summaryrefslogtreecommitdiffstats
path: root/buglist.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-04-17 20:36:10 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2012-04-17 20:36:10 +0200
commit3b2fcf526e02c1d74f88b567083a9be371d5a607 (patch)
treed80418eb22797f179b47743127663e88338eadc7 /buglist.cgi
parentb1779f28a5f15f7ad39855e07a27fcda19b8d3f1 (diff)
downloadbugzilla-3b2fcf526e02c1d74f88b567083a9be371d5a607.tar.gz
bugzilla-3b2fcf526e02c1d74f88b567083a9be371d5a607.tar.xz
Bug 745320: Shared queries do not work when tags are part of the query
r=dkl a=LpSolit
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-xbuglist.cgi13
1 files changed, 9 insertions, 4 deletions
diff --git a/buglist.cgi b/buglist.cgi
index 3e7aadf2c..79bf94381 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -211,7 +211,9 @@ sub LookupNamedQuery {
$query->url
|| ThrowUserError("buglist_parameters_required");
- return wantarray ? ($query->url, $query->id) : $query->url;
+ # Detaint $sharer_id.
+ $sharer_id = $query->user->id if $sharer_id;
+ return wantarray ? ($query->url, $query->id, $sharer_id) : $query->url;
}
# Inserts a Named Query (a "Saved Search") into the database, or
@@ -330,6 +332,7 @@ sub _close_standby_message {
my $cmdtype = $cgi->param('cmdtype') || '';
my $remaction = $cgi->param('remaction') || '';
+my $sharer_id;
# Backwards-compatibility - the old interface had cmdtype="runnamed" to run
# a named command, and we can't break this because it's in bookmarks.
@@ -366,8 +369,9 @@ $filename =~ s/"/\\"/g; # escape quotes
if ($cmdtype eq "dorem") {
if ($remaction eq "run") {
my $query_id;
- ($buffer, $query_id) = LookupNamedQuery(scalar $cgi->param("namedcmd"),
- scalar $cgi->param('sharer_id'));
+ ($buffer, $query_id, $sharer_id) =
+ LookupNamedQuery(scalar $cgi->param("namedcmd"),
+ scalar $cgi->param('sharer_id'));
# If this is the user's own query, remember information about it
# so that it can be modified easily.
$vars->{'searchname'} = $cgi->param('namedcmd');
@@ -727,7 +731,8 @@ if ($format->{'extension'} eq 'html' && !defined $params->param('limit')) {
# Generate the basic SQL query that will be used to generate the bug list.
my $search = new Bugzilla::Search('fields' => \@selectcolumns,
'params' => scalar $params->Vars,
- 'order' => \@order_columns);
+ 'order' => \@order_columns,
+ 'sharer' => $sharer_id);
my $query = $search->sql;
$vars->{'search_description'} = $search->search_description;
$order = join(',', $search->order);