Skip to content

bugzilla
bugzilla
Commit 6e549ec6 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 303699: Eliminate deprecated Bugzilla::DB routines from userprefs.cgi -…

Bug 303699: Eliminate deprecated Bugzilla::DB routines from userprefs.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
parent d17d6f9f
Hide whitespace changes
Inline Side-by-side
Showing with 35 additions and 30 deletions
userprefs.cgi
View file @ 6e549ec6
...@@ -45,18 +45,19 @@ use vars qw($template $vars $userid); ...@@ -45,18 +45,19 @@ use vars qw($template $vars $userid);
############################################################################### ###############################################################################
sub DoAccount { sub DoAccount {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
SendSQL("SELECT realname FROM profiles WHERE userid = $userid"); ($vars->{'realname'}) = $dbh->selectrow_array(
$vars->{'realname'} = FetchSQLData(); "SELECT realname FROM profiles WHERE userid = ?", undef, $userid);
if(Param('allowemailchange')) { if(Param('allowemailchange')) {
SendSQL("SELECT tokentype, issuedate + " . $dbh->sql_interval('3 DAY') . my @token = $dbh->selectrow_array(
", eventdata "SELECT tokentype, issuedate + " .
FROM tokens $dbh->sql_interval('3 DAY') . ", eventdata
WHERE userid = $userid FROM tokens
AND tokentype LIKE 'email%' WHERE userid = ?
ORDER BY tokentype ASC " . $dbh->sql_limit(1)); AND tokentype LIKE 'email%'
if(MoreSQLData()) { ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $userid);
my ($tokentype, $change_date, $eventdata) = &::FetchSQLData(); if (scalar(@token) > 0) {
my ($tokentype, $change_date, $eventdata) = @token;
$vars->{'login_change_date'} = $change_date; $vars->{'login_change_date'} = $change_date;
if($tokentype eq 'emailnew') { if($tokentype eq 'emailnew') {
...@@ -69,6 +70,7 @@ sub DoAccount { ...@@ -69,6 +70,7 @@ sub DoAccount {
sub SaveAccount { sub SaveAccount {
my $cgi = Bugzilla->cgi; my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $pwd1 = $cgi->param('new_password1'); my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2'); my $pwd2 = $cgi->param('new_password2');
...@@ -76,8 +78,9 @@ sub SaveAccount { ...@@ -76,8 +78,9 @@ sub SaveAccount {
if ($cgi->param('Bugzilla_password') ne "" || if ($cgi->param('Bugzilla_password') ne "" ||
$pwd1 ne "" || $pwd2 ne "") $pwd1 ne "" || $pwd2 ne "")
{ {
SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid"); my ($oldcryptedpwd) = $dbh->selectrow_array(
my $oldcryptedpwd = FetchOneColumn(); q{SELECT cryptpassword FROM profiles WHERE userid = ?},
undef, $userid);
$oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password"); $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne
...@@ -92,10 +95,12 @@ sub SaveAccount { ...@@ -92,10 +95,12 @@ sub SaveAccount {
|| ThrowUserError("new_password_missing"); || ThrowUserError("new_password_missing");
ValidatePassword($pwd1, $pwd2); ValidatePassword($pwd1, $pwd2);
my $cryptedpassword = SqlQuote(bz_crypt($pwd1)); my $cryptedpassword = bz_crypt($pwd1);
SendSQL("UPDATE profiles trick_taint($cryptedpassword); # Only used in a placeholder
SET cryptpassword = $cryptedpassword $dbh->do(q{UPDATE profiles
WHERE userid = $userid"); SET cryptpassword = ?
WHERE userid = ?},
undef, ($cryptedpassword, $userid));
# Invalidate all logins except for the current one # Invalidate all logins except for the current one
Bugzilla->logout(LOGOUT_KEEP_CURRENT); Bugzilla->logout(LOGOUT_KEEP_CURRENT);
...@@ -130,9 +135,10 @@ sub SaveAccount { ...@@ -130,9 +135,10 @@ sub SaveAccount {
} }
} }
SendSQL("UPDATE profiles SET " . my $realname = trim($cgi->param('realname'));
"realname = " . SqlQuote(trim($cgi->param('realname'))) . trick_taint($realname); # Only used in a placeholder
" WHERE userid = $userid"); $dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?",
undef, ($realname, $userid));
} }
...@@ -308,21 +314,20 @@ sub SaveEmail { ...@@ -308,21 +314,20 @@ sub SaveEmail {
sub DoPermissions { sub DoPermissions {
my $dbh = Bugzilla->dbh;
my (@has_bits, @set_bits); my (@has_bits, @set_bits);
SendSQL("SELECT DISTINCT name, description FROM groups " . my $groups = $dbh->selectall_arrayref(
"WHERE id IN (" . "SELECT DISTINCT name, description FROM groups WHERE id IN (" .
Bugzilla->user->groups_as_string . Bugzilla->user->groups_as_string . ") ORDER BY name");
") ORDER BY name"); foreach my $group (@$groups) {
while (MoreSQLData()) { my ($nam, $desc) = @$group;
my ($nam, $desc) = FetchSQLData();
push(@has_bits, {"desc" => $desc, "name" => $nam}); push(@has_bits, {"desc" => $desc, "name" => $nam});
} }
my @set_ids = (); $groups = $dbh->selectall_arrayref(
SendSQL("SELECT DISTINCT name, description FROM groups " . "SELECT DISTINCT name, description FROM groups ORDER BY name");
"ORDER BY name"); foreach my $group (@$groups) {
while (MoreSQLData()) { my ($nam, $desc) = @$group;
my ($nam, $desc) = FetchSQLData();
if (Bugzilla->user->can_bless($nam)) { if (Bugzilla->user->can_bless($nam)) {
push(@set_bits, {"desc" => $desc, "name" => $nam}); push(@set_bits, {"desc" => $desc, "name" => $nam});
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment