diff options
| author | bugreport%peshkin.net <> | 2004-07-06 10:12:29 +0200 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2004-07-06 10:12:29 +0200 |
| commit | 73fd49ff3bbff6244802ba548bb22c2be39014e1 (patch) | |
| tree | f7b78fde82e5557d604de9282d19c235dfc3dea1 /editproducts.cgi | |
| parent | 4ab7a75f97285207ceb8c4830406701b11819cbc (diff) | |
| download | bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.gz bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.xz | |
Bug 243463 Use a param to protect new charts from leaking information
r=justdave
a=justdave
Diffstat (limited to 'editproducts.cgi')
| -rwxr-xr-x | editproducts.cgi | 59 |
1 files changed, 32 insertions, 27 deletions
diff --git a/editproducts.cgi b/editproducts.cgi index 8cf9a309d..6d33c8080 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -271,6 +271,10 @@ if ($action eq 'add') { print "</TR><TR>\n"; print " <TH ALIGN=\"right\">Version:</TH>\n"; print " <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"version\" VALUE=\"unspecified\"></TD>\n"; + print "</TR><TR>\n"; + print " <TH ALIGN=\"right\">Create chart datasets for this product:</TH>\n"; + print " <TD><INPUT TYPE=CHECKBOX NAME=\"createseries\" VALUE=1></TD>"; + print "</TR>\n"; print "</TABLE>\n<HR>\n"; print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n"; @@ -389,36 +393,37 @@ if ($action eq 'new') { CONTROLMAPNA . ", 0)"); } - # Insert default charting queries for this product. - # If they aren't using charting, this won't do any harm. - GetVersionTable(); - - my @series; - - # We do every status, every resolution, and an "opened" one as well. - foreach my $bug_status (@::legal_bug_status) { - push(@series, [$bug_status, "bug_status=$bug_status"]); - } + if ($::FORM{createseries}) { + # Insert default charting queries for this product. + # If they aren't using charting, this won't do any harm. + GetVersionTable(); + + my @series; + + # We do every status, every resolution, and an "opened" one as well. + foreach my $bug_status (@::legal_bug_status) { + push(@series, [$bug_status, "bug_status=$bug_status"]); + } - foreach my $resolution (@::legal_resolution) { - next if !$resolution; - push(@series, [$resolution, "resolution=$resolution"]); - } + foreach my $resolution (@::legal_resolution) { + next if !$resolution; + push(@series, [$resolution, "resolution=$resolution"]); + } - # For localisation reasons, we get the name of the "global" subcategory - # and the title of the "open" query from the submitted form. - my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"); - my $query = join("&", map { "bug_status=$_" } @openedstatuses); - push(@series, [$::FORM{'open_name'}, $query]); - - foreach my $sdata (@series) { - my $series = new Bugzilla::Series(undef, $product, - $::FORM{'subcategory'}, - $sdata->[0], $::userid, 1, - $sdata->[1] . "&product=$product", 1); - $series->writeToDatabase(); + # For localisation reasons, we get the name of the "global" subcategory + # and the title of the "open" query from the submitted form. + my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"); + my $query = join("&", map { "bug_status=$_" } @openedstatuses); + push(@series, [$::FORM{'open_name'}, $query]); + + foreach my $sdata (@series) { + my $series = new Bugzilla::Series(undef, $product, + $::FORM{'subcategory'}, + $sdata->[0], $::userid, 1, + $sdata->[1] . "&product=$product", 1); + $series->writeToDatabase(); + } } - # Make versioncache flush unlink "$datadir/versioncache"; |