Skip to content

bugzilla
bugzilla
Commit c068e2b9 authored by jake%bugzilla.org's avatar jake%bugzilla.org
Browse files
Options

Bug 264601 - Bugzilla will now tell a user which field contained an "invalid bug number or alias."

Patch by Frédéric Buclin <LpSolit@netscape.net> r=myk, a=justdave
parent f21cae35
Hide whitespace changes
Inline Side-by-side
Showing with 39 additions and 59 deletions
CGI.pl
View file @ c068e2b9
......@@ -148,7 +148,7 @@ sub ValidateBugID {
# database, and that the user is authorized to access that bug.
# We detaint the number here, too
my ($id, $skip_authorization) = @_;
my ($id, $field) = @_;
# Get rid of white-space around the ID.
$id = trim($id);
......@@ -157,7 +157,9 @@ sub ValidateBugID {
my $alias = $id;
if (!detaint_natural($id)) {
$id = BugAliasToID($alias);
$id || ThrowUserError("invalid_bug_id_or_alias", {'bug_id' => $alias});
$id || ThrowUserError("invalid_bug_id_or_alias",
{'bug_id' => $alias,
'field' => $field });
}
# Modify the calling code's original variable to contain the trimmed,
......@@ -170,7 +172,7 @@ sub ValidateBugID {
FetchOneColumn()
|| ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
return if $skip_authorization;
return if ($field eq "dependson" || $field eq "blocked");
return if Bugzilla->user->can_see_bug($id);
......
attachment.cgi
View file @ c068e2b9
......@@ -1060,11 +1060,6 @@ sub update
# Get the bug ID for the bug to which this attachment is attached.
SendSQL("SELECT bug_id FROM attachments WHERE attach_id = $::FORM{'id'}");
my $bugid = FetchSQLData();
unless ($bugid)
{
ThrowUserError("invalid_bug_id",
{ bug_id => $bugid });
}
# Lock database tables in preparation for updating the attachment.
SendSQL("LOCK TABLES attachments WRITE , flags WRITE , " .
......
post_bug.cgi
View file @ c068e2b9
......@@ -256,7 +256,7 @@ foreach my $field ("dependson", "blocked") {
my @validvalues;
foreach my $id (split(/[\s,]+/, $::FORM{$field})) {
next unless $id;
ValidateBugID($id, 1);
ValidateBugID($id, $field);
push(@validvalues, $id);
}
$::FORM{$field} = join(",", @validvalues);
......
process_bug.cgi
View file @ c068e2b9
......@@ -120,23 +120,13 @@ foreach my $field ("dependson", "blocked") {
my @validvalues;
foreach my $id (split(/[\s,]+/, $::FORM{$field})) {
next unless $id;
ValidateBugID($id, 1);
ValidateBugID($id, $field);
push(@validvalues, $id);
}
$::FORM{$field} = join(",", @validvalues);
}
}
# If we are duping bugs, let's also make sure that we can change
# the original. This takes care of issue A on bug 96085.
if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
ValidateBugID($::FORM{'dup_id'});
# Also, let's see if the reporter has authorization to see the bug
# to which we are duping. If not we need to prompt.
DuplicateUserConfirm();
}
# do a match on the fields if applicable
# The order of these function calls is important, as both Flag::validate
......@@ -490,8 +480,8 @@ sub DuplicateUserConfirm {
return;
}
my $dupe = trim($::FORM{'id'});
my $original = trim($::FORM{'dup_id'});
my $dupe = $::FORM{'id'};
my $original = $::FORM{'dup_id'};
SendSQL("SELECT reporter FROM bugs WHERE bug_id = " . SqlQuote($dupe));
my $reporter = FetchOneColumn();
......@@ -520,7 +510,7 @@ sub DuplicateUserConfirm {
$template->process("bug/process/confirm-duplicate.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
} # end DuplicateUserConfirm()
}
if (defined $::FORM{'id'}) {
# since this means that we were called from show_bug.cgi, now is a good
......@@ -976,28 +966,22 @@ SWITCH: for ($::FORM{'knob'}) {
last SWITCH;
};
/^duplicate$/ && CheckonComment( "duplicate" ) && do {
ChangeStatus('RESOLVED');
ChangeResolution('DUPLICATE');
CheckFormFieldDefined(\%::FORM,'dup_id');
my $num = trim($::FORM{'dup_id'});
SendSQL("SELECT bug_id FROM bugs WHERE bug_id = " . SqlQuote($num));
$num = FetchOneColumn();
