diff options
author | mkanat%bugzilla.org <> | 2008-06-30 04:57:54 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2008-06-30 04:57:54 +0200 |
commit | c1ca86053ed276aa05eac8468cea61785629ac5e (patch) | |
tree | 836d5cae869dc47008b16bccb1de47320a36fcc8 /attachment.cgi | |
parent | 9ed763d945ffe2a468871d4731f3bd001caab21c (diff) | |
download | bugzilla-c1ca86053ed276aa05eac8468cea61785629ac5e.tar.gz bugzilla-c1ca86053ed276aa05eac8468cea61785629ac5e.tar.xz |
Bug 440612 â Use Bugzilla::Bug->check everywhere instead of ValidateBugID
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/attachment.cgi b/attachment.cgi index 2520c0032..c28a300a0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -165,8 +165,10 @@ sub validateID { || ThrowUserError("invalid_attach_id", { attach_id => $attach_id }); # Make sure the user is authorized to access this attachment's bug. - ValidateBugID($attachment->bug_id); - if ($attachment->isprivate && $user->id != $attachment->attacher->id && !$user->is_insider) { + Bugzilla::Bug->check($attachment->bug_id); + if ($attachment->isprivate && $user->id != $attachment->attacher->id + && !$user->is_insider) + { ThrowUserError('auth_failure', {action => 'access', object => 'attachment'}); } @@ -281,9 +283,8 @@ sub diff { # HTML page. sub viewall { # Retrieve and validate parameters - my $bugid = $cgi->param('bugid'); - ValidateBugID($bugid); - my $bug = new Bugzilla::Bug($bugid); + my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); + my $bugid = $bug->id; my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid); @@ -301,13 +302,12 @@ sub viewall { # Display a form for entering a new attachment. sub enter { # Retrieve and validate parameters - my $bugid = $cgi->param('bugid'); - ValidateBugID($bugid); + my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); + my $bugid = $bug->id; validateCanChangeBug($bugid); my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; - my $bug = new Bugzilla::Bug($bugid, $user->id); # Retrieve the attachments the user can edit from the database and write # them into an array of hashes where each hash represents one attachment. my $canEdit = ""; @@ -344,8 +344,8 @@ sub insert { $dbh->bz_start_transaction; # Retrieve and validate parameters - my $bugid = $cgi->param('bugid'); - ValidateBugID($bugid); + my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid')); + my $bugid = $bug->id; validateCanChangeBug($bugid); my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()"); @@ -373,7 +373,6 @@ sub insert { } } - my $bug = new Bugzilla::Bug($bugid); my $attachment = Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user, $timestamp, $vars); |