Skip to content

bugzilla
bugzilla
Commit cfda9d97 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 238876: remove %FORM from process_bug.cgi - Patch by Teemu Mannermaa…

Bug 238876: remove %FORM from process_bug.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=justdave
parent 7c03ca4c
Hide whitespace changes
Inline Side-by-side
Showing with 254 additions and 214 deletions
process_bug.cgi
View file @ cfda9d97
...@@ -26,6 +26,18 @@ ...@@ -26,6 +26,18 @@
# Jeff Hedlund <jeff.hedlund@matrixsi.com> # Jeff Hedlund <jeff.hedlund@matrixsi.com>
# Frédéric Buclin <LpSolit@gmail.com> # Frédéric Buclin <LpSolit@gmail.com>
# Implementation notes for this file:
#
# 1) the 'id' form parameter is validated early on, and if it is not a valid
# bugid an error will be reported, so it is OK for later code to simply check
# for a defined form 'id' value, and it can assume a valid bugid.
#
# 2) If the 'id' form parameter is not defined (after the initial validation),
# then we are processing multiple bugs, and @idlist will contain the ids.
#
# 3) If we are processing just the one id, then it is stored in @idlist for
# later processing.
use strict; use strict;
my $UserInEditGroupSet = -1; my $UserInEditGroupSet = -1;
...@@ -79,11 +91,16 @@ use vars qw($template $vars); ...@@ -79,11 +91,16 @@ use vars qw($template $vars);
# For each bug being modified, make sure its ID is a valid bug number # For each bug being modified, make sure its ID is a valid bug number
# representing an existing bug that the user is authorized to access. # representing an existing bug that the user is authorized to access.
my @idlist; my @idlist;
if (defined $::FORM{'id'}) { if (defined $cgi->param('id')) {
ValidateBugID($::FORM{'id'}); my $id = $cgi->param('id');
push @idlist, $::FORM{'id'}; ValidateBugID($id);
# Store the validated, and detainted id back in the cgi data, as
# lots of later code will need it, and will obtain it from there
$cgi->param('id', $id);
push @idlist, $id;
} else { } else {
foreach my $i (keys %::FORM) { foreach my $i ($cgi->param()) {
if ($i =~ /^id_([1-9][0-9]*)/) { if ($i =~ /^id_([1-9][0-9]*)/) {
my $id = $1; my $id = $1;
ValidateBugID($id); ValidateBugID($id);
...@@ -95,26 +112,27 @@ if (defined $::FORM{'id'}) { ...@@ -95,26 +112,27 @@ if (defined $::FORM{'id'}) {
# Make sure there are bugs to process. # Make sure there are bugs to process.
scalar(@idlist) || ThrowUserError("no_bugs_chosen"); scalar(@idlist) || ThrowUserError("no_bugs_chosen");
$::FORM{'dontchange'} = '' unless exists $::FORM{'dontchange'}; # Make sure form param 'dontchange' is defined so it can be compared to easily.
$cgi->param('dontchange','') unless defined $cgi->param('dontchange');
# Validate all timetracking fields # Validate all timetracking fields
foreach my $field ("estimated_time", "work_time", "remaining_time") { foreach my $field ("estimated_time", "work_time", "remaining_time") {
if (defined $::FORM{$field}) { if (defined $cgi->param($field)) {
my $er_time = trim($::FORM{$field}); my $er_time = trim($cgi->param($field));
if ($er_time ne $::FORM{'dontchange'}) { if ($er_time ne $cgi->param('dontchange')) {
Bugzilla::Bug::ValidateTime($er_time, $field); Bugzilla::Bug::ValidateTime($er_time, $field);
} }
} }
} }
if (UserInGroup(Param('timetrackinggroup'))) { if (UserInGroup(Param('timetrackinggroup'))) {
my $wk_time = $::FORM{'work_time'}; my $wk_time = $cgi->param('work_time');
if ($::FORM{'comment'} =~ /^\s*$/ && $wk_time && $wk_time != 0) { if ($cgi->param('comment') =~ /^\s*$/ && $wk_time && $wk_time != 0) {
ThrowUserError('comment_required'); ThrowUserError('comment_required');
} }
} }
ValidateComment($::FORM{'comment'}); ValidateComment(scalar $cgi->param('comment'));
# If the bug(s) being modified have dependencies, validate them # If the bug(s) being modified have dependencies, validate them
# and rebuild the list with the validated values. This is important # and rebuild the list with the validated values. This is important
...@@ -123,14 +141,14 @@ ValidateComment($::FORM{'comment'}); ...@@ -123,14 +141,14 @@ ValidateComment($::FORM{'comment'});
# is a bug alias that gets converted to its corresponding bug ID # is a bug alias that gets converted to its corresponding bug ID
# during validation. # during validation.
foreach my $field ("dependson", "blocked") { foreach my $field ("dependson", "blocked") {
if (defined($::FORM{$field}) && $::FORM{$field} ne "") { if (defined $cgi->param($field) && $cgi->param($field) ne "") {
my @validvalues; my @validvalues;
foreach my $id (split(/[\s,]+/, $::FORM{$field})) { foreach my $id (split(/[\s,]+/, $cgi->param($field))) {
next unless $id; next unless $id;
ValidateBugID($id, $field); ValidateBugID($id, $field);
push(@validvalues, $id); push(@validvalues, $id);
} }
$::FORM{$field} = join(",", @validvalues); $cgi->param($field, join(",", @validvalues));
} }
} }
...@@ -148,9 +166,9 @@ foreach my $field ("dependson", "blocked") { ...@@ -148,9 +166,9 @@ foreach my $field ("dependson", "blocked") {
}); });
# Validate flags, but only if the user is changing a single bug, # Validate flags, but only if the user is changing a single bug,
# since the multi-change form doesn't include flag changes. # since the multi-change form doesn't include flag changes.
if (defined $::FORM{'id'}) { if (defined $cgi->param('id')) {
Bugzilla::Flag::validate($cgi, $::FORM{'id'}); Bugzilla::Flag::validate($cgi, $cgi->param('id'));
Bugzilla::FlagType::validate($cgi, $::FORM{'id'}); Bugzilla::FlagType::validate($cgi, $cgi->param('id'));
} }
###################################################################### ######################################################################
...@@ -163,12 +181,12 @@ $vars->{'title_tag'} = "bug_processed"; ...@@ -163,12 +181,12 @@ $vars->{'title_tag'} = "bug_processed";
# Set the title if we can see a mid-air coming. This test may have false # Set the title if we can see a mid-air coming. This test may have false
# negatives, but never false positives, and should catch the majority of cases. # negatives, but never false positives, and should catch the majority of cases.
# It only works at all in the single bug case. # It only works at all in the single bug case.
if (defined($::FORM{'id'})) { if (defined $cgi->param('id')) {
SendSQL("SELECT delta_ts FROM bugs WHERE bug_id = $::FORM{'id'}"); SendSQL("SELECT delta_ts FROM bugs WHERE bug_id = " .
$cgi->param('id'));
my $delta_ts = FetchOneColumn(); my $delta_ts = FetchOneColumn();
if (defined $::FORM{'delta_ts'} && $delta_ts && if (defined $cgi->param('delta_ts') && $cgi->param('delta_ts') ne $delta_ts)
$::FORM{'delta_ts'} ne $delta_ts)
{ {
$vars->{'title_tag'} = "mid_air"; $vars->{'title_tag'} = "mid_air";
} }
...@@ -176,10 +194,10 @@ if (defined($::FORM{'id'})) { ...@@ -176,10 +194,10 @@ if (defined($::FORM{'id'})) {
# Set up the vars for nagiavtional <link> elements # Set up the vars for nagiavtional <link> elements
my $next_bug; my $next_bug;
if ($cgi->cookie("BUGLIST") && $::FORM{'id'}) { if ($cgi->cookie("BUGLIST") && defined $cgi->param('id')) {
my @bug_list = split(/:/, $cgi->cookie("BUGLIST")); my @bug_list = split(/:/, $cgi->cookie("BUGLIST"));
$vars->{'bug_list'} = \@bug_list; $vars->{'bug_list'} = \@bug_list;
my $cur = lsearch(\@bug_list, $::FORM{"id"}); my $cur = lsearch(\@bug_list, $cgi->param("id"));
if ($cur >= 0 && $cur < $#bug_list) { if ($cur >= 0 && $cur < $#bug_list) {
$next_bug = $bug_list[$cur + 1]; $next_bug = $bug_list[$cur + 1];
...@@ -212,7 +230,8 @@ sub CheckonComment( $ ) { ...@@ -212,7 +230,8 @@ sub CheckonComment( $ ) {
$ret = 0 unless ( defined( $ret )); $ret = 0 unless ( defined( $ret ));
if( $ret ) { if( $ret ) {
if (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/) { if (!defined $cgi->param('comment')
|| $cgi->param('comment') =~ /^\s*$/) {
# No comment - sorry, action not allowed ! # No comment - sorry, action not allowed !
ThrowUserError("comment_required"); ThrowUserError("comment_required");
} else { } else {
...@@ -227,26 +246,31 @@ sub CheckonComment( $ ) { ...@@ -227,26 +246,31 @@ sub CheckonComment( $ ) {
# user is changing a single bug and has changed the bug's product), # user is changing a single bug and has changed the bug's product),
# and make the user verify the version, component, target milestone, # and make the user verify the version, component, target milestone,
# and bug groups if so. # and bug groups if so.
if ( $::FORM{'id'} ) { my $oldproduct = '';
if (defined $cgi->param('id')) {
SendSQL("SELECT name FROM products INNER JOIN bugs " . SendSQL("SELECT name FROM products INNER JOIN bugs " .
"ON products.id = bugs.product_id WHERE bug_id = $::FORM{'id'}"); "ON products.id = bugs.product_id WHERE bug_id = " .
$::oldproduct = FetchSQLData(); $cgi->param('id'));
$oldproduct = FetchSQLData();
} }
if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct)
|| (!$::FORM{'id'} && $::FORM{'product'} ne $::FORM{'dontchange'})) if (((defined $cgi->param('id') && $cgi->param('product') ne $oldproduct)
|| (!$cgi->param('id')
&& $cgi->param('product') ne $cgi->param('dontchange')))
&& CheckonComment( "reassignbycomponent" )) && CheckonComment( "reassignbycomponent" ))
{ {
# Check to make sure they actually have the right to change the product # Check to make sure they actually have the right to change the product
if (!CheckCanChangeField('product', $::FORM{'id'}, $::oldproduct, $::FORM{'product'})) { if (!CheckCanChangeField('product', $cgi->param('id'), $oldproduct,
$vars->{'oldvalue'} = $::oldproduct; $cgi->param('product'))) {
$vars->{'newvalue'} = $::FORM{'product'}; $vars->{'oldvalue'} = $oldproduct;
$vars->{'newvalue'} = $cgi->param('product');
$vars->{'field'} = 'product'; $vars->{'field'} = 'product';
$vars->{'privs'} = $PrivilegesRequired; $vars->{'privs'} = $PrivilegesRequired;
ThrowUserError("illegal_change", $vars); ThrowUserError("illegal_change", $vars);
} }
CheckFormField($cgi, 'product', \@::legal_product); CheckFormField($cgi, 'product', \@::legal_product);
my $prod = $::FORM{'product'}; my $prod = $cgi->param('product');
# note that when this script is called from buglist.cgi (rather # note that when this script is called from buglist.cgi (rather
# than show_bug.cgi), it's possible that the product will be changed # than show_bug.cgi), it's possible that the product will be changed
...@@ -256,21 +280,21 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct) ...@@ -256,21 +280,21 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct)
# pretty weird case, and not terribly unreasonable behavior, but # pretty weird case, and not terribly unreasonable behavior, but
# worthy of a comment, perhaps. # worthy of a comment, perhaps.
# #
my $vok = lsearch($::versions{$prod}, $::FORM{'version'}) >= 0; my $vok = lsearch($::versions{$prod}, $cgi->param('version')) >= 0;
my $cok = lsearch($::components{$prod}, $::FORM{'component'}) >= 0; my $cok = lsearch($::components{$prod}, $cgi->param('component')) >= 0;
my $mok = 1; # so it won't affect the 'if' statement if milestones aren't used my $mok = 1; # so it won't affect the 'if' statement if milestones aren't used
if ( Param("usetargetmilestone") ) { if ( Param("usetargetmilestone") ) {
CheckFormFieldDefined($cgi, 'target_milestone'); CheckFormFieldDefined($cgi, 'target_milestone');
$mok = lsearch($::target_milestone{$prod}, $::FORM{'target_milestone'}) >= 0; $mok = lsearch($::target_milestone{$prod},
$cgi->param('target_milestone')) >= 0;
} }
# If the product-specific fields need to be verified, or we need to verify # If the product-specific fields need to be verified, or we need to verify
# whether or not to add the bugs to their new product's group, display # whether or not to add the bugs to their new product's group, display
# a verification form. # a verification form.
if (!$vok || !$cok || !$mok || (AnyDefaultGroups() && !defined($::FORM{'addtonewgroup'}))) { if (!$vok || !$cok || !$mok || (AnyDefaultGroups()
$vars->{'form'} = \%::FORM; && !defined $cgi->param('addtonewgroup'))) {
$vars->{'mform'} = \%::MFORM;
if (!$vok || !$cok || !$mok) { if (!$vok || !$cok || !$mok) {
$vars->{'verify_fields'} = 1; $vars->{'verify_fields'} = 1;
...@@ -280,17 +304,17 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct) ...@@ -280,17 +304,17 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct)
# thats appropriate # thats appropriate
$vars->{'versions'} = $::versions{$prod}; $vars->{'versions'} = $::versions{$prod};
if ($vok) { if ($vok) {
$defaults{'version'} = $::FORM{'version'}; $defaults{'version'} = $cgi->param('version');
} }
$vars->{'components'} = $::components{$prod}; $vars->{'components'} = $::components{$prod};
if ($cok) { if ($cok) {
$defaults{'component'} = $::FORM{'component'}; $defaults{'component'} = $cgi->param('component');
} }
if (Param("usetargetmilestone")) { if (Param("usetargetmilestone")) {
$vars->{'use_target_milestone'} = 1; $vars->{'use_target_milestone'} = 1;
$vars->{'milestones'} = $::target_milestone{$prod}; $vars->{'milestones'} = $::target_milestone{$prod};
if ($mok) { if ($mok) {
$defaults{'target_milestone'} = $::FORM{'target_milestone'}; $defaults{'target_milestone'} = $cgi->param('target_milestone');
} else { } else {
SendSQL("SELECT defaultmilestone FROM products " . SendSQL("SELECT defaultmilestone FROM products " .
"WHERE name = " . SqlQuote($prod)); "WHERE name = " . SqlQuote($prod));
...@@ -307,7 +331,7 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct) ...@@ -307,7 +331,7 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct)
} }
$vars->{'verify_bug_group'} = (AnyDefaultGroups() $vars->{'verify_bug_group'} = (AnyDefaultGroups()
&& !defined($::FORM{'addtonewgroup'})); && !defined $cgi->param('addtonewgroup'));
$template->process("bug/process/verify-new-product.html.tmpl", $vars) $template->process("bug/process/verify-new-product.html.tmpl", $vars)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
...@@ -380,8 +404,8 @@ sub CheckCanChangeField { ...@@ -380,8 +404,8 @@ sub CheckCanChangeField {
# Ignore the assigned_to field if the bug is not being reassigned # Ignore the assigned_to field if the bug is not being reassigned
if ($field eq "assigned_to" if ($field eq "assigned_to"
&& $::FORM{'knob'} ne "reassignbycomponent" && $cgi->param('knob') ne "reassignbycomponent"
&& $::FORM{'knob'} ne "reassign") && $cgi->param('knob') ne "reassign")
{ {
return 1; return 1;
} }
...@@ -488,19 +512,21 @@ sub CheckCanChangeField { ...@@ -488,19 +512,21 @@ sub CheckCanChangeField {
# Confirm that the reporter of the current bug can access the bug we are duping to. # Confirm that the reporter of the current bug can access the bug we are duping to.
sub DuplicateUserConfirm { sub DuplicateUserConfirm {
# if we've already been through here, then exit # if we've already been through here, then exit
if (defined $::FORM{'confirm_add_duplicate'}) { if (defined $cgi->param('confirm_add_duplicate')) {
return; return;
} }
my $dupe = $::FORM{'id'}; # Remember that we validated both these ids earlier, so we know
my $original = $::FORM{'dup_id'}; # they are both valid bug ids
my $dupe = $cgi->param('id');
my $original = $cgi->param('dup_id');
SendSQL("SELECT reporter FROM bugs WHERE bug_id = " . SqlQuote($dupe)); SendSQL("SELECT reporter FROM bugs WHERE bug_id = $dupe");
my $reporter = FetchOneColumn(); my $reporter = FetchOneColumn();
my $rep_user = Bugzilla::User->new($reporter); my $rep_user = Bugzilla::User->new($reporter);
if ($rep_user->can_see_bug($original)) { if ($rep_user->can_see_bug($original)) {
$::FORM{'confirm_add_duplicate'} = "1"; $cgi->param('confirm_add_duplicate', '1');
return; return;
} }
...@@ -511,8 +537,6 @@ sub DuplicateUserConfirm { ...@@ -511,8 +537,6 @@ sub DuplicateUserConfirm {
# and the duper has not chosen whether or not to add to CC list, so let's # and the duper has not chosen whether or not to add to CC list, so let's
# ask the duper what he/she wants to do. # ask the duper what he/she wants to do.
$vars->{'form'} = \%::FORM;
$vars->{'mform'} = \%::MFORM;
$vars->{'original_bug_id'} = $original; $vars->{'original_bug_id'} = $original;
$vars->{'duplicate_bug_id'} = $dupe; $vars->{'duplicate_bug_id'} = $dupe;
...@@ -524,7 +548,7 @@ sub DuplicateUserConfirm { ...@@ -524,7 +548,7 @@ sub DuplicateUserConfirm {
exit; exit;
} }
if (defined $::FORM{'id'}) { if (defined $cgi->param('id')) {
# since this means that we were called from show_bug.cgi, now is a good # since this means that we were called from show_bug.cgi, now is a good
# time to do a whole bunch of error checking that can't easily happen when # time to do a whole bunch of error checking that can't easily happen when
# we've been called from buglist.cgi, because buglist.cgi only tweaks # we've been called from buglist.cgi, because buglist.cgi only tweaks
...@@ -534,12 +558,11 @@ if (defined $::FORM{'id'}) { ...@@ -534,12 +558,11 @@ if (defined $::FORM{'id'}) {
# #
CheckFormField($cgi, 'product', \@::legal_product); CheckFormField($cgi, 'product', \@::legal_product);
CheckFormField($cgi, 'component', CheckFormField($cgi, 'component',
\@{$::components{$::FORM{'product'}}}); \@{$::components{$cgi->param('product')}});
CheckFormField($cgi, 'version', CheckFormField($cgi, 'version', \@{$::versions{$cgi->param('product')}});
\@{$::versions{$::FORM{'product'}}});
if ( Param("usetargetmilestone") ) { if ( Param("usetargetmilestone") ) {
CheckFormField($cgi, 'target_milestone', CheckFormField($cgi, 'target_milestone',
\@{$::target_milestone{$::FORM{'product'}}}); \@{$::target_milestone{$cgi->param('product')}});
} }
CheckFormField($cgi, 'rep_platform', \@::legal_platform); CheckFormField($cgi, 'rep_platform', \@::legal_platform);
CheckFormField($cgi, 'op_sys', \@::legal_opsys); CheckFormField($cgi, 'op_sys', \@::legal_opsys);
...@@ -549,14 +572,14 @@ if (defined $::FORM{'id'}) { ...@@ -549,14 +572,14 @@ if (defined $::FORM{'id'}) {
CheckFormFieldDefined($cgi, 'short_desc'); CheckFormFieldDefined($cgi, 'short_desc');
CheckFormFieldDefined($cgi, 'longdesclength'); CheckFormFieldDefined($cgi, 'longdesclength');
if (trim($::FORM{'short_desc'}) eq "") { if (trim($cgi->param('short_desc')) eq "") {
ThrowUserError("require_summary"); ThrowUserError("require_summary");
} }
} }
my $action = ''; my $action = '';
if (defined $::FORM{action}) { if (defined $cgi->param('action')) {
$action = trim($::FORM{action}); $action = trim($cgi->param('action'));
} }
if (Param("move-enabled") && $action eq Param("move-button-text")) { if (Param("move-enabled") && $action eq Param("move-button-text")) {
$cgi->param('buglist', join (":", @idlist)); $cgi->param('buglist', join (":", @idlist));
...@@ -572,10 +595,10 @@ umask(0); ...@@ -572,10 +595,10 @@ umask(0);
sub _remove_remaining_time { sub _remove_remaining_time {
if (UserInGroup(Param('timetrackinggroup'))) { if (UserInGroup(Param('timetrackinggroup'))) {
if ( defined $::FORM{'remaining_time'} if ( defined $cgi->param('remaining_time')
&& $::FORM{'remaining_time'} > 0 ) && $cgi->param('remaining_time') > 0 )
{ {
$::FORM{'remaining_time'} = 0; $cgi->param('remaining_time', 0);
$vars->{'message'} = "remaining_time_zeroed"; $vars->{'message'} = "remaining_time_zeroed";
} }
} }
...@@ -591,19 +614,18 @@ sub DoComma { ...@@ -591,19 +614,18 @@ sub DoComma {
} }
sub DoConfirm { sub DoConfirm {
if (CheckCanChangeField("canconfirm", $::FORM{'id'}, 0, 1)) { if (CheckCanChangeField("canconfirm", $cgi->param('id'), 0, 1)) {
DoComma(); DoComma();
$::query .= "everconfirmed = 1"; $::query .= "everconfirmed = 1";
} }
} }
sub ChangeStatus { sub ChangeStatus {
my ($str) = (@_); my ($str) = (@_);
if (!$::FORM{'dontchange'} || if (!$cgi->param('dontchange')
($str ne $::FORM{'dontchange'})) { || $str ne $cgi->param('dontchange')) {
DoComma(); DoComma();
if ($::FORM{knob} eq 'reopen') { if ($cgi->param('knob') eq 'reopen') {
# When reopening, we need to check whether the bug was ever # When reopening, we need to check whether the bug was ever
# confirmed or not # confirmed or not
$::query .= "bug_status = CASE WHEN everconfirmed = 1 THEN " . $::query .= "bug_status = CASE WHEN everconfirmed = 1 THEN " .
...@@ -647,20 +669,20 @@ sub ChangeStatus { ...@@ -647,20 +669,20 @@ sub ChangeStatus {
# If bugs are reassigned and their status is "UNCONFIRMED", they # If bugs are reassigned and their status is "UNCONFIRMED", they
# should keep this status instead of "NEW" as suggested here. # should keep this status instead of "NEW" as suggested here.
# This point is checked for each bug later in the code. # This point is checked for each bug later in the code.
$::FORM{'bug_status'} = $str; $cgi->param('bug_status', $str);
} }
} }
sub ChangeResolution { sub ChangeResolution {
my ($str) = (@_); my ($str) = (@_);
if (!$::FORM{'dontchange'} if (!$cgi->param('dontchange')
|| $str ne $::FORM{'dontchange'}) || $str ne $cgi->param('dontchange'))
{ {
DoComma(); DoComma();
$::query .= "resolution = " . SqlQuote($str); $::query .= "resolution = " . SqlQuote($str);
# We define this variable here so that customized installations # We define this variable here so that customized installations
# may set rules based on the resolution in CheckCanChangeField. # may set rules based on the resolution in CheckCanChangeField.
$::FORM{'resolution'} = $str; $cgi->param('resolution', $str);
} }
} }
...@@ -685,10 +707,10 @@ while (my ($b, $isactive) = FetchSQLData()) { ...@@ -685,10 +707,10 @@ while (my ($b, $isactive) = FetchSQLData()) {
# for single bug changes because non-checked checkboxes aren't present. # for single bug changes because non-checked checkboxes aren't present.
# All the checkboxes should be shown in that case, though, so its not # All the checkboxes should be shown in that case, though, so its not
# an issue there # an issue there
if ($::FORM{'id'} || exists $::FORM{"bit-$b"}) { if (defined $cgi->param('id') || defined $cgi->param("bit-$b")) {
if (!$::FORM{"bit-$b"}) { if (!$cgi->param("bit-$b")) {
push(@groupDel, $b); push(@groupDel, $b);
} elsif ($::FORM{"bit-$b"} == 1 && $isactive) { } elsif ($cgi->param("bit-$b") == 1 && $isactive) {
push(@groupAdd, $b); push(@groupAdd, $b);
} }
} }
...@@ -697,20 +719,21 @@ while (my ($b, $isactive) = FetchSQLData()) { ...@@ -697,20 +719,21 @@ while (my ($b, $isactive) = FetchSQLData()) {
foreach my $field ("rep_platform", "priority", "bug_severity", foreach my $field ("rep_platform", "priority", "bug_severity",
"bug_file_loc", "short_desc", "version", "op_sys", "bug_file_loc", "short_desc", "version", "op_sys",
"target_milestone", "status_whiteboard") { "target_milestone", "status_whiteboard") {
if (defined $::FORM{$field}) { if (defined $cgi->param($field)) {
if (!$::FORM{'dontchange'} if (!$cgi->param('dontchange')
|| $::FORM{$field} ne $::FORM{'dontchange'}) { || $cgi->param($field) ne $cgi->param('dontchange')) {
DoComma(); DoComma();
$::query .= "$field = " . SqlQuote(trim($::FORM{$field})); $::query .= "$field = " . SqlQuote(trim($cgi->param($field)));
} }
} }
} }
my $prod_id; # Remember, can't use this for mass changes my $prod_id; # Remember, can't use this for mass changes
if ($::FORM{'product'} ne $::FORM{'dontchange'}) { if ($cgi->param('product') ne $cgi->param('dontchange')) {
$prod_id = get_product_id($::FORM{'product'}); $prod_id = get_product_id($cgi->param('product'));
$prod_id || $prod_id ||
ThrowUserError("invalid_product_name", {product => $::FORM{'product'}}); ThrowUserError("invalid_product_name",
{product => $cgi->param('product')});
DoComma(); DoComma();
$::query .= "product_id = $prod_id"; $::query .= "product_id = $prod_id";
...@@ -722,15 +745,15 @@ if ($::FORM{'product'} ne $::FORM{'dontchange'}) { ...@@ -722,15 +745,15 @@ if ($::FORM{'product'} ne $::FORM{'dontchange'}) {
} }
my $comp_id; # Remember, can't use this for mass changes my $comp_id; # Remember, can't use this for mass changes
if ($::FORM{'component'} ne $::FORM{'dontchange'}) { if ($cgi->param('component') ne $cgi->param('dontchange')) {
if (!defined $prod_id) { if (!defined $prod_id) {
ThrowUserError("no_component_change_for_multiple_products"); ThrowUserError("no_component_change_for_multiple_products");
} }
$comp_id = get_component_id($prod_id, $comp_id = get_component_id($prod_id,
$::FORM{'component'}); $cgi->param('component'));
$comp_id || ThrowCodeError("invalid_component", $comp_id || ThrowCodeError("invalid_component",
{name => $::FORM{'component'}, {name => $cgi->param('component'),
product => $::FORM{'product'}}); product => $cgi->param('product')});
DoComma(); DoComma();
$::query .= "component_id = $comp_id"; $::query .= "component_id = $comp_id";
...@@ -738,8 +761,8 @@ if ($::FORM{'component'} ne $::FORM{'dontchange'}) { ...@@ -738,8 +761,8 @@ if ($::FORM{'component'} ne $::FORM{'dontchange'}) {
# If this installation uses bug aliases, and the user is changing the alias, # If this installation uses bug aliases, and the user is changing the alias,
# add this change to the query. # add this change to the query.
if (Param("usebugaliases") && defined($::FORM{'alias'})) { if (Param("usebugaliases") && defined $cgi->param('alias')) {
my $alias = trim($::FORM{'alias'}); my $alias = trim($cgi->param('alias'));
# Since aliases are unique (like bug numbers), they can only be changed # Since aliases are unique (like bug numbers), they can only be changed
# for one bug at a time, so ignore the alias change unless only a single # for one bug at a time, so ignore the alias change unless only a single
...@@ -795,31 +818,37 @@ if (Param("usebugaliases") && defined($::FORM{'alias'})) { ...@@ -795,31 +818,37 @@ if (Param("usebugaliases") && defined($::FORM{'alias'})) {
# allowed the user to set whether or not the reporter # allowed the user to set whether or not the reporter
# and cc list can see the bug even if they are not members of all groups # and cc list can see the bug even if they are not members of all groups
# to which the bug is restricted. # to which the bug is restricted.
if ( $::FORM{'id'} ) { if (defined $cgi->param('id')) {
SendSQL("SELECT group_id FROM bug_group_map WHERE bug_id = $::FORM{'id'}"); SendSQL("SELECT group_id FROM bug_group_map WHERE bug_id = " .
$cgi->param('id'));
my ($havegroup) = FetchSQLData(); my ($havegroup) = FetchSQLData();
if ( $havegroup ) { if ( $havegroup ) {
DoComma(); DoComma();
$::FORM{'reporter_accessible'} = $::FORM{'reporter_accessible'} ? '1' : '0'; $cgi->param('reporter_accessible',
$::query .= "reporter_accessible = $::FORM{'reporter_accessible'}"; $cgi->param('reporter_accessible') ? '1' : '0');
$::query .= 'reporter_accessible = ' .
$cgi->param('reporter_accessible');
DoComma(); DoComma();
$::FORM{'cclist_accessible'} = $::FORM{'cclist_accessible'} ? '1' : '0'; $cgi->param('cclist_accessible',
$::query .= "cclist_accessible = $::FORM{'cclist_accessible'}"; $cgi->param('cclist_accessible') ? '1' : '0');
$::query .= 'cclist_accessible = ' . $cgi->param('cclist_accessible');
} }
} }
if ($::FORM{'id'} && if (defined $cgi->param('id') &&
(Param("insidergroup") && UserInGroup(Param("insidergroup")))) { (Param("insidergroup") && UserInGroup(Param("insidergroup")))) {
detaint_natural($::FORM{'id'});
foreach my $field (keys %::FORM) { foreach my $field ($cgi->param()) {
if ($field =~ /when-([0-9]+)/) { if ($field =~ /when-([0-9]+)/) {
my $sequence = $1; my $sequence = $1;
my $private = $::FORM{"isprivate-$sequence"} ? 1 : 0 ; my $private = $cgi->param("isprivate-$sequence") ? 1 : 0 ;
if ($private != $::FORM{"oisprivate-$sequence"}) { if ($private != $cgi->param("oisprivate-$sequence")) {
detaint_natural($::FORM{"$field"}); my $field_data = $cgi->param("$field");
SendSQL("UPDATE longdescs SET isprivate = $private detaint_natural($field_data);
WHERE bug_id = $::FORM{'id'} AND bug_when = " . $::FORM{"$field"}); SendSQL("UPDATE longdescs SET isprivate = $private " .
"WHERE bug_id = " . $cgi->param('id') .
" AND bug_when = $field_data");
} }
} }
...@@ -832,22 +861,25 @@ my $duplicate = 0; ...@@ -832,22 +861,25 @@ my $duplicate = 0;
# What we'll do here is formulate the CC data into two hashes of ID's involved # What we'll do here is formulate the CC data into two hashes of ID's involved
# in this CC change. Then those hashes can be used later on for the actual change. # in this CC change. Then those hashes can be used later on for the actual change.
my (%cc_add, %cc_remove); my (%cc_add, %cc_remove);
if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{removecc} || defined $::FORM{masscc}) { if (defined $cgi->param('newcc')
|| defined $cgi->param('addselfcc')
|| defined $cgi->param('removecc')
|| defined $cgi->param('masscc')) {
# If masscc is defined, then we came from buglist and need to either add or # If masscc is defined, then we came from buglist and need to either add or
# remove cc's... otherwise, we came from bugform and may need to do both. # remove cc's... otherwise, we came from bugform and may need to do both.
my ($cc_add, $cc_remove) = ""; my ($cc_add, $cc_remove) = "";
if (defined $::FORM{masscc}) { if (defined $cgi->param('masscc')) {
if ($::FORM{ccaction} eq 'add') { if ($cgi->param('ccaction') eq 'add') {
$cc_add = $::FORM{masscc}; $cc_add = join(' ',$cgi->param('masscc'));
} elsif ($::FORM{ccaction} eq 'remove') { } elsif ($cgi->param('ccaction') eq 'remove') {
$cc_remove = $::FORM{masscc}; $cc_remove = join(' ',$cgi->param('masscc'));
} }
} else { } else {
$cc_add = $::FORM{newcc}; $cc_add = join(' ',$cgi->param('newcc'));
# We came from bug_form which uses a select box to determine what cc's # We came from bug_form which uses a select box to determine what cc's
# need to be removed... # need to be removed...
if (defined $::FORM{removecc} && $::FORM{cc}) { if (defined $cgi->param('removecc') && $cgi->param('cc')) {
$cc_remove = join (",", @{$::MFORM{cc}}); $cc_remove = join (",", $cgi->param('cc'));
} }
} }
...@@ -858,7 +890,7 @@ if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{re ...@@ -858,7 +890,7 @@ if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{re
$cc_add{$pid} = $person; $cc_add{$pid} = $person;
} }
} }
if ($::FORM{'addselfcc'}) { if ($cgi->param('addselfcc')) {
$cc_add{$whoid} = $user->login; $cc_add{$whoid} = $user->login;
} }
if ($cc_remove) { if ($cc_remove) {
...@@ -872,18 +904,18 @@ if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{re ...@@ -872,18 +904,18 @@ if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{re
# Store the new assignee and QA contact IDs (if any). This is the # Store the new assignee and QA contact IDs (if any). This is the
# only way to keep these informations when bugs are reassigned by # only way to keep these informations when bugs are reassigned by
# component as $::FORM{'assigned_to'} and $::FORM{'qa_contact'} # component as $cgi->param('assigned_to') and $cgi->param('qa_contact')
# are not the right fields to look at. # are not the right fields to look at.
my $assignee; my $assignee;
my $qacontact; my $qacontact;
if (defined $::FORM{'qa_contact'} if (defined $cgi->param('qa_contact')
&& $::FORM{'knob'} ne "reassignbycomponent") && $cgi->param('knob') ne "reassignbycomponent")
{ {
my $name = trim($::FORM{'qa_contact'}); my $name = trim($cgi->param('qa_contact'));
# The QA contact cannot be deleted from show_bug.cgi for a single bug! # The QA contact cannot be deleted from show_bug.cgi for a single bug!
if ($name ne $::FORM{'dontchange'}) { if ($name ne $cgi->param('dontchange')) {
$qacontact = DBNameToIdAndCheck($name) if ($name ne ""); $qacontact = DBNameToIdAndCheck($name) if ($name ne "");
DoComma(); DoComma();
if($qacontact) { if($qacontact) {
...@@ -896,7 +928,7 @@ if (defined $::FORM{'qa_contact'} ...@@ -896,7 +928,7 @@ if (defined $::FORM{'qa_contact'}
} }
CheckFormFieldDefined($cgi, 'knob'); CheckFormFieldDefined($cgi, 'knob');
SWITCH: for ($::FORM{'knob'}) { SWITCH: for ($cgi->param('knob')) {
/^none$/ && do { /^none$/ && do {
last SWITCH; last SWITCH;
}; };
...@@ -923,7 +955,7 @@ SWITCH: for ($::FORM{'knob'}) { ...@@ -923,7 +955,7 @@ SWITCH: for ($::FORM{'knob'}) {
# don't resolve as fixed while still unresolved blocking bugs # don't resolve as fixed while still unresolved blocking bugs
if (Param("noresolveonopenblockers") if (Param("noresolveonopenblockers")
&& $::FORM{'resolution'} eq 'FIXED') && $cgi->param('resolution') eq 'FIXED')
{ {
my @dependencies = Bugzilla::Bug::CountOpenDependencies(@idlist); my @dependencies = Bugzilla::Bug::CountOpenDependencies(@idlist);
if (scalar @dependencies > 0) { if (scalar @dependencies > 0) {
...@@ -938,32 +970,31 @@ SWITCH: for ($::FORM{'knob'}) { ...@@ -938,32 +970,31 @@ SWITCH: for ($::FORM{'knob'}) {
_remove_remaining_time(); _remove_remaining_time();
ChangeStatus('RESOLVED'); ChangeStatus('RESOLVED');
ChangeResolution($::FORM{'resolution'}); ChangeResolution($cgi->param('resolution'));
last SWITCH; last SWITCH;
}; };
/^reassign$/ && CheckonComment( "reassign" ) && do { /^reassign$/ && CheckonComment( "reassign" ) && do {
if ($::FORM{'andconfirm'}) { if ($cgi->param('andconfirm')) {
DoConfirm(); DoConfirm();
} }
ChangeStatus('NEW'); ChangeStatus('NEW');
DoComma(); DoComma();
if (!defined $::FORM{'assigned_to'} if (!defined $cgi->param('assigned_to')
|| trim($::FORM{'assigned_to'}) eq "") || trim($cgi->param('assigned_to')) eq "") {
{
ThrowUserError("reassign_to_empty"); ThrowUserError("reassign_to_empty");
} }
$assignee = DBNameToIdAndCheck(trim($::FORM{'assigned_to'})); $assignee = DBNameToIdAndCheck(trim($cgi->param('assigned_to')));
$::query .= "assigned_to = $assignee"; $::query .= "assigned_to = $assignee";
last SWITCH; last SWITCH;
}; };
/^reassignbycomponent$/ && CheckonComment( "reassignbycomponent" ) && do { /^reassignbycomponent$/ && CheckonComment( "reassignbycomponent" ) && do {
if ($::FORM{'product'} eq $::FORM{'dontchange'}) { if ($cgi->param('product') eq $cgi->param('dontchange')) {
ThrowUserError("need_product"); ThrowUserError("need_product");
} }
if ($::FORM{'component'} eq $::FORM{'dontchange'}) { if ($cgi->param('component') eq $cgi->param('dontchange')) {
ThrowUserError("need_component"); ThrowUserError("need_component");
} }
if ($::FORM{'compconfirm'}) { if ($cgi->param('compconfirm')) {
DoConfirm(); DoConfirm();
} }
ChangeStatus('NEW'); ChangeStatus('NEW');
...@@ -1005,14 +1036,15 @@ SWITCH: for ($::FORM{'knob'}) { ...@@ -1005,14 +1036,15 @@ SWITCH: for ($::FORM{'knob'}) {
/^duplicate$/ && CheckonComment( "duplicate" ) && do { /^duplicate$/ && CheckonComment( "duplicate" ) && do {
# Make sure we can change the original bug (issue A on bug 96085) # Make sure we can change the original bug (issue A on bug 96085)
CheckFormFieldDefined($cgi, 'dup_id'); CheckFormFieldDefined($cgi, 'dup_id');
ValidateBugID($::FORM{'dup_id'}, 'dup_id'); $duplicate = $cgi->param('dup_id');
ValidateBugID($duplicate, 'dup_id');
$cgi->param('dup_id', $duplicate);
# Also, let's see if the reporter has authorization to see # Also, let's see if the reporter has authorization to see
# the bug to which we are duping. If not we need to prompt. # the bug to which we are duping. If not we need to prompt.
DuplicateUserConfirm(); DuplicateUserConfirm();
$duplicate = $::FORM{'dup_id'}; if (!defined $cgi->param('id') || $duplicate == $cgi->param('id')) {
if (!defined($::FORM{'id'}) || $duplicate == $::FORM{'id'}) {
ThrowUserError("dupe_of_self_disallowed"); ThrowUserError("dupe_of_self_disallowed");
} }
...@@ -1021,25 +1053,21 @@ SWITCH: for ($::FORM{'knob'}) { ...@@ -1021,25 +1053,21 @@ SWITCH: for ($::FORM{'knob'}) {
ChangeStatus('RESOLVED'); ChangeStatus('RESOLVED');
ChangeResolution('DUPLICATE'); ChangeResolution('DUPLICATE');
$::FORM{'comment'} .= "\n\n*** This bug has been marked " . my $comment = $cgi->param('comment');
"as a duplicate of $duplicate ***"; $comment .= "\n\n*** This bug has been marked " .
"as a duplicate of $duplicate ***";
$cgi->param('comment', $comment);
last SWITCH; last SWITCH;
}; };
ThrowCodeError("unknown_action", { action => $::FORM{'knob'} }); ThrowCodeError("unknown_action", { action => $cgi->param('knob') });
}
if ($#idlist < 0) {
ThrowUserError("no_bugs_chosen");
} }
my @keywordlist; my @keywordlist;
my %keywordseen; my %keywordseen;
if ($::FORM{'keywords'}) { if (defined $cgi->param('keywords')) {
foreach my $keyword (split(/[\s,]+/, $::FORM{'keywords'})) { foreach my $keyword (split(/[\s,]+/, $cgi->param('keywords'))) {
if ($keyword eq '') { if ($keyword eq '') {
next; next;
} }
...@@ -1055,7 +1083,7 @@ if ($::FORM{'keywords'}) { ...@@ -1055,7 +1083,7 @@ if ($::FORM{'keywords'}) {
} }
} }
my $keywordaction = $::FORM{'keywordaction'} || "makeexact"; my $keywordaction = $cgi->param('keywordaction') || "makeexact";
if (!grep($keywordaction eq $_, qw(add delete makeexact))) { if (!grep($keywordaction eq $_, qw(add delete makeexact))) {
$keywordaction = "makeexact"; $keywordaction = "makeexact";
} }
...@@ -1063,9 +1091,9 @@ if (!grep($keywordaction eq $_, qw(add delete makeexact))) { ...@@ -1063,9 +1091,9 @@ if (!grep($keywordaction eq $_, qw(add delete makeexact))) {
if ($::comma eq "" if ($::comma eq ""
&& (! @groupAdd) && (! @groupDel) && (! @groupAdd) && (! @groupDel)
&& (! @::legal_keywords || (0 == @keywordlist && $keywordaction ne "makeexact")) && (! @::legal_keywords || (0 == @keywordlist && $keywordaction ne "makeexact"))
&& defined $::FORM{'masscc'} && ! $::FORM{'masscc'} && defined $cgi->param('masscc') && ! $cgi->param('masscc')
) { ) {
if (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/) { if (!defined $cgi->param('comment') || $cgi->param('comment') =~ /^\s*$/) {
ThrowUserError("bugs_not_changed"); ThrowUserError("bugs_not_changed");
} }
} }
...@@ -1073,21 +1101,21 @@ if ($::comma eq "" ...@@ -1073,21 +1101,21 @@ if ($::comma eq ""
# Process data for Time Tracking fields # Process data for Time Tracking fields
if (UserInGroup(Param('timetrackinggroup'))) { if (UserInGroup(Param('timetrackinggroup'))) {
foreach my $field ("estimated_time", "remaining_time") { foreach my $field ("estimated_time", "remaining_time") {
if (defined $::FORM{$field}) { if (defined $cgi->param($field)) {
my $er_time = trim($::FORM{$field}); my $er_time = trim($cgi->param($field));
if ($er_time ne $::FORM{'dontchange'}) { if ($er_time ne $cgi->param('dontchange')) {
DoComma(); DoComma();
$::query .= "$field = " . SqlQuote($er_time); $::query .= "$field = " . SqlQuote($er_time);
} }
} }
} }
if (defined $::FORM{'deadline'}) { if (defined $cgi->param('deadline')) {
DoComma(); DoComma();
$::query .= "deadline = "; $::query .= "deadline = ";
if ($::FORM{'deadline'}) { if ($cgi->param('deadline')) {
Bugzilla::Util::ValidateDate($::FORM{'deadline'}, 'YYYY-MM-DD'); Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD');
$::query .= SqlQuote($::FORM{'deadline'}); $::query .= SqlQuote($cgi->param('deadline'));
} else { } else {
$::query .= "NULL" ; $::query .= "NULL" ;
} }
...@@ -1158,8 +1186,9 @@ sub LogDependencyActivity { ...@@ -1158,8 +1186,9 @@ sub LogDependencyActivity {
return 0; return 0;
} }
# this loop iterates once for each bug to be processed (eg when this script # This loop iterates once for each bug to be processed (i.e. all the
# is called with multiple bugs selected from buglist.cgi instead of # bugs selected when this script is called with multiple bugs selected
# from buglist.cgi, or just the one bug when called from
# show_bug.cgi). # show_bug.cgi).
# #
foreach my $id (@idlist) { foreach my $id (@idlist) {
...@@ -1189,14 +1218,14 @@ foreach my $id (@idlist) { ...@@ -1189,14 +1218,14 @@ foreach my $id (@idlist) {
# this id ready for the loop below, otherwise anybody can # this id ready for the loop below, otherwise anybody can
# change the component of a bug (we checked product above). # change the component of a bug (we checked product above).
# http://bugzilla.mozilla.org/show_bug.cgi?id=180545 # http://bugzilla.mozilla.org/show_bug.cgi?id=180545
my $product_id = get_product_id($::FORM{'product'}); my $product_id = get_product_id($cgi->param('product'));
if ($::FORM{'component'} ne $::FORM{'dontchange'}) { if ($cgi->param('component') ne $cgi->param('dontchange')) {
$::FORM{'component_id'} = $cgi->param('component_id',
get_component_id($product_id, $::FORM{'component'}); get_component_id($product_id, $cgi->param('component')));
} }
# It may sound crazy to set %formhash for each bug as $::FORM{} # It may sound crazy to set %formhash for each bug as $cgi->param()
# will not change, but %formhash is modified below and we prefer # will not change, but %formhash is modified below and we prefer
# to set it again. # to set it again.
my $i = 0; my $i = 0;
...@@ -1207,7 +1236,7 @@ foreach my $id (@idlist) { ...@@ -1207,7 +1236,7 @@ foreach my $id (@idlist) {
# Consider NULL db entries to be equivalent to the empty string # Consider NULL db entries to be equivalent to the empty string
$oldvalues[$i] = '' unless defined $oldvalues[$i]; $oldvalues[$i] = '' unless defined $oldvalues[$i];
$oldhash{$col} = $oldvalues[$i]; $oldhash{$col} = $oldvalues[$i];
$formhash{$col} = $::FORM{$col} if defined $::FORM{$col}; $formhash{$col} = $cgi->param($col) if defined $cgi->param($col);
$i++; $i++;
} }
# If the user is reassigning bugs, we need to: # If the user is reassigning bugs, we need to:
...@@ -1216,9 +1245,8 @@ foreach my $id (@idlist) { ...@@ -1216,9 +1245,8 @@ foreach my $id (@idlist) {
# - update $newhash{'bug_status'} to its real state if the bug # - update $newhash{'bug_status'} to its real state if the bug
# is in the unconfirmed state. # is in the unconfirmed state.
$formhash{'qa_contact'} = $qacontact if Param('useqacontact'); $formhash{'qa_contact'} = $qacontact if Param('useqacontact');
if ($::FORM{'knob'} eq 'reassignbycomponent' if ($cgi->param('knob') eq 'reassignbycomponent'
|| $::FORM{'knob'} eq 'reassign') || $cgi->param('knob') eq 'reassign') {
{
$formhash{'assigned_to'} = $assignee; $formhash{'assigned_to'} = $assignee;
if ($oldhash{'bug_status'} eq 'UNCONFIRMED') { if ($oldhash{'bug_status'} eq 'UNCONFIRMED') {
$formhash{'bug_status'} = $oldhash{'bug_status'}; $formhash{'bug_status'} = $oldhash{'bug_status'};
...@@ -1232,7 +1260,7 @@ foreach my $id (@idlist) { ...@@ -1232,7 +1260,7 @@ foreach my $id (@idlist) {
if ($col eq 'component_id') { if ($col eq 'component_id') {
# Display the component name # Display the component name
$vars->{'oldvalue'} = get_component_name($oldhash{$col}); $vars->{'oldvalue'} = get_component_name($oldhash{$col});
$vars->{'newvalue'} = $::FORM{'component'}; $vars->{'newvalue'} = $cgi->param('component');
$vars->{'field'} = 'component'; $vars->{'field'} = 'component';
} elsif ($col eq 'assigned_to' || $col eq 'qa_contact') { } elsif ($col eq 'assigned_to' || $col eq 'qa_contact') {
# Display the assignee or QA contact email address # Display the assignee or QA contact email address
...@@ -1255,9 +1283,9 @@ foreach my $id (@idlist) { ...@@ -1255,9 +1283,9 @@ foreach my $id (@idlist) {
# the list hasn't changed. To fix that, we have to call CheckCanChangeField # the list hasn't changed. To fix that, we have to call CheckCanChangeField
# again with old!=new if the keyword action is "delete" and old=new. # again with old!=new if the keyword action is "delete" and old=new.
if ($keywordaction eq "delete" if ($keywordaction eq "delete"
&& exists $::FORM{keywords} && defined $cgi->param('keywords')
&& length(@keywordlist) > 0 && length(@keywordlist) > 0
&& $::FORM{keywords} eq $oldhash{keywords} && $cgi->param('keywords') eq $oldhash{keywords}
&& !CheckCanChangeField("keywords", $id, "old is not", "equal to new")) && !CheckCanChangeField("keywords", $id, "old is not", "equal to new"))
{ {
$vars->{'oldvalue'} = $oldhash{keywords}; $vars->{'oldvalue'} = $oldhash{keywords};
...@@ -1273,12 +1301,12 @@ foreach my $id (@idlist) { ...@@ -1273,12 +1301,12 @@ foreach my $id (@idlist) {
{ product => $oldhash{'product'} }); { product => $oldhash{'product'} });
} }
if (defined $::FORM{'product'} if (defined $cgi->param('product')
&& $::FORM{'product'} ne $::FORM{'dontchange'} && $cgi->param('product') ne $cgi->param('dontchange')
&& $::FORM{'product'} ne $oldhash{'product'} && $cgi->param('product') ne $oldhash{'product'}
&& !CanEnterProduct($::FORM{'product'})) { && !CanEnterProduct($cgi->param('product'))) {
ThrowUserError("entry_access_denied", ThrowUserError("entry_access_denied",
{ product => $::FORM{'product'} }); { product => $cgi->param('product') });
} }
if ($requiremilestone) { if ($requiremilestone) {
# musthavemilestoneonaccept applies only if at least two # musthavemilestoneonaccept applies only if at least two
...@@ -1300,15 +1328,15 @@ foreach my $id (@idlist) { ...@@ -1300,15 +1328,15 @@ foreach my $id (@idlist) {
} }
} }
} }
if (defined $::FORM{'delta_ts'} && $::FORM{'delta_ts'} ne $delta_ts) { if (defined $cgi->param('delta_ts') && $cgi->param('delta_ts') ne $delta_ts)
($vars->{'operations'}) = GetBugActivity($::FORM{'id'}, $::FORM{'delta_ts'}); {
($vars->{'operations'}) = GetBugActivity($cgi->param('id'),
$cgi->param('delta_ts'));
$vars->{'start_at'} = $::FORM{'longdesclength'}; $vars->{'start_at'} = $cgi->param('longdesclength');
$vars->{'comments'} = Bugzilla::Bug::GetComments($id); $vars->{'comments'} = Bugzilla::Bug::GetComments($id);
$::FORM{'delta_ts'} = $delta_ts; $cgi->param('delta_ts', $delta_ts);
$vars->{'form'} = \%::FORM;
$vars->{'mform'} = \%::MFORM;
$vars->{'bug_id'} = $id; $vars->{'bug_id'} = $id;
...@@ -1321,14 +1349,14 @@ foreach my $id (@idlist) { ...@@ -1321,14 +1349,14 @@ foreach my $id (@idlist) {
} }
my %deps; my %deps;
if (defined $::FORM{'dependson'}) { if (defined $cgi->param('dependson')) {
my $me = "blocked"; my $me = "blocked";
my $target = "dependson"; my $target = "dependson";
my %deptree; my %deptree;
for (1..2) { for (1..2) {
$deptree{$target} = []; $deptree{$target} = [];
my %seen; my %seen;
foreach my $i (split('[\s,]+', $::FORM{$target})) { foreach my $i (split('[\s,]+', $cgi->param($target))) {
next if $i eq ""; next if $i eq "";
if ($id eq $i) { if ($id eq $i) {
...@@ -1395,23 +1423,23 @@ foreach my $id (@idlist) { ...@@ -1395,23 +1423,23 @@ foreach my $id (@idlist) {
my $work_time; my $work_time;
if (UserInGroup(Param('timetrackinggroup'))) { if (UserInGroup(Param('timetrackinggroup'))) {
$work_time = $::FORM{'work_time'}; $work_time = $cgi->param('work_time');
if ($work_time) { if ($work_time) {
# AppendComment (called below) can in theory raise an error, # AppendComment (called below) can in theory raise an error,
# but because we've already validated work_time here it's # but because we've already validated work_time here it's
# safe to log the entry before adding the comment. # safe to log the entry before adding the comment.
LogActivityEntry($id, "work_time", "", $::FORM{'work_time'}, LogActivityEntry($id, "work_time", "", $work_time,
$whoid, $timestamp); $whoid, $timestamp);
} }
} }
if ($::FORM{'comment'} || $work_time) { if ($cgi->param('comment') || $work_time) {
AppendComment($id, Bugzilla->user->login, $::FORM{'comment'}, AppendComment($id, Bugzilla->user->login, $cgi->param('comment'),
$::FORM{'commentprivacy'}, $timestamp, $work_time); $cgi->param('commentprivacy'), $timestamp, $work_time);
$bug_changed = 1; $bug_changed = 1;
} }
if (@::legal_keywords && exists $::FORM{keywords}) { if (@::legal_keywords && defined $cgi->param('keywords')) {
# There are three kinds of "keywordsaction": makeexact, add, delete. # There are three kinds of "keywordsaction": makeexact, add, delete.
# For makeexact, we delete everything, and then add our things. # For makeexact, we delete everything, and then add our things.
# For add, we delete things we're adding (to make sure we don't # For add, we delete things we're adding (to make sure we don't
...@@ -1463,9 +1491,10 @@ foreach my $id (@idlist) { ...@@ -1463,9 +1491,10 @@ foreach my $id (@idlist) {
} }
my $newproduct_id = $oldhash{'product_id'}; my $newproduct_id = $oldhash{'product_id'};
if ((defined $::FORM{'product'}) if ((defined $cgi->param('product'))
&& ($::FORM{'product'} ne $::FORM{'dontchange'})) { && ($cgi->param('product') ne $cgi->param('dontchange')))
my $newproduct_id = get_product_id($::FORM{'product'}); {
my $newproduct_id = get_product_id($cgi->param('product'));
} }
my %groupsrequired = (); my %groupsrequired = ();
...@@ -1518,7 +1547,10 @@ foreach my $id (@idlist) { ...@@ -1518,7 +1547,10 @@ foreach my $id (@idlist) {
} }
my @ccRemoved = (); my @ccRemoved = ();
if (defined $::FORM{newcc} || defined $::FORM{'addselfcc'} || defined $::FORM{removecc} || defined $::FORM{masscc}) { if (defined $cgi->param('newcc')
|| defined $cgi->param('addselfcc')
|| defined $cgi->param('removecc')
|| defined $cgi->param('masscc')) {
# Get the current CC list for this bug # Get the current CC list for this bug
my %oncc; my %oncc;
SendSQL("SELECT who FROM cc WHERE bug_id = $id"); SendSQL("SELECT who FROM cc WHERE bug_id = $id");
...@@ -1566,7 +1598,7 @@ foreach my $id (@idlist) { ...@@ -1566,7 +1598,7 @@ foreach my $id (@idlist) {
undef, $id)}; undef, $id)};
@dependencychanged{@oldlist} = 1; @dependencychanged{@oldlist} = 1;
if (defined $::FORM{'dependson'}) { if (defined $cgi->param('dependson')) {
my %snapshot; my %snapshot;
my @newlist = sort {$a <=> $b} @{$deps{$target}}; my @newlist = sort {$a <=> $b} @{$deps{$target}};
@dependencychanged{@newlist} = 1; @dependencychanged{@newlist} = 1;
...@@ -1613,12 +1645,11 @@ foreach my $id (@idlist) { ...@@ -1613,12 +1645,11 @@ foreach my $id (@idlist) {
# conditions under which these activities take place, more information # conditions under which these activities take place, more information
# about which can be found in comments within the conditionals below. # about which can be found in comments within the conditionals below.
# Check if the user has changed the product to which the bug belongs; # Check if the user has changed the product to which the bug belongs;
if ( if (defined $cgi->param('product')
defined $::FORM{'product'} && $cgi->param('product') ne $cgi->param('dontchange')
&& $::FORM{'product'} ne $::FORM{'dontchange'} && $cgi->param('product') ne $oldhash{'product'}
&& $::FORM{'product'} ne $oldhash{'product'}
) { ) {
my $newproduct_id = get_product_id($::FORM{'product'}); $newproduct_id = get_product_id($cgi->param('product'));
# Depending on the "addtonewgroup" variable, groups with # Depending on the "addtonewgroup" variable, groups with
# defaults will change. # defaults will change.
# #
...@@ -1696,8 +1727,8 @@ foreach my $id (@idlist) { ...@@ -1696,8 +1727,8 @@ foreach my $id (@idlist) {
# replaced. # replaced.
push(@groupstoremove, @defaultstoremove); push(@groupstoremove, @defaultstoremove);
if (AnyDefaultGroups() if (AnyDefaultGroups()
&& (($::FORM{'addtonewgroup'} eq 'yes') && (($cgi->param('addtonewgroup') eq 'yes')
|| (($::FORM{'addtonewgroup'} eq 'yesifinold') || (($cgi->param('addtonewgroup') eq 'yesifinold')
&& ($buginanydefault)))) { && ($buginanydefault)))) {
push(@groupstoadd, @defaultstoadd); push(@groupstoadd, @defaultstoadd);
} }
...@@ -1837,26 +1868,33 @@ foreach my $id (@idlist) { ...@@ -1837,26 +1868,33 @@ foreach my $id (@idlist) {
if ($duplicate) { if ($duplicate) {
# Check to see if Reporter of this bug is reporter of Dupe # Check to see if Reporter of this bug is reporter of Dupe
SendSQL("SELECT reporter FROM bugs WHERE bug_id = " . SqlQuote($::FORM{'id'})); SendSQL("SELECT reporter FROM bugs WHERE bug_id = " .
$cgi->param('id'));
my $reporter = FetchOneColumn(); my $reporter = FetchOneColumn();
SendSQL("SELECT reporter FROM bugs WHERE bug_id = " . SqlQuote($duplicate) . " and reporter = $reporter"); SendSQL("SELECT reporter FROM bugs WHERE bug_id = " .
"$duplicate and reporter = $reporter");
my $isreporter = FetchOneColumn(); my $isreporter = FetchOneColumn();
SendSQL("SELECT who FROM cc WHERE bug_id = " . SqlQuote($duplicate) . " and who = $reporter"); SendSQL("SELECT who FROM cc WHERE bug_id = " .
" $duplicate and who = $reporter");
my $isoncc = FetchOneColumn(); my $isoncc = FetchOneColumn();
unless ($isreporter || $isoncc || ! $::FORM{'confirm_add_duplicate'}) { unless ($isreporter || $isoncc
|| !$cgi->param('confirm_add_duplicate')) {
# The reporter is oblivious to the existence of the new bug and is permitted access # The reporter is oblivious to the existence of the new bug and is permitted access
# ... add 'em to the cc (and record activity) # ... add 'em to the cc (and record activity)
LogActivityEntry($duplicate,"cc","",DBID_to_name($reporter), LogActivityEntry($duplicate,"cc","",DBID_to_name($reporter),
$whoid,$timestamp); $whoid,$timestamp);
SendSQL("INSERT INTO cc (who, bug_id) VALUES ($reporter, " . SqlQuote($duplicate) . ")"); SendSQL("INSERT INTO cc (who, bug_id) " .
"VALUES ($reporter, $duplicate)");
} }
# Bug 171639 - Duplicate notifications do not need to be private. # Bug 171639 - Duplicate notifications do not need to be private.
AppendComment($duplicate, Bugzilla->user->login, AppendComment($duplicate, Bugzilla->user->login,
"*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***", "*** Bug " . $cgi->param('id') .
" has been marked as a duplicate of this bug. ***",
0, $timestamp); 0, $timestamp);
CheckFormFieldDefined($cgi,'comment'); CheckFormFieldDefined($cgi,'comment');
SendSQL("INSERT INTO duplicates VALUES ($duplicate, $::FORM{'id'})"); SendSQL("INSERT INTO duplicates VALUES ($duplicate, " .
$cgi->param('id') . ")");
$vars->{'mailrecipients'} = { 'changer' => Bugzilla->user->login }; $vars->{'mailrecipients'} = { 'changer' => Bugzilla->user->login };
......
template/en/default/bug/process/confirm-duplicate.html.tmpl
View file @ cfda9d97
...@@ -20,8 +20,6 @@ ...@@ -20,8 +20,6 @@
#%] #%]
[%# INTERFACE: [%# INTERFACE:
# form: hash; the form values submitted to the script
# mform: hash; the form multi-values submitted to the script
# original_bug_id: number; the bug number for the bug # original_bug_id: number; the bug number for the bug
# against which a bug is being duped # against which a bug is being duped
# duplicate_bug_id: number; the bug number for the bug # duplicate_bug_id: number; the bug number for the bug
......
template/en/default/bug/process/midair.html.tmpl
View file @ cfda9d97
...@@ -20,8 +20,6 @@ ...@@ -20,8 +20,6 @@
#%] #%]
[%# INTERFACE: [%# INTERFACE:
# form: hash; the form values submitted to the script
# mform: hash; the form multi-values submitted to the script
# operations: array; bug activity since the user last displayed the bug form, # operations: array; bug activity since the user last displayed the bug form,
# used by bug/activity/table.html.tmpl to display recent changes that will # used by bug/activity/table.html.tmpl to display recent changes that will
# be overwritten if the user submits these changes. See that template # be overwritten if the user submits these changes. See that template
...@@ -34,6 +32,10 @@ ...@@ -34,6 +32,10 @@
# bug_id: number; the ID of the bug being changed. # bug_id: number; the ID of the bug being changed.
#%] #%]
[%# The global Bugzilla->cgi object is used to obtain form variable values. %]
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
[% PROCESS global/variables.none.tmpl %] [% PROCESS global/variables.none.tmpl %]
[% UNLESS header_done %] [% UNLESS header_done %]
...@@ -62,7 +64,7 @@ ...@@ -62,7 +64,7 @@
<p> <p>
Your comment was:<br> Your comment was:<br>
<blockquote><pre>[% form.comment FILTER html %]</pre></blockquote> <blockquote><pre>[% cgi.param("comment") FILTER html %]</pre></blockquote>
</p> </p>
<p> <p>
......
template/en/default/bug/process/verify-new-product.html.tmpl
View file @ cfda9d97
...@@ -20,8 +20,6 @@ ...@@ -20,8 +20,6 @@
#%] #%]
[%# INTERFACE: [%# INTERFACE:
# form: hash; the form values submitted to the script
# mform: hash; the form multi-values submitted to the script
# verify_fields: boolean; whether or not to verify # verify_fields: boolean; whether or not to verify
# the version, component, and target milestone fields # the version, component, and target milestone fields
# versions: array; versions for the new product. # versions: array; versions for the new product.
...@@ -35,6 +33,10 @@ ...@@ -35,6 +33,10 @@
# the target milestone field # the target milestone field
#%] #%]
[%# The global Bugzilla->cgi object is used to obtain form variable values. %]
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
[% PROCESS global/variables.none.tmpl %] [% PROCESS global/variables.none.tmpl %]
[% PROCESS global/header.html.tmpl %] [% PROCESS global/header.html.tmpl %]
...@@ -51,12 +53,12 @@ ...@@ -51,12 +53,12 @@
<p> <p>
[% IF use_target_milestone %] [% IF use_target_milestone %]
You are moving the [% terms.bug %](s) to the product You are moving the [% terms.bug %](s) to the product
<b>[% form.product FILTER html %]</b>, <b>[% cgi.param("product") FILTER html %]</b>,
and the version, component, and/or target milestone fields are no longer and the version, component, and/or target milestone fields are no longer
correct. Please set the correct version, component, and target milestone now: correct. Please set the correct version, component, and target milestone now:
[% ELSE %] [% ELSE %]
You are moving the [% terms.bug %](s) to the product You are moving the [% terms.bug %](s) to the product
<b>[% form.product FILTER html %]</b>, <b>[% cgi.param("product") FILTER html %]</b>,
and the version and component fields are no longer correct. and the version and component fields are no longer correct.
Please set the correct version and component now: Please set the correct version and component now:
[% END %] [% END %]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment