summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkiko%async.com.br <>2004-07-29 11:59:11 +0200
committerkiko%async.com.br <>2004-07-29 11:59:11 +0200
commit980caddf38bcd69700711c6e538844607a6162b9 (patch)
tree9f8e5a2ecab77c7cae799901076800b39a64b671
parentba16c04e08ac7c92b37657f56775db2cde2fc634 (diff)
downloadbugzilla-980caddf38bcd69700711c6e538844607a6162b9.tar.gz
bugzilla-980caddf38bcd69700711c6e538844607a6162b9.tar.xz
Fix for bug 252789: Empty timetrackinggroup causes error "hours worked
needs to be positive" when changing bug. Sanitizing the AddComment bits in process_bug.cgi to only touch work_time if user is in timetrackinggroup. Fixes regression introduced in bug 252159. r=jouni,joel; a=justdave.
-rwxr-xr-xprocess_bug.cgi37
1 files changed, 22 insertions, 15 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 40a1764ea..93d90c996 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -1262,28 +1262,35 @@ foreach my $id (@idlist) {
}
}
+ #
+ # Start updating the relevant database entries
+ #
+
SendSQL("select now()");
$timestamp = FetchOneColumn();
- delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup'));
-
- Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time');
- if ($::FORM{'comment'} || $::FORM{'work_time'}) {
- if ($::FORM{'work_time'} &&
- (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) {
- SendSQL("UNLOCK TABLES");
- ThrowUserError('comment_required');
- } else {
- AppendComment($id, Bugzilla->user->login, $::FORM{'comment'},
- $::FORM{'commentprivacy'}, $timestamp, $::FORM{'work_time'});
- if ($::FORM{'work_time'}) {
- LogActivityEntry($id, "work_time", "", $::FORM{'work_time'},
- $whoid, $timestamp);
+ my $work_time;
+ if (UserInGroup(Param('timetrackinggroup'))) {
+ $work_time = $::FORM{'work_time'};
+ if ($work_time) {
+ if (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/) {
+ ThrowUserError('comment_required', undef, "abort");
}
- $bug_changed = 1;
+ Bugzilla::Bug::ValidateTime($work_time, 'work_time');
+ # AppendComment (called below) can in theory raise an error,
+ # but because we've already validated work_time here it's
+ # safe to log the entry before adding the comment.
+ LogActivityEntry($id, "work_time", "", $::FORM{'work_time'},
+ $whoid, $timestamp);
}
}
+ if ($::FORM{'comment'} || $work_time) {
+ AppendComment($id, Bugzilla->user->login, $::FORM{'comment'},
+ $::FORM{'commentprivacy'}, $timestamp, $work_time);
+ $bug_changed = 1;
+ }
+
if (@::legal_keywords) {
# There are three kinds of "keywordsaction": makeexact, add, delete.
# For makeexact, we delete everything, and then add our things.