Bug 282128: query.cgi: Eliminate deprecated Bugzilla::DB routines

Patch By Max Kanat-Alexander <mkanat@kerio.com> r=LpSolit, a=myk

Bug 282128: query.cgi: Eliminate deprecated Bugzilla::DB routines
acbf5833 · mkanat%kerio.com · 07e9d0d2 · acbf5833
Commit acbf5833 authored Feb 17, 2005 by mkanat%kerio.com
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 22 deletions

query.cgi query.cgi +25 -22

No files found.
--- a/query.cgi
+++ b/query.cgi
@@ -23,6 +23,7 @@
 #                 Matthias Radestock <matthias@sorted.org>
 #                 Gervase Markham <gerv@gerv.net>
 #                 Byron Jones <bugzilla@glob.com.au>
+#                 Max Kanat-Alexander <mkanat@kerio.com>
 use strict;
 use lib ".";
@@ -54,6 +55,7 @@ use vars qw(
 );
 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
 if (defined $::FORM{"GoAheadAndLogIn"}) {
    # We got here from a login page, probably from relogin.cgi.  We better
@@ -83,17 +85,20 @@ if ($userid) {
        foreach my $ref (@oldquerycookies) {
            my ($name, $cookiename, $value) = (@$ref);
            if ($value) {
-                my $qname = SqlQuote($name);
+                # If the query name contains invalid characters, don't import.
-                SendSQL("LOCK TABLES namedqueries WRITE");
+                $name =~ /[<>&]/ && next;
-                SendSQL("SELECT query FROM namedqueries " .
+                trick_taint($name);
-                        "WHERE userid = $userid AND name = $qname");
+                $dbh->do("LOCK TABLES namedqueries WRITE");
-                my $query = FetchOneColumn();
+                my $query = $dbh->selectrow_array(
+                    "SELECT query FROM namedqueries " .
+                     "WHERE userid = ? AND name = ?",
+                     undef, ($userid, $name));
                if (!$query) {
-                    SendSQL("INSERT INTO namedqueries " .
+                    $dbh->do("INSERT INTO namedqueries " .
                            "(userid, name, query) VALUES " .
-                            "($userid, $qname, " . SqlQuote($value) . ")");
+                            "(?, ?, ?)", undef, ($userid, $name, $value));
                }
-                SendSQL("UNLOCK TABLES");
+                $dbh->do("UNLOCK TABLES");
            }
            $cgi->send_cookie(-name => $cookiename,
                              -expires => "Fri, 01-Jan-2038 00:00:00 GMT");
@@ -103,17 +108,19 @@ if ($userid) {
 if ($::FORM{'nukedefaultquery'}) {
    if ($userid) {
-        SendSQL("DELETE FROM namedqueries " .
+        $dbh->do("DELETE FROM namedqueries" .
-                "WHERE userid = $userid AND name = " . SqlQuote(DEFAULT_QUERY_NAME));
+                 " WHERE userid = ? AND name = ?", 
+                 undef, ($userid, DEFAULT_QUERY_NAME));
    }
    $::buffer = "";
 }
 my $userdefaultquery;
 if ($userid) {
-    SendSQL("SELECT query FROM namedqueries " .
+    $userdefaultquery = $dbh->selectrow_array(
-            "WHERE userid = $userid AND name = " . SqlQuote(DEFAULT_QUERY_NAME));
+        "SELECT query FROM namedqueries " .
-    $userdefaultquery = FetchOneColumn();
+         "WHERE userid = ? AND name = ?", 
+         undef, ($userid, DEFAULT_QUERY_NAME));
 }
 my %default;
@@ -389,15 +396,11 @@ $default{'charts'} = \@charts;
 # Named queries
 if ($userid) {
-    my @namedqueries;
+     $vars->{'namedqueries'} = $dbh->selectcol_arrayref(
-    SendSQL("SELECT name FROM namedqueries " .
+           "SELECT name FROM namedqueries " .
-            "WHERE userid = $userid AND name != " . SqlQuote(DEFAULT_QUERY_NAME) .
+            "WHERE userid = ? AND name != ?" .
-            "ORDER BY name");
+         "ORDER BY name",
-    while (MoreSQLData()) {
+         undef, ($userid, DEFAULT_QUERY_NAME));
-        push(@namedqueries, FetchOneColumn());
-    }
-    $vars->{'namedqueries'} = \@namedqueries;    
 }
 # Sort order