +189,14 @@ sub queue { ...@@ -185,14 +189,14 @@ sub queue {
} }
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') } if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
push(@criteria, "flagtypes.name = " . SqlQuote($::FORM{'type'})); push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
push(@excluded_columns, 'type') unless $::FORM{'do_union'}; push(@excluded_columns, 'type') unless $cgi->param('do_union');
} }
# Add the criteria to the query. We do an intersection by default # Add the criteria to the query. We do an intersection by default
# but do a union if the "do_union" URL parameter (for which there is no UI # but do a union if the "do_union" URL parameter (for which there is no UI
# because it's an advanced feature that people won't usually want) is true. # because it's an advanced feature that people won't usually want) is true.
my $and_or = $::FORM{'do_union'} ? " OR " : " AND "; my $and_or = $cgi->param('do_union') ? " OR " : " AND ";
$query .= " AND (" . join($and_or, @criteria) . ") " if scalar(@criteria); $query .= " AND (" . join($and_or, @criteria) . ") " if scalar(@criteria);
# Group the records by flag ID so we don't get multiple rows of data # Group the records by flag ID so we don't get multiple rows of data
...@@ -204,17 +208,19 @@ sub queue { ...@@ -204,17 +208,19 @@ sub queue {
# Group the records, in other words order them by the group column # Group the records, in other words order them by the group column
# so the loop in the display template can break them up into separate # so the loop in the display template can break them up into separate
# tables every time the value in the group column changes. # tables every time the value in the group column changes.
$::FORM{'group'} ||= "requestee";
if ($::FORM{'group'} eq "requester") { my $form_group = $cgi->param('group');
$form_group ||= "requestee";
if ($form_group eq "requester") {
$query .= " ORDER BY requesters.realname, requesters.login_name"; $query .= " ORDER BY requesters.realname, requesters.login_name";
} }
elsif ($::FORM{'group'} eq "requestee") { elsif ($form_group eq "requestee") {
$query .= " ORDER BY requestees.realname, requestees.login_name"; $query .= " ORDER BY requestees.realname, requestees.login_name";
} }
elsif ($::FORM{'group'} eq "category") { elsif ($form_group eq "category") {
$query .= " ORDER BY products.name, components.name"; $query .= " ORDER BY products.name, components.name";
} }
elsif ($::FORM{'group'} eq "type") { elsif ($form_group eq "type") {
$query .= " ORDER BY flagtypes.name"; $query .= " ORDER BY flagtypes.name";
} }
...@@ -223,7 +229,7 @@ sub queue { ...@@ -223,7 +229,7 @@ sub queue {
# Pass the query to the template for use when debugging this script. # Pass the query to the template for use when debugging this script.
$vars->{'query'} = $query; $vars->{'query'} = $query;
$vars->{'debug'} = $::FORM{'debug'} ? 1 : 0; $vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
SendSQL($query); SendSQL($query);
my @requests = (); my @requests = ();
...@@ -260,9 +266,8 @@ sub queue { ...@@ -260,9 +266,8 @@ sub queue {
$vars->{'components_by_product'} = $selectable->{components}; $vars->{'components_by_product'} = $selectable->{components};
$vars->{'excluded_columns'} = \@excluded_columns; $vars->{'excluded_columns'} = \@excluded_columns;
$vars->{'group_field'} = $::FORM{'group'}; $vars->{'group_field'} = $form_group;
$vars->{'requests'} = \@requests; $vars->{'requests'} = \@requests;
$vars->{'form'} = \%::FORM;
$vars->{'types'} = \@types; $vars->{'types'} = \@types;
# Return the appropriate HTTP response headers. # Return the appropriate HTTP response headers.
...@@ -278,18 +283,20 @@ sub queue { ...@@ -278,18 +283,20 @@ sub queue {
################################################################################ ################################################################################
sub validateStatus { sub validateStatus {
return if !defined($::FORM{'status'}); my $status = $_[0];
return if !defined $status;
grep($::FORM{'status'} eq $_, qw(? +- + - all)) grep($status eq $_, qw(? +- + - all))
|| ThrowCodeError("flag_status_invalid", || ThrowCodeError("flag_status_invalid",
{ status => $::FORM{'status'} }); { status => $status });
} }
sub validateGroup { sub validateGroup {
return if !defined($::FORM{'group'}); my $group = $_[0];
return if !defined $group;
grep($::FORM{'group'} eq $_, qw(requester requestee category type)) grep($group eq $_, qw(requester requestee category type))
|| ThrowCodeError("request_queue_group_invalid", || ThrowCodeError("request_queue_group_invalid",
{ group => $::FORM{'group'} }); { group => $group });
} }
...@@ -21,6 +21,9 @@ ...@@ -21,6 +21,9 @@
[% PROCESS global/variables.none.tmpl %] [% PROCESS global/variables.none.tmpl %]
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
[%# The javascript and header_html blocks get used in header.html.tmpl. %] [%# The javascript and header_html blocks get used in header.html.tmpl. %]
[% javascript = BLOCK %] [% javascript = BLOCK %]
var usetms = 0; // do we have target milestone? var usetms = 0; // do we have target milestone?
...@@ -44,14 +47,14 @@ ...@@ -44,14 +47,14 @@
<table id="filter"> <table id="filter">
<tr> <tr>
<th>Requester:</th> <th>Requester:</th>
<td><input type="text" name="requester" value="[% form.requester FILTER html %]" size="20"></td> <td><input type="text" name="requester" value="[% cgi.param('requester') FILTER html %]" size="20"></td>
<th>Product:</th> <th>Product:</th>
<td> <td>
<select name="product" onchange="selectProduct(this.form, 'product', 'component', 'Any');"> <select name="product" onchange="selectProduct(this.form, 'product', 'component', 'Any');">
<option value="">Any</option> <option value="">Any</option>
[% FOREACH item = products %] [% FOREACH item = products %]
<option value="[% item FILTER html %]" <option value="[% item FILTER html %]"
[% "selected" IF form.product == item %]>[% item FILTER html %]</option> [% "selected" IF cgi.param('product') == item %]>[% item FILTER html %]</option>
[% END %] [% END %]
</select> </select>
</td> </td>
...@@ -60,7 +63,7 @@ ...@@ -60,7 +63,7 @@
[% PROCESS "global/select-menu.html.tmpl" [% PROCESS "global/select-menu.html.tmpl"
name="type" name="type"
options=types options=types
default=form.type %] default=cgi.param('type') %]
</td> </td>
[%# We could let people see a "queue" of non-pending requests. %] [%# We could let people see a "queue" of non-pending requests. %]
...@@ -70,20 +73,20 @@ ...@@ -70,20 +73,20 @@
[%# PROCESS "global/select-menu.html.tmpl" [%# PROCESS "global/select-menu.html.tmpl"
name="status" name="status"
options=["all", "?", "+-", "+", "-"] options=["all", "?", "+-", "+", "-"]
default=form.status %] default=cgi.param('status') %]
</td> </td>
--> -->
</tr> </tr>
<tr> <tr>
<th>Requestee:</th> <th>Requestee:</th>
<td><input type="text" name="requestee" value="[% form.requestee FILTER html %]" size="20"></td> <td><input type="text" name="requestee" value="[% cgi.param('requestee') FILTER html %]" size="20"></td>
<th>Component:</th> <th>Component:</th>
<td> <td>
<select name="component"> <select name="component">
<option value="">Any</option> <option value="">Any</option>
[% FOREACH item = components %] [% FOREACH item = components %]
<option value="[% item FILTER html %]" [% "selected" IF form.component == item %]> <option value="[% item FILTER html %]" [% "selected" IF cgi.param('component') == item %]>
[% item FILTER html %]</option> [% item FILTER html %]</option>
[% END %] [% END %]
</select> </select>
...@@ -96,7 +99,7 @@ ...@@ -96,7 +99,7 @@
"Flag" => 'type' , "Flag" => 'type' ,
"Product/Component" => 'category' "Product/Component" => 'category'
} %] } %]
[% PROCESS "global/select-menu.html.tmpl" name="group" options=groups default=form.group %] [% PROCESS "global/select-menu.html.tmpl" name="group" options=groups default=cgi.param('group') %]
</td> </td>
<td><input type="submit" value="Filter"></td> <td><input type="submit" value="Filter"></td>
</tr> </tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment