Bug 240251: Bug::AppendComment() should receive the user ID as a 2nd parameter -…

Bugzilla/Bug.pm

@@ -696,7 +696,7 @@ sub bug_alias_to_id ($) {
 #####################################################################
 
 sub AppendComment ($$$;$$$) {
-    my ($bugid, $who, $comment, $isprivate, $timestamp, $work_time) = @_;
+    my ($bugid, $whoid, $comment, $isprivate, $timestamp, $work_time) = @_;
     $work_time ||= 0;
     my $dbh = Bugzilla->dbh;
 
@@ -717,7 +717,6 @@ sub AppendComment ($$$;$$$) {
     # Comments are always safe, because we always display their raw contents,
     # and we use them in a placeholder below.
     trick_taint($comment); 
-    my $whoid = &::DBNameToIdAndCheck($who);
     my $privacyval = $isprivate ? 1 : 0 ;
     $dbh->do(q{INSERT INTO longdescs
                       (bug_id, who, bug_when, thetext, isprivate, work_time)
@@ -968,7 +967,7 @@ sub CheckIfVotedConfirmed {
                  "VALUES (?, ?, ?, ?, ?, ?)",
                  undef, ($id, $who, $timestamp, $fieldid, '0', '1'));
 
-        AppendComment($id, &::DBID_to_name($who),
+        AppendComment($id, $who,
                       "*** This bug has been confirmed by popular vote. ***",
                       0, $timestamp);
 

attachment.cgi

@@ -965,11 +965,7 @@ sub insert
                 $cgi->param('description') . "\n";
   $comment .= ("\n" . $cgi->param('comment')) if defined $cgi->param('comment');
 
-  AppendComment($bugid,
-                Bugzilla->user->login,
-                $comment,
-                $isprivate,
-                $timestamp);
+  AppendComment($bugid, $userid, $comment, $isprivate, $timestamp);
 
   # Make existing attachments obsolete.
   my $fieldid = GetFieldID('attachments.isobsolete');
@@ -1245,10 +1241,6 @@ sub update
   # Unlock all database tables now that we are finished updating the database.
   $dbh->bz_unlock_tables();
 
-  # Get the user's login name since the AppendComment and header functions
-  # need it.
-  my $who = Bugzilla->user->login;
-
   # If the user submitted a comment while editing the attachment,
   # add the comment to the bug.
   if ($cgi->param('comment'))
@@ -1259,11 +1251,11 @@ sub update
                   $cgi->param('comment');
 
     # Append the comment to the list of comments in the database.
-    AppendComment($bugid, $who, $comment, $cgi->param('isprivate'), $timestamp);
+    AppendComment($bugid, $userid, $comment, $cgi->param('isprivate'), $timestamp);
   }
   
   # Define the variables and functions that will be passed to the UI template.
-  $vars->{'mailrecipients'} = { 'changer' => $who };
+  $vars->{'mailrecipients'} = { 'changer' => Bugzilla->user->login };
   $vars->{'attachid'} = $attach_id; 
   $vars->{'bugid'} = $bugid; 
 

process_bug.cgi

@@ -1346,7 +1346,7 @@ foreach my $id (@idlist) {
     }
 
     if ($cgi->param('comment') || $work_time) {
-        AppendComment($id, Bugzilla->user->login, $cgi->param('comment'),
+        AppendComment($id, $whoid, $cgi->param('comment'),
                       $cgi->param('commentprivacy'), $timestamp, $work_time);
         $bug_changed = 1;
     }
@@ -1775,7 +1775,7 @@ foreach my $id (@idlist) {
                     "VALUES ($reporter, $duplicate)");
         }
         # Bug 171639 - Duplicate notifications do not need to be private. 
-        AppendComment($duplicate, Bugzilla->user->login,
+        AppendComment($duplicate, $whoid,
                       "*** Bug " . $cgi->param('id') .
                       " has been marked as a duplicate of this bug. ***",
                       0, $timestamp);