summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorTeemu Mannermaa <wicked@sci.fi>2011-11-30 10:44:15 +0100
committerTeemu Mannermaa <wicked@sci.fi>2011-11-30 10:44:15 +0100
commitf825a4dea5f21642a66a753019c3cd04a9f84028 (patch)
treebb35b1f94229e58c447ee81f7c51347505a02f9d /Bugzilla
parent67aa58df76f0977e8d6aade1b24fbecc26e5433e (diff)
downloadbugzilla-f825a4dea5f21642a66a753019c3cd04a9f84028.tar.gz
bugzilla-f825a4dea5f21642a66a753019c3cd04a9f84028.tar.xz
Bug 297382: Move sort order validation from buglist.cgi to Bugzilla::Search
r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Search.pm51
1 files changed, 44 insertions, 7 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 6bbf4ab42..e6682fcc4 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -738,6 +738,21 @@ sub boolean_charts_to_custom_search {
}
}
+sub invalid_order_columns {
+ my ($self) = @_;
+ my @invalid_columns;
+ foreach my $order ($self->_input_order) {
+ next if defined $self->_validate_order_column($order);
+ push(@invalid_columns, $order);
+ }
+ return \@invalid_columns;
+}
+
+sub order {
+ my ($self) = @_;
+ return $self->_valid_order;
+}
+
######################
# Internal Accessors #
######################
@@ -803,7 +818,7 @@ sub _extra_columns {
my ($self) = @_;
# Everything that's going to be in the ORDER BY must also be
# in the SELECT.
- $self->{extra_columns} ||= [ $self->_input_order_columns ];
+ $self->{extra_columns} ||= [ $self->_valid_order_columns ];
return @{ $self->{extra_columns} };
}
@@ -854,10 +869,32 @@ sub _sql_select {
# The "order" that was requested by the consumer, exactly as it was
# requested.
sub _input_order { @{ $_[0]->{'order'} || [] } }
-# The input order with just the column names, and no ASC or DESC.
-sub _input_order_columns {
+# Requested order with invalid values removed and old names translated
+sub _valid_order {
+ my ($self) = @_;
+ return map { ($self->_validate_order_column($_)) } $self->_input_order;
+}
+# The valid order with just the column names, and no ASC or DESC.
+sub _valid_order_columns {
my ($self) = @_;
- return map { (split_order_term($_))[0] } $self->_input_order;
+ return map { (split_order_term($_))[0] } $self->_valid_order;
+}
+
+sub _validate_order_column {
+ my ($self, $order_item) = @_;
+
+ # Translate old column names
+ my ($field, $direction) = split_order_term($order_item);
+ $field = translate_old_column($field);
+
+ # Only accept valid columns
+ return if (!exists COLUMNS->{$field});
+
+ # Relevance column can be used only with one or more fulltext searches
+ return if ($field eq 'relevance' && !COLUMNS->{$field}->{name});
+
+ $direction = " $direction" if $direction;
+ return "$field$direction";
}
# A hashref that describes all the special stuff that has to be done
@@ -889,7 +926,7 @@ sub _sql_order_by {
my ($self) = @_;
if (!$self->{sql_order_by}) {
my @order_by = map { $self->_translate_order_by_column($_) }
- $self->_input_order;
+ $self->_valid_order;
$self->{sql_order_by} = \@order_by;
}
return @{ $self->{sql_order_by} };
@@ -1033,7 +1070,7 @@ sub _select_order_joins {
my @column_join = $self->_column_join($field);
push(@joins, @column_join);
}
- foreach my $field ($self->_input_order_columns) {
+ foreach my $field ($self->_valid_order_columns) {
my $join_info = $self->_special_order->{$field}->{join};
if ($join_info) {
# Don't let callers modify SPECIAL_ORDER.
@@ -1196,7 +1233,7 @@ sub _sql_group_by {
# And all items from ORDER BY must be in the GROUP BY. The above loop
# doesn't catch items that were put into the ORDER BY from SPECIAL_ORDER.
- foreach my $column ($self->_input_order_columns) {
+ foreach my $column ($self->_valid_order_columns) {
my $special_order = $self->_special_order->{$column}->{order};
next if !$special_order;
push(@extra_group_by, @$special_order);