Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi, duplicates.cgi, quips.cgi, report.cgi, request.cgi and showdependency*.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk

author: lpsolit%gmail.com <> 2005-10-27 01:15:48 +0200
committer: lpsolit%gmail.com <> 2005-10-27 01:15:48 +0200
commit: f4915acec3dc0f746d068ba5c8019ed58df8bdfe (patch)
tree: 8914f41d7e2040beb5c962d2b9cfcff6bf7fdb55 /request.cgi
parent: ba7c33a6c05815453f8ca694f8aec3a6907720c9 (diff)
download: bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.gz
bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.xz
1 files changed, 16 insertions, 10 deletions
diff --git a/request.cgi b/request.cgi
index 5506f79ce..689615b32 100755
--- a/request.cgi
+++ b/request.cgi
@@ -157,14 +157,17 @@ sub queue {
     
     # Filter results by exact email address of requester or requestee.
     if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
-        push(@criteria, $dbh->sql_istrcmp('requesters.login_name',
-                                          SqlQuote($cgi->param('requester'))));
+        my $requester = $dbh->quote($cgi->param('requester'));
+        trick_taint($requester); # Quoted above
+        push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
         push(@excluded_columns, 'requester') unless $cgi->param('do_union');
     }
     if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
         if ($cgi->param('requestee') ne "-") {
+            my $requestee = $dbh->quote($cgi->param('requestee'));
+            trick_taint($requestee); # Quoted above
             push(@criteria, $dbh->sql_istrcmp('requestees.login_name',
-                            SqlQuote($cgi->param('requestee'))));
+                            $requestee));
         }
         else { push(@criteria, "flags.requestee_id IS NULL") }
         push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
@@ -203,8 +206,10 @@ sub queue {
             }
         }
         if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
-        
-        push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
+
+        my $quoted_form_type = $dbh->quote($form_type);
+        trick_taint($quoted_form_type); # Already SQL quoted
+        push(@criteria, "flagtypes.name = " . $quoted_form_type);
         push(@excluded_columns, 'type') unless $cgi->param('do_union');
     }
     
@@ -252,10 +257,10 @@ sub queue {
     $vars->{'query'} = $query;
     $vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
     
-    SendSQL($query);
+    my $results = $dbh->selectall_arrayref($query);
     my @requests = ();
-    while (MoreSQLData()) {
-        my @data = FetchSQLData();
+    foreach my $result (@$results) {
+        my @data = @$result;
         my $request = {
           'id'              => $data[0] , 
           'type'            => $data[1] , 
@@ -274,8 +279,9 @@ sub queue {
 
     # Get a list of request type names to use in the filter form.
     my @types = ("all");
-    SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
-    push(@types, FetchOneColumn()) while MoreSQLData();
+    my $flagtypes = $dbh->selectcol_arrayref(
+                         "SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
+    push(@types, @$flagtypes);
     
     $vars->{'products'} = $user->get_selectable_products;
     $vars->{'excluded_columns'} = \@excluded_columns;
author	lpsolit%gmail.com <>	2005-10-27 01:15:48 +0200
committer	lpsolit%gmail.com <>	2005-10-27 01:15:48 +0200
commit	f4915acec3dc0f746d068ba5c8019ed58df8bdfe (patch)
tree	8914f41d7e2040beb5c962d2b9cfcff6bf7fdb55 /request.cgi
parent	ba7c33a6c05815453f8ca694f8aec3a6907720c9 (diff)
download	bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.gz bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.xz