diff options
-rw-r--r-- | Bugzilla/Config.pm | 5 | ||||
-rw-r--r-- | Bugzilla/Config/Query.pm | 2 | ||||
-rw-r--r-- | Bugzilla/Search.pm | 5 | ||||
-rwxr-xr-x | buglist.cgi | 2 | ||||
-rwxr-xr-x | collectstats.pl | 1 | ||||
-rw-r--r-- | template/en/default/admin/params/query.html.tmpl | 11 | ||||
-rw-r--r-- | template/en/default/global/messages.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/search/search-specific.html.tmpl | 2 | ||||
-rwxr-xr-x | whine.pl | 10 |
9 files changed, 35 insertions, 7 deletions
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm index c247a072a..990fd8dd2 100644 --- a/Bugzilla/Config.pm +++ b/Bugzilla/Config.pm @@ -193,6 +193,11 @@ sub update_params { $new_params{'ssl_redirect'} = 1; } + # "specific_search_allow_empty_words" has been renamed to "search_allow_no_criteria". + if (exists $param->{'specific_search_allow_empty_words'}) { + $new_params{'search_allow_no_criteria'} = $param->{'specific_search_allow_empty_words'}; + } + # --- DEFAULTS FOR NEW PARAMS --- _load_params unless %params; diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm index 17a74998e..4038c13ef 100644 --- a/Bugzilla/Config/Query.pm +++ b/Bugzilla/Config/Query.pm @@ -68,7 +68,7 @@ sub get_param_list { }, { - name => 'specific_search_allow_empty_words', + name => 'search_allow_no_criteria', type => 'b', default => 1 }, diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index d47e0ae99..6bbf4ab42 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -1168,6 +1168,11 @@ sub _sql_where { if ($clause_sql) { $where .= "\n AND " . $clause_sql; } + elsif (!Bugzilla->params->{'search_allow_no_criteria'} + && !$self->{allow_unlimited}) + { + ThrowUserError('buglist_parameters_required'); + } return $where; } diff --git a/buglist.cgi b/buglist.cgi index bf8b443e6..85a8ae760 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -82,7 +82,7 @@ if (defined($searchstring)) { # If configured to not allow empty words, reject empty searches from the # Find a Specific Bug search form, including words being a single or # several consecutive whitespaces only. -if (!Bugzilla->params->{'specific_search_allow_empty_words'} +if (!Bugzilla->params->{'search_allow_no_criteria'} && defined($cgi->param('content')) && $cgi->param('content') =~ /^\s*$/) { ThrowUserError("buglist_parameters_required"); diff --git a/collectstats.pl b/collectstats.pl index 26bead6ab..007669fad 100755 --- a/collectstats.pl +++ b/collectstats.pl @@ -507,6 +507,7 @@ sub CollectSeriesData { eval { my $search = new Bugzilla::Search('params' => scalar $cgi->Vars, 'fields' => ["bug_id"], + 'allow_unlimited' => 1, 'user' => $user); my $sql = $search->sql; $data = $shadow_dbh->selectall_arrayref($sql); diff --git a/template/en/default/admin/params/query.html.tmpl b/template/en/default/admin/params/query.html.tmpl index d8f5f0c42..255c75a6b 100644 --- a/template/en/default/admin/params/query.html.tmpl +++ b/template/en/default/admin/params/query.html.tmpl @@ -51,9 +51,14 @@ "access the advanced query page. It's in URL parameter " _ "format, which makes it hard to read. Sorry!", - specific_search_allow_empty_words => - "Whether to allow a search on the 'Simple Search' page with an empty" - _ " 'Words' field.", + search_allow_no_criteria => + "Unless the code explicitly allows all $terms.bugs to be returned, this " _ + "parameter permits to block the execution of queries with no criteria. " _ + "When turned off, a query must have some criteria specified to limit " _ + "the number of $terms.bugs returned to the user. When turned on, a user " _ + "is allowed to run a query with no criteria and get all $terms.bugs he can " _ + "see in his list. Turning this parameter on is not recommended on large " _ + "installations.", default_search_limit => "By default, $terms.Bugzilla limits searches done in the web" diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 6e24198dd..2567d4a7a 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -924,6 +924,10 @@ No changes made to version <em>[% version.name FILTER html %]</em>. [% END %] + [% ELSIF message_tag == "whine_query_failed" %] + The query '[% query_name FILTER html %]' from [% author.login FILTER html %] + failed: [% reason FILTER html %] + [% ELSIF message_tag == "workflow_updated" %] The workflow has been updated. [% END %] diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl index 31d950ec5..9ef299425 100644 --- a/template/en/default/search/search-specific.html.tmpl +++ b/template/en/default/search/search-specific.html.tmpl @@ -110,7 +110,7 @@ for "crash secure SSL flash". <td></td> <td> - [% IF Param('specific_search_allow_empty_words') %] + [% IF Param('search_allow_no_criteria') %] <input type="submit" id="search" value="Search"> [% ELSE %] <input type="submit" id="search" value="Search" @@ -452,7 +452,15 @@ sub run_queries { 'params' => scalar $searchparams->Vars, 'user' => $args->{'recipient'}, # the search runs as the recipient ); - my $sqlquery = $search->sql; + # If a query fails for whatever reason, it shouldn't kill the script. + my $sqlquery = eval { $search->sql }; + if ($@) { + print get_text('whine_query_failed', { query_name => $thisquery->{'name'}, + author => $args->{'author'}, + reason => $@ }) . "\n"; + next; + } + $sth = $dbh->prepare($sqlquery); $sth->execute; |