Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi,…

Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi, duplicates.cgi, quips.cgi, report.cgi, request.cgi and showdependency*.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk

Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi,…
f4915ace · lpsolit%gmail.com · ba7c33a6 · f4915ace · f4915ace · f4915ace
Commit f4915ace authored Oct 26, 2005 by lpsolit%gmail.com
8 changed files
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -35,6 +35,7 @@ my $user = Bugzilla->login();
 GetVersionTable();

 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};
 my $product = trim($cgi->param('product') || '');
@@ -87,12 +88,13 @@ if (!$product_id || !$user->can_enter_product($product)) {
 ######################################################################

 my @components;
-SendSQL("SELECT name, initialowner, initialqacontact, description FROM " .
-        "components WHERE product_id = $product_id ORDER BY name");
-while (MoreSQLData()) {
-    my ($name, $initialowner, $initialqacontact, $description) =
-      FetchSQLData();
-
+my $comps = $dbh->selectall_arrayref(
+                  q{SELECT name, initialowner, initialqacontact, description
+                      FROM components
+                     WHERE product_id = ?
+                  ORDER BY name}, undef, $product_id);
+foreach my $comp (@$comps) {
+    my ($name, $initialowner, $initialqacontact, $description) = @$comp;
    my %component;

    $component{'name'} = $name;

--- a/describekeywords.cgi
+++ b/describekeywords.cgi
@@ -36,25 +36,17 @@ my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

-SendSQL("SELECT keyworddefs.name, keyworddefs.description, 
-                COUNT(keywords.bug_id)
-         FROM keyworddefs LEFT JOIN keywords
-         ON keyworddefs.id = keywords.keywordid " .
+my $keywords = $dbh->selectall_arrayref(
+                   q{SELECT keyworddefs.name, keyworddefs.description,
+                            COUNT(keywords.bug_id) AS bugcount
+                       FROM keyworddefs
+                  LEFT JOIN keywords
+                         ON keyworddefs.id = keywords.keywordid } .
         $dbh->sql_group_by('keyworddefs.id',
-                            'keyworddefs.name, keyworddefs.description') . "
-         ORDER BY keyworddefs.name");
-
-my @keywords;
-
-while (MoreSQLData()) {
-    my ($name, $description, $bugs) = FetchSQLData();
-   
-    push (@keywords, { name => $name, 
-                       description => $description,
-                       bugcount => $bugs });
-}
-   
-$vars->{'keywords'} = \@keywords;
+                            'keyworddefs.name, keyworddefs.description') .
+                 " ORDER BY keyworddefs.name", {'Slice' => {}});
+
+$vars->{'keywords'} = $keywords;
 $vars->{'caneditkeywords'} = UserInGroup("editkeywords");

 print Bugzilla->cgi->header();

--- a/duplicates.cgi
+++ b/duplicates.cgi
@@ -37,6 +37,7 @@ use Bugzilla::Config qw(:DEFAULT $datadir);
 use Bugzilla::Constants;

 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;

 # Go directly to the XUL version of the duplicates report (duplicates.xul)
 # if the user specified ctype=xul.  Adds params if they exist, and directs
@@ -231,13 +232,13 @@ if (scalar(%count)) {
                                     'params' => $params,
                                    );

-    SendSQL($query->getSQL());
+    my $results = $dbh->selectall_arrayref($query->getSQL());

-    while (MoreSQLData()) {
+    foreach my $result (@$results) {
        # Note: maximum row count is dealt with in the template.

        my ($id, $component, $bug_severity, $op_sys, $target_milestone, 
-            $short_desc, $bug_status, $resolution) = FetchSQLData();
+            $short_desc, $bug_status, $resolution) = @$result;

        push (@bugs, { id => $id,
                       count => $count{$id},

--- a/quips.cgi
+++ b/quips.cgi
@@ -36,6 +36,7 @@ use Bugzilla::Constants;
 Bugzilla->login(LOGIN_REQUIRED);

 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

@@ -43,23 +44,24 @@ my $action = $cgi->param('action') || "";

 if ($action eq "show") {
    # Read in the entire quip list
-    SendSQL("SELECT quipid, userid, quip, approved FROM quips");
+    my $quipsref = $dbh->selectall_arrayref(
+                       "SELECT quipid, userid, quip, approved FROM quips");

    my $quips;
    my @quipids;
-    while (MoreSQLData()) {
-        my ($quipid, $userid, $quip, $approved) = FetchSQLData();
+    foreach my $quipref (@$quipsref) {
+        my ($quipid, $userid, $quip, $approved) = @$quipref;
        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 
                             'approved' => $approved};
        push(@quipids, $quipid);
    }

    my $users;
+    my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
    foreach my $quipid (@quipids) {
        my $userid = $quips->{$quipid}{'userid'};
        if ($userid && not defined $users->{$userid}) {
-            SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
-            $users->{$userid} = FetchOneColumn();
+            ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
        }
    }
    $vars->{'quipids'} = \@quipids;
@@ -77,20 +79,21 @@ if ($action eq "add") {
      (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
    my $comment = $cgi->param("quip");
    $comment || ThrowUserError("need_quip");
+    trick_taint($comment); # Used in a placeholder below

