summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Bug.pm102
1 files changed, 49 insertions, 53 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 99fd8742c..c549c4ed6 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -239,6 +239,11 @@ sub new {
my $class = ref($invocant) || $invocant;
my $param = shift;
+ # Remove leading "#" mark if we've just been passed an id.
+ if (!ref $param && $param =~ /^#(\d+)$/) {
+ $param = $1;
+ }
+
# If we get something that looks like a word (not a number),
# make it the "name" param.
if (!defined $param || (!ref($param) && $param !~ /^\d+$/)) {
@@ -263,9 +268,15 @@ sub new {
# if the bug wasn't found in the database.
if (!$self) {
my $error_self = {};
+ if (ref $param) {
+ $error_self->{bug_id} = $param->{name};
+ $error_self->{error} = 'InvalidBugId';
+ }
+ else {
+ $error_self->{bug_id} = $param;
+ $error_self->{error} = 'NotFound';
+ }
bless $error_self, $class;
- $error_self->{'bug_id'} = ref($param) ? $param->{name} : $param;
- $error_self->{'error'} = 'NotFound';
return $error_self;
}
@@ -274,10 +285,41 @@ sub new {
sub check {
my $class = shift;
- # XXX At some point we will eliminate ValidateBugID and make this
- # method more efficient.
- ValidateBugID(@_);
- my $self = $class->new(@_);
+ my ($id, $field) = @_;
+
+ # Bugzilla::Bug throws lots of special errors, so we don't call
+ # SUPER::check, we just call our new and do our own checks.
+ my $self = $class->new(trim($id));
+ # For error messages, use the id that was returned by new(), because
+ # it's cleaned up.
+ $id = $self->id;
+
+ if ($self->{error}) {
+ if ($self->{error} eq 'NotFound') {
+ ThrowUserError("bug_id_does_not_exist", { bug_id => $id });
+ }
+ if ($self->{error} eq 'InvalidBugId') {
+ ThrowUserError("improper_bug_id_field_value",
+ { bug_id => $id,
+ field => $field });
+ }
+ }
+
+ # XXX This hack needs to go away.
+ return $self if (defined $field
+ && ($field eq "dependson" || $field eq "blocked"));
+
+ my $user = Bugzilla->user;
+ if (!$user->can_see_bug($id)) {
+ # The error the user sees depends on whether or not they are
+ # logged in (i.e. $user->id contains the user's positive integer ID).
+ if ($user->id) {
+ ThrowUserError("bug_access_denied", { bug_id => $id });
+ } else {
+ ThrowUserError("bug_access_query", { bug_id => $id });
+ }
+ }
+
return $self;
}
@@ -2820,7 +2862,7 @@ sub format_comment {
}
# Get the activity of a bug, starting from $starttime (if given).
-# This routine assumes ValidateBugID has been previously called.
+# This routine assumes Bugzilla::Bug->check has been previously called.
sub GetBugActivity {
my ($bug_id, $attach_id, $starttime) = @_;
my $dbh = Bugzilla->dbh;
@@ -3277,52 +3319,6 @@ sub check_can_change_field {
# Field Validation
#
-# Validates and verifies a bug ID, making sure the number is a
-# positive integer, that it represents an existing bug in the
-# database, and that the user is authorized to access that bug.
-# We detaint the number here, too.
-sub ValidateBugID {
- my ($id, $field) = @_;
- my $dbh = Bugzilla->dbh;
- my $user = Bugzilla->user;
-
- # Get rid of leading '#' (number) mark, if present.
- $id =~ s/^\s*#//;
- # Remove whitespace
- $id = trim($id);
-
- # If the ID isn't a number, it might be an alias, so try to convert it.
- my $alias = $id;
- if (!detaint_natural($id)) {
- $id = bug_alias_to_id($alias);
- $id || ThrowUserError("improper_bug_id_field_value",
- {'bug_id' => $alias,
- 'field' => $field });
- }
-
- # Modify the calling code's original variable to contain the trimmed,
- # converted-from-alias ID.
- $_[0] = $id;
-
- # First check that the bug exists
- $dbh->selectrow_array("SELECT bug_id FROM bugs WHERE bug_id = ?", undef, $id)
- || ThrowUserError("bug_id_does_not_exist", {'bug_id' => $id});
-
- return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
-
- return if $user->can_see_bug($id);
-
- # The user did not pass any of the authorization tests, which means they
- # are not authorized to see the bug. Display an error and stop execution.
- # The error the user sees depends on whether or not they are logged in
- # (i.e. $user->id contains the user's positive integer ID).
- if ($user->id) {
- ThrowUserError("bug_access_denied", {'bug_id' => $id});
- } else {
- ThrowUserError("bug_access_query", {'bug_id' => $id});
- }
-}
-
# Validate and return a hash of dependencies
sub ValidateDependencies {
my $fields = {};