summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xBugzilla/Bug.pm46
-rw-r--r--CGI.pl45
-rwxr-xr-xshowdependencygraph.cgi1
-rwxr-xr-xshowdependencytree.cgi1
4 files changed, 47 insertions, 46 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 32030a7c2..a82df3b69 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -50,7 +50,7 @@ use Bugzilla::Error;
use base qw(Exporter);
@Bugzilla::Bug::EXPORT = qw(
AppendComment ValidateComment
- bug_alias_to_id ValidateBugAlias
+ bug_alias_to_id ValidateBugAlias ValidateBugID
RemoveVotes CheckIfVotedConfirmed
);
@@ -1102,6 +1102,50 @@ sub CheckIfVotedConfirmed {
# Field Validation
#
+# Validates and verifies a bug ID, making sure the number is a
+# positive integer, that it represents an existing bug in the
+# database, and that the user is authorized to access that bug.
+# We detaint the number here, too.
+sub ValidateBugID {
+ my ($id, $field) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
+ # Get rid of white-space around the ID.
+ $id = trim($id);
+
+ # If the ID isn't a number, it might be an alias, so try to convert it.
+ my $alias = $id;
+ if (!detaint_natural($id)) {
+ $id = bug_alias_to_id($alias);
+ $id || ThrowUserError("invalid_bug_id_or_alias",
+ {'bug_id' => $alias,
+ 'field' => $field });
+ }
+
+ # Modify the calling code's original variable to contain the trimmed,
+ # converted-from-alias ID.
+ $_[0] = $id;
+
+ # First check that the bug exists
+ $dbh->selectrow_array("SELECT bug_id FROM bugs WHERE bug_id = ?", undef, $id)
+ || ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
+
+ return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
+
+ return if $user->can_see_bug($id);
+
+ # The user did not pass any of the authorization tests, which means they
+ # are not authorized to see the bug. Display an error and stop execution.
+ # The error the user sees depends on whether or not they are logged in
+ # (i.e. $user->id contains the user's positive integer ID).
+ if ($user->id) {
+ ThrowUserError("bug_access_denied", {'bug_id' => $id});
+ } else {
+ ThrowUserError("bug_access_query", {'bug_id' => $id});
+ }
+}
+
# ValidateBugAlias:
# Check that the bug alias is valid and not used by another bug. If
# curr_id is specified, verify the alias is not used for any other
diff --git a/CGI.pl b/CGI.pl
index 78ef20fef..539ef589b 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -107,51 +107,6 @@ sub CheckFormFieldDefined ($$) {
}
}
-sub ValidateBugID {
- # Validates and verifies a bug ID, making sure the number is a
- # positive integer, that it represents an existing bug in the
- # database, and that the user is authorized to access that bug.
- # We detaint the number here, too
-
- my ($id, $field) = @_;
-
- # Get rid of white-space around the ID.
- $id = trim($id);
-
- # If the ID isn't a number, it might be an alias, so try to convert it.
- my $alias = $id;
- if (!detaint_natural($id)) {
- $id = bug_alias_to_id($alias);
- $id || ThrowUserError("invalid_bug_id_or_alias",
- {'bug_id' => $alias,
- 'field' => $field });
- }
-
- # Modify the calling code's original variable to contain the trimmed,
- # converted-from-alias ID.
- $_[0] = $id;
-
- # First check that the bug exists
- SendSQL("SELECT bug_id FROM bugs WHERE bug_id = $id");
-
- FetchOneColumn()
- || ThrowUserError("invalid_bug_id_non_existent", {'bug_id' => $id});
-
- return if (defined $field && ($field eq "dependson" || $field eq "blocked"));
-
- return if Bugzilla->user->can_see_bug($id);
-
- # The user did not pass any of the authorization tests, which means they
- # are not authorized to see the bug. Display an error and stop execution.
- # The error the user sees depends on whether or not they are logged in
- # (i.e. $::userid contains the user's positive integer ID).
- if ($::userid) {
- ThrowUserError("bug_access_denied", {'bug_id' => $id});
- } else {
- ThrowUserError("bug_access_query", {'bug_id' => $id});
- }
-}
-
sub CheckEmailSyntax {
my ($addr) = (@_);
my $match = Param('emailregexp');
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 9591a284d..8a6aad925 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -30,6 +30,7 @@ use Bugzilla;
use Bugzilla::Config qw(:DEFAULT $webdotdir);
use Bugzilla::Util;
use Bugzilla::BugMail;
+use Bugzilla::Bug;
require "CGI.pl";
diff --git a/showdependencytree.cgi b/showdependencytree.cgi
index 76ef0ddee..e473357d1 100755
--- a/showdependencytree.cgi
+++ b/showdependencytree.cgi
@@ -28,6 +28,7 @@ use strict;
use lib qw(.);
require "CGI.pl";
use Bugzilla::User;
+use Bugzilla::Bug;
# Use global template variables.
use vars qw($template $vars);