-    SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
-           '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
+    $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
+             undef, ($userid, $comment, $approved));

    $vars->{'added_quip'} = $comment;
 }

 if ($action eq 'approve') {
    # Read in the entire quip list
-    SendSQL("SELECT quipid, approved FROM quips");
- 
+    my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
+    
    my %quips;
-    while (MoreSQLData()) {
-        my ($quipid, $approved) = FetchSQLData();
+    foreach my $quipref (@$quipsref) {
+        my ($quipid, $approved) = @$quipref;
        $quips{$quipid} = $approved;
    }

@@ -103,9 +106,9 @@ if ($action eq 'approve') {
           else { push(@unapproved, $quipid); }
       }
    }
-    SendSQL("UPDATE quips SET approved = 1 WHERE quipid IN (" .
+    $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
            join(",", @approved) . ")") if($#approved > -1);
-    SendSQL("UPDATE quips SET approved = 0 WHERE quipid IN (" .
+    $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
            join(",", @unapproved) . ")") if($#unapproved > -1);
    $vars->{ 'approved' }   = \@approved;
    $vars->{ 'unapproved' } = \@unapproved;
@@ -120,9 +123,10 @@ if ($action eq "delete") {
    ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; 
    $quipid = $1;

-    SendSQL("SELECT quip FROM quips WHERE quipid = $quipid");
-    $vars->{'deleted_quip'} = FetchSQLData();
-    SendSQL("DELETE FROM quips WHERE quipid = $quipid");
+    ($vars->{'deleted_quip'}) = $dbh->selectrow_array(
+                                    "SELECT quip FROM quips WHERE quipid = ?",
+                                    undef, $quipid);
+    $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
 }

 print $cgi->header();

--- a/report.cgi
+++ b/report.cgi
@@ -35,6 +35,7 @@ my $cgi = Bugzilla->cgi;
 my $template = Bugzilla->template;
 my $vars = {};
 my $buffer = $cgi->query_string();
+my $dbh = Bugzilla->dbh;

 # Go straight back to query.cgi if we are adding a boolean chart.
 if (grep(/^cmd-/, $cgi->param())) {
@@ -149,7 +150,7 @@ my $query = $search->getSQL();
 $::SIG{TERM} = 'DEFAULT';
 $::SIG{PIPE} = 'DEFAULT';

-SendSQL($query);
+my $results = $dbh->selectall_arrayref($query);

 # We have a hash of hashes for the data itself, and a hash to hold the 
 # row/col/table names.
@@ -165,8 +166,8 @@ my $col_isnumeric = 1;
 my $row_isnumeric = 1;
 my $tbl_isnumeric = 1;

-while (MoreSQLData()) {
-    my ($row, $col, $tbl) = FetchSQLData();
+foreach my $result (@$results) {
+    my ($row, $col, $tbl) = @$result;

    # handle empty dimension member names
    $row = ' ' if ($row eq '');

--- a/request.cgi
+++ b/request.cgi
@@ -157,14 +157,17 @@ sub queue {
    
    # Filter results by exact email address of requester or requestee.
    if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
-        push(@criteria, $dbh->sql_istrcmp('requesters.login_name',
-                                          SqlQuote($cgi->param('requester'))));
+        my $requester = $dbh->quote($cgi->param('requester'));
+        trick_taint($requester); # Quoted above
+        push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
        push(@excluded_columns, 'requester') unless $cgi->param('do_union');
    }
    if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
        if ($cgi->param('requestee') ne "-") {
+            my $requestee = $dbh->quote($cgi->param('requestee'));
+            trick_taint($requestee); # Quoted above
            push(@criteria, $dbh->sql_istrcmp('requestees.login_name',
-                            SqlQuote($cgi->param('requestee'))));
+                            $requestee));
        }
        else { push(@criteria, "flags.requestee_id IS NULL") }
        push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
@@ -203,8 +206,10 @@ sub queue {
            }
        }
        if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
-        
-        push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
+
+        my $quoted_form_type = $dbh->quote($form_type);
+        trick_taint($quoted_form_type); # Already SQL quoted
+        push(@criteria, "flagtypes.name = " . $quoted_form_type);
        push(@excluded_columns, 'type') unless $cgi->param('do_union');
    }
    
@@ -252,10 +257,10 @@ sub queue {
    $vars->{'query'} = $query;
    $vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
    
-    SendSQL($query);
+    my $results = $dbh->selectall_arrayref($query);
    my @requests = ();
-    while (MoreSQLData()) {
-        my @data = FetchSQLData();
+    foreach my $result (@$results) {
+        my @data = @$result;
        my $request = {
          'id'              => $data[0] , 
          'type'            => $data[1] , 
@@ -274,8 +279,9 @@ sub queue {

    # Get a list of request type names to use in the filter form.
    my @types = ("all");
-    SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
-    push(@types, FetchOneColumn()) while MoreSQLData();
+    my $flagtypes = $dbh->selectcol_arrayref(
+                         "SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
+    push(@types, @$flagtypes);
    
    $vars->{'products'} = $user->get_selectable_products;
    $vars->{'excluded_columns'} = \@excluded_columns;

--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -36,6 +36,7 @@ require "globals.pl";
 Bugzilla->login();

 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

@@ -122,10 +123,11 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey]
 my %baselist;

 if ($cgi->param('doall')) {
-    SendSQL("SELECT blocked, dependson FROM dependencies");
+    my $dependencies = $dbh->selectall_arrayref(
+                           "SELECT blocked, dependson FROM dependencies");

-    while (MoreSQLData()) {
-        my ($blocked, $dependson) = FetchSQLData();
+    foreach my $dependency (@$dependencies) {
+        my ($blocked, $dependson) = @$dependency;
        AddLink($blocked, $dependson, $fh);
    }
 } else {
@@ -136,12 +138,14 @@ if ($cgi->param('doall')) {
    }

    my @stack = keys(%baselist);
+    my $sth = $dbh->prepare(
+                  q{SELECT blocked, dependson
+                      FROM dependencies
+                     WHERE blocked = ? or dependson = ?});
    foreach my $id (@stack) {
-        SendSQL("SELECT blocked, dependson 
-                 FROM   dependencies 
-                 WHERE  blocked = $id or dependson = $id");
-        while (MoreSQLData()) {
-            my ($blocked, $dependson) = FetchSQLData();
+        my $dependencies = $dbh->selectall_arrayref($sth, undef, ($id, $id));
+        foreach my $dependency (@$dependencies) {
+            my ($blocked, $dependson) = @$dependency;
            if ($blocked != $id && !exists $seen{$blocked}) {
                push @stack, $blocked;
            }
@@ -159,16 +163,13 @@ if ($cgi->param('doall')) {
    }
 }

+my $sth = $dbh->prepare(
+              q{SELECT bug_status, resolution, short_desc
+                  FROM bugs
+                 WHERE bugs.bug_id = ?});
 foreach my $k (keys(%seen)) {
-    my $summary = "";
-    my $stat;
-    my $resolution;
-
    # Retrieve bug information from the database
- 
-    SendSQL("SELECT bug_status, resolution, short_desc FROM bugs " .
-            "WHERE bugs.bug_id = $k");
-    ($stat, $resolution, $summary) = FetchSQLData();
+    my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
    $stat ||= 'NEW';
    $resolution ||= '';
    $summary ||= '';

--- a/showdependencytree.cgi
+++ b/showdependencytree.cgi
@@ -33,6 +33,7 @@ use Bugzilla::Bug;
 Bugzilla->login();

 my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

@@ -145,27 +146,26 @@ sub GetBug {
    # Retrieves the necessary information about a bug, stores it in the bug cache,
    # and returns it to the calling code.
    my ($id) = @_;
-    
+    my $dbh = Bugzilla->dbh;
+
    my $bug = {};
    if (Bugzilla->user->can_see_bug($id)) {
-        SendSQL("SELECT 1, 
+        ($bug->{'exists'},
+         $bug->{'status'},
+         $bug->{'summary'},
+         $bug->{'milestone'},
+         $bug->{'assignee_id'},
+         $bug->{'assignee_email'}) = $dbh->selectrow_array(
+                "SELECT 1,
                        bug_status, 
                        short_desc, 
                        $milestone_column, 
                        assignee.userid, 
                        assignee.login_name
-                 FROM   bugs
+                   FROM bugs
             INNER JOIN profiles AS assignee
                     ON bugs.assigned_to = assignee.userid
-                  WHERE bugs.bug_id = $id");
-
-
-        ($bug->{'exists'}, 
-         $bug->{'status'}, 
-         $bug->{'summary'}, 
-         $bug->{'milestone'}, 
-         $bug->{'assignee_id'}, 
-         $bug->{'assignee_email'}) = FetchSQLData();
+                  WHERE bugs.bug_id = ?", undef, $id);
     }
    
    $bug->{'open'} = $bug->{'exists'} && IsOpenedState($bug->{'status'});
@@ -176,19 +176,17 @@ sub GetBug {

 sub GetDependencies {
    # Returns a list of dependencies for a given bug.
-    
    my ($id, $relationship) = @_;
-    
+    my $dbh = Bugzilla->dbh;
+
    my $bug_type = ($relationship eq "blocked") ? "dependson" : "blocked";
    
-    SendSQL("  SELECT $relationship 
+    my $dependencies = $dbh->selectcol_arrayref(
+              "SELECT $relationship
                 FROM dependencies 
-                WHERE $bug_type = $id 
-             ORDER BY $relationship");
-    
-    my @dependencies = ();
-    push(@dependencies, FetchOneColumn()) while MoreSQLData();
+                WHERE $bug_type = ?
+             ORDER BY $relationship", undef, $id);
    
-    return @dependencies;
+    return @$dependencies;
 }