diff options
| author | kiko%async.com.br <> | 2004-07-23 02:48:37 +0200 |
|---|---|---|
| committer | kiko%async.com.br <> | 2004-07-23 02:48:37 +0200 |
| commit | 28fa2f54b2c400ff2067a7e76f1af5f7d361908b (patch) | |
| tree | d3994ba52e8825d2bd5756734335977f0ef50f90 | |
| parent | effe8d6362e02436673ae80c019a13769dd424cb (diff) | |
| download | bugzilla-28fa2f54b2c400ff2067a7e76f1af5f7d361908b.tar.gz bugzilla-28fa2f54b2c400ff2067a7e76f1af5f7d361908b.tar.xz | |
Fix for bug 252159: centralize time validation. Adds a ValidateTime
function to Bugzilla::Bug and uses it in relevant callsites. Patch by
Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>. r=kiko, a=justdave.
| -rwxr-xr-x | Bugzilla/Bug.pm | 8 | ||||
| -rwxr-xr-x | post_bug.cgi | 8 | ||||
| -rwxr-xr-x | process_bug.cgi | 17 |
3 files changed, 14 insertions, 19 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index f1a1cf341..a09e7a906 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -42,6 +42,7 @@ use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::User; use Bugzilla::Util; +use Bugzilla::Error; sub fields { # Keep this ordering in sync with bugzilla.dtd @@ -489,6 +490,13 @@ sub EmitDependList { return @list; } +sub ValidateTime{ + my ($time, $field) = @_; + if ($time > 99999.99 || $time < 0 || !($time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/)){ + ThrowUserError("need_positive_number", {field => "$field"}, 1); + } + } + sub AUTOLOAD { use vars qw($AUTOLOAD); my $attr = $AUTOLOAD; diff --git a/post_bug.cgi b/post_bug.cgi index a751a66a6..94533e38d 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) && defined $::FORM{'estimated_time'}) { my $est_time = $::FORM{'estimated_time'}; - if ($est_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) { - $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time); - } else { - ThrowUserError("need_positive_number", - { field => 'estimated_time' }); - } + Bugzilla::Bug::ValidateTime($est_time, 'estimated_time'); + $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time); } else { $sql .= "0, 0"; } diff --git a/process_bug.cgi b/process_bug.cgi index 6ed12ba5c..40a1764ea 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) { if (defined $::FORM{$field}) { my $er_time = trim($::FORM{$field}); if ($er_time ne $::FORM{'dontchange'}) { - if ($er_time > 99999.99) { - ThrowUserError("value_out_of_range", {field => $field}); - } - if ($er_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) { - DoComma(); - $::query .= "$field = " . SqlQuote($er_time); - } else { - ThrowUserError("need_positive_number", - {field => $field}); - } + Bugzilla::Bug::ValidateTime($er_time, $field); + DoComma(); + $::query .= "$field = " . SqlQuote($er_time); } } } @@ -1274,9 +1267,7 @@ foreach my $id (@idlist) { delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup')); - if ($::FORM{'work_time'} && $::FORM{'work_time'} > 99999.99) { - ThrowUserError("value_out_of_range", {field => 'work_time'}); - } + Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time'); if ($::FORM{'comment'} || $::FORM{'work_time'}) { if ($::FORM{'work_time'} && (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) { |