if (!$num) {
ThrowUserError("dupe_invalid_bug_id")
}
if (!defined($::FORM{'id'}) || $num == $::FORM{'id'}) {
# Make sure we can change the original bug (issue A on bug 96085)
CheckFormFieldDefined(\%::FORM, 'dup_id');
ValidateBugID($::FORM{'dup_id'}, 'dup_id');
# Also, let's see if the reporter has authorization to see
# the bug to which we are duping. If not we need to prompt.
DuplicateUserConfirm();
$duplicate = $::FORM{'dup_id'};
if (!defined($::FORM{'id'}) || $duplicate == $::FORM{'id'}) {
ThrowUserError("dupe_of_self_disallowed");
}
my $checkid = trim($::FORM{'id'});
SendSQL("SELECT bug_id FROM bugs where bug_id = " . SqlQuote($checkid));
$checkid = FetchOneColumn();
if (!$checkid) {
ThrowUserError("invalid_bug_id",
{ bug_id => $checkid });
}
$::FORM{'comment'} .= "\n\n*** This bug has been marked as a duplicate of $num ***";
$duplicate = $num;
ChangeStatus('RESOLVED');
ChangeResolution('DUPLICATE');
$::FORM{'comment'} .= "\n\n*** This bug has been marked " .
"as a duplicate of $duplicate ***";
last SWITCH;
};
......
template/en/default/global/field-descs.none.tmpl
View file @ c068e2b9
......@@ -26,6 +26,7 @@
[% field_descs = { "[Bug creation]" => "[$terms.Bug creation]",
"alias" => "Alias",
"assigned_to" => "Assignee",
"blocked" => "Blocks",
"bug_file_loc" => "URL",
"bug_id" => "$terms.Bug ID",
"bug_severity" => "Severity",
......@@ -38,6 +39,8 @@
"component" => "Component",
"creation_ts" => "$terms.Bug Creation time",
"delta_ts" => "Last Changed time",
"dependson" => "Depends on",
"dup_id" => "Duplicate",
"estimated_time" => "Orig. Est.",
"everconfirmed" => "Ever confirmed?",
"groupset" => "Groupset",
......
template/en/default/global/user-error.html.tmpl
View file @ c068e2b9
......@@ -262,11 +262,6 @@
[% title = "Description Required" %]
You must provide a description of the [% terms.bug %].
[% ELSIF error == "dupe_invalid_bug_id" %]
[% title = BLOCK %]Valid [% terms.Bug %] Number Required[% END %]
You must specify a valid [% terms.bug %] number of which this
[%+ terms.bug %] is a duplicate. The [% terms.bug %] has not been changed.
[% ELSIF error == "dupe_of_self_disallowed" %]
[% title = "Cannot mark $terms.abug as a duplicate of itself" %]
You can't mark [% terms.abug %] as a duplicate of itself.
......@@ -468,19 +463,24 @@
[% title = "Invalid Attachment ID" %]
The attachment id [% attach_id FILTER html %] is invalid.
[% ELSIF error == "invalid_bug_id" %]
[% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
The [% terms.bug %] id [% bug_id FILTER html %] is invalid.
[% ELSIF error == "invalid_bug_id_non_existent" %]
[% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
[% terms.Bug %] #[% bug_id FILTER html %] does not exist.
[% ELSIF error == "invalid_bug_id_or_alias" %]
[% title = BLOCK %]Invalid [% terms.Bug %] ID[% END %]
'[% bug_id FILTER html %]' is not a valid [% terms.bug %] number
[% IF Param("usebugaliases") %] nor an alias
to [% terms.abug %] number[% END %].
[% IF bug_id %]
'[% bug_id FILTER html %]' is not a valid [% terms.bug %] number
[% IF Param("usebugaliases") %]
nor an alias to [% terms.abug %] number
[% END %].
[% ELSE %]
[% IF field %]
The '[% field_descs.$field FILTER html %]' field
cannot be empty.
[% END %]
You must enter a valid [% terms.bug %] number!
[% END %]
<noscript>
If you are trying to use QuickSearch, you need to enable
JavaScript in your browser.
......@@ -523,10 +523,6 @@
[% title = "Invalid group name" %]
The group you specified, [% name FILTER html %], is not valid here.
[% ELSIF error == "invalid_group_name" %]
[% title = "Invalid group name" %]
The group you specified, [% name FILTER html %], is not valid here.
[% ELSIF error == "invalid_maxrows" %]
[% title = "Invalid Max Rows" %]
The maximum number of rows, '[% maxrows FILTER html %]', must be
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment