summaryrefslogtreecommitdiffstats
path: root/request.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-10-27 01:15:48 +0200
committerlpsolit%gmail.com <>2005-10-27 01:15:48 +0200
commitf4915acec3dc0f746d068ba5c8019ed58df8bdfe (patch)
tree8914f41d7e2040beb5c962d2b9cfcff6bf7fdb55 /request.cgi
parentba7c33a6c05815453f8ca694f8aec3a6907720c9 (diff)
downloadbugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.gz
bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.xz
Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi, duplicates.cgi, quips.cgi, report.cgi, request.cgi and showdependency*.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk
Diffstat (limited to 'request.cgi')
-rwxr-xr-xrequest.cgi26
1 files changed, 16 insertions, 10 deletions
diff --git a/request.cgi b/request.cgi
index 5506f79ce..689615b32 100755
--- a/request.cgi
+++ b/request.cgi
@@ -157,14 +157,17 @@ sub queue {
# Filter results by exact email address of requester or requestee.
if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
- push(@criteria, $dbh->sql_istrcmp('requesters.login_name',
- SqlQuote($cgi->param('requester'))));
+ my $requester = $dbh->quote($cgi->param('requester'));
+ trick_taint($requester); # Quoted above
+ push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
push(@excluded_columns, 'requester') unless $cgi->param('do_union');
}
if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
if ($cgi->param('requestee') ne "-") {
+ my $requestee = $dbh->quote($cgi->param('requestee'));
+ trick_taint($requestee); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requestees.login_name',
- SqlQuote($cgi->param('requestee'))));
+ $requestee));
}
else { push(@criteria, "flags.requestee_id IS NULL") }
push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
@@ -203,8 +206,10 @@ sub queue {
}
}
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
-
- push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
+
+ my $quoted_form_type = $dbh->quote($form_type);
+ trick_taint($quoted_form_type); # Already SQL quoted
+ push(@criteria, "flagtypes.name = " . $quoted_form_type);
push(@excluded_columns, 'type') unless $cgi->param('do_union');
}
@@ -252,10 +257,10 @@ sub queue {
$vars->{'query'} = $query;
$vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
- SendSQL($query);
+ my $results = $dbh->selectall_arrayref($query);
my @requests = ();
- while (MoreSQLData()) {
- my @data = FetchSQLData();
+ foreach my $result (@$results) {
+ my @data = @$result;
my $request = {
'id' => $data[0] ,
'type' => $data[1] ,
@@ -274,8 +279,9 @@ sub queue {
# Get a list of request type names to use in the filter form.
my @types = ("all");
- SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
- push(@types, FetchOneColumn()) while MoreSQLData();
+ my $flagtypes = $dbh->selectcol_arrayref(
+ "SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
+ push(@types, @$flagtypes);
$vars->{'products'} = $user->get_selectable_products;
$vars->{'excluded_columns'} = \@excluded_columns;