Fix for bug 238869: remove %FORM from votes.cgi. Does just that, free of

XXX comments. r=vladd,justdave; a=justdave. die %FORM die!
author: kiko%async.com.br <> 2004-04-14 03:34:59 +0200
committer: kiko%async.com.br <> 2004-04-14 03:34:59 +0200
commit: 48473317a3d97b6e1aa603ba31e3ea3763069b1c (patch)
tree: d60294bd2bf35d005034b427e467c100b110ced5 /votes.cgi
parent: 8607e9b32ae1ebc94e916b9b9dec471aa286abab (diff)
download: bugzilla-48473317a3d97b6e1aa603ba31e3ea3763069b1c.tar.gz
bugzilla-48473317a3d97b6e1aa603ba31e3ea3763069b1c.tar.xz
1 files changed, 22 insertions, 21 deletions
diff --git a/votes.cgi b/votes.cgi
index 937149b3d..057304048 100755
--- a/votes.cgi
+++ b/votes.cgi
@@ -44,11 +44,11 @@ my $cgi = Bugzilla->cgi;
 #
 # If no action is defined, we default to show_bug if a bug_id is given,
 # otherwise to show_user.
-my $action = $::FORM{'action'} || 
-                                 ($::FORM{'bug_id'} ? "show_bug" : "show_user");
+my $bug_id = $cgi->param('bug_id');
+my $action = $cgi->param('action') || ($bug_id ? "show_bug" : "show_user");
 
 if ($action eq "show_bug" ||
-    ($action eq "show_user" && defined($::FORM{'user'}))) 
+    ($action eq "show_user" && defined $cgi->param('user')))
 {
     Bugzilla->login();
 }
@@ -62,9 +62,8 @@ else {
 
 # Make sure the bug ID is a positive integer representing an existing
 # bug that the user is authorized to access.
-if (defined $::FORM{'bug_id'}) {
-  ValidateBugID($::FORM{'bug_id'});
-}
+
+ValidateBugID($bug_id) if defined $bug_id;
 
 ################################################################################
 # End Data/Security Validation
@@ -90,9 +89,8 @@ exit;
 sub show_bug {
     my $cgi = Bugzilla->cgi;
 
-    my $bug_id = $::FORM{'bug_id'} 
-      || ThrowCodeError("missing_bug_id");
-      
+    ThrowCodeError("missing_bug_id") unless defined $bug_id;
+
     my $total = 0;
     my @users;
     
@@ -124,9 +122,9 @@ sub show_user {
     my $cgi = Bugzilla->cgi;
 
     # If a bug_id is given, and we're editing, we'll add it to the votes list.
-    my $bug_id = $::FORM{'bug_id'} || "";
-        
-    my $name = $::FORM{'user'} || Bugzilla->user->login;
+    $bug_id ||= "";
+    
+    my $name = $cgi->param('user') || Bugzilla->user->login;
     my $who = DBNameToIdAndCheck($name);
     my $userid = Bugzilla->user ? Bugzilla->user->id : 0;
     
@@ -236,18 +234,19 @@ sub record_votes {
     # Build a list of bug IDs for which votes have been submitted.  Votes
     # are submitted in form fields in which the field names are the bug 
     # IDs and the field values are the number of votes.
-    my @buglist = grep {/^[1-9][0-9]*$/} keys(%::FORM);
+
+    my @buglist = grep {/^[1-9][0-9]*$/} $cgi->param();
 
     # If no bugs are in the buglist, let's make sure the user gets notified
     # that their votes will get nuked if they continue.
     if (scalar(@buglist) == 0) {
-        if (!defined($::FORM{'delete_all_votes'})) {
+        if (!defined $cgi->param('delete_all_votes')) {
             print $cgi->header();
             $template->process("bug/votes/delete-all.html.tmpl", $vars)
               || ThrowTemplateError($template->error());
             exit();
         }
-        elsif ($::FORM{'delete_all_votes'} == 0) {
+        elsif ($cgi->param('delete_all_votes') == 0) {
             print $cgi->redirect("votes.cgi");
             exit();
         }
@@ -258,9 +257,11 @@ sub record_votes {
     # to access, and make sure the number of votes submitted is also
     # a non-negative integer (a series of digits not preceded by a
     # minus sign).
+    my %votes;
     foreach my $id (@buglist) {
       ValidateBugID($id);
-      detaint_natural($::FORM{$id})
+      $votes{$id} = $cgi->param($id);
+      detaint_natural($votes{$id}) 
         || ThrowUserError("votes_must_be_nonnegative");
     }
 
@@ -285,14 +286,14 @@ sub record_votes {
         while (MoreSQLData()) {
             my ($id, $prod, $max) = FetchSQLData();
             $prodcount{$prod} ||= 0;
-            $prodcount{$prod} += $::FORM{$id};
+            $prodcount{$prod} += $votes{$id};
             
             # Make sure we haven't broken the votes-per-bug limit
-            ($::FORM{$id} <= $max)               
+            ($votes{$id} <= $max)               
               || ThrowUserError("too_many_votes_for_bug",
                                 {max => $max, 
                                  product => $prod, 
-                                 votes => $::FORM{$id}});
+                                 votes => $votes{$id}});
         }
 
         # Make sure we haven't broken the votes-per-product limit
@@ -326,9 +327,9 @@ sub record_votes {
     
     # Insert the new values in their place
     foreach my $id (@buglist) {
-        if ($::FORM{$id} > 0) {
+        if ($votes{$id} > 0) {
             SendSQL("INSERT INTO votes (who, bug_id, vote_count) 
-                     VALUES ($who, $id, $::FORM{$id})");
+                     VALUES ($who, $id, ".$votes{$id}.")");
         }
         
         $affected{$id} = 1;
author	kiko%async.com.br <>	2004-04-14 03:34:59 +0200
committer	kiko%async.com.br <>	2004-04-14 03:34:59 +0200
commit	48473317a3d97b6e1aa603ba31e3ea3763069b1c (patch)
tree	d60294bd2bf35d005034b427e467c100b110ced5 /votes.cgi
parent	8607e9b32ae1ebc94e916b9b9dec471aa286abab (diff)
download	bugzilla-48473317a3d97b6e1aa603ba31e3ea3763069b1c.tar.gz bugzilla-48473317a3d97b6e1aa603ba31e3ea3763069b1c.tar.xz