diff options
| -rwxr-xr-x | Bugzilla/Bug.pm | 34 | ||||
| -rwxr-xr-x | post_bug.cgi | 23 |
2 files changed, 36 insertions, 21 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 2f5d08bfe..97e6042be 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -341,6 +341,35 @@ sub _check_component { return $obj; } +# Takes two comma/space-separated strings and returns arrayrefs +# of valid bug IDs. +sub _check_dependencies { + my ($depends_on, $blocks) = @_; + + # Only editbugs users can set dependencies on bug entry. + return ([], []) unless Bugzilla->user->in_group('editbugs'); + + $depends_on ||= ''; + $blocks ||= ''; + + # Make sure all the bug_ids are valid. + my @results; + foreach my $string ($depends_on, $blocks) { + my @array = split(/[\s,]+/, $string); + # Eliminate nulls + @array = grep($_, @array); + # $field is not passed to ValidateBugID to prevent adding new + # dependencies on inaccessible bugs. + ValidateBugID($_) foreach (@array); + push(@results, \@array); + } + + # dependson blocks + my %deps = ValidateDependencies($results[0], $results[1]); + + return ($deps{'dependson'}, $deps{'blocked'}); +} + sub _check_keywords { my ($keyword_string) = @_; $keyword_string = trim($keyword_string); @@ -1633,6 +1662,7 @@ sub ValidateBugAlias { # Validate and return a hash of dependencies sub ValidateDependencies { my $fields = {}; + # These can be arrayrefs or they can be strings. $fields->{'dependson'} = shift; $fields->{'blocked'} = shift; my $id = shift || 0; @@ -1653,7 +1683,9 @@ sub ValidateDependencies { next unless $fields->{$target}; my %seen; - foreach my $i (split('[\s,]+', $fields->{$target})) { + my $target_array = ref($fields->{$target}) ? $fields->{$target} + : [split(/[\s,]+/, $fields->{$target})]; + foreach my $i (@$target_array) { if ($id == $i) { ThrowUserError("dependency_loop_single"); } diff --git a/post_bug.cgi b/post_bug.cgi index dab0ba507..f90585020 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -227,26 +227,8 @@ my @keyword_ids = @{Bugzilla::Bug::_check_keywords($cgi->param('keywords'))}; Bugzilla::Bug::_check_strict_isolation($product, $cc_ids, $cgi->param('assigned_to'), $cgi->param('qa_contact')); -# Check for valid dependency info. -foreach my $field ("dependson", "blocked") { - if (UserInGroup("editbugs") && $cgi->param($field)) { - my @validvalues; - foreach my $id (split(/[\s,]+/, $cgi->param($field))) { - next unless $id; - # $field is not passed to ValidateBugID to prevent adding new - # dependencies on inaccessible bugs. - ValidateBugID($id); - push(@validvalues, $id); - } - $cgi->param(-name => $field, -value => join(",", @validvalues)); - } -} -# Gather the dependency list, and make sure there are no circular refs -my %deps; -if (UserInGroup("editbugs")) { - %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')), - scalar($cgi->param('blocked'))); -} +my ($depends_on_ids, $blocks_ids) = Bugzilla::Bug::_check_dependencies( + scalar $cgi->param('dependson'), scalar $cgi->param('blocked')); # get current time my $timestamp = $dbh->selectrow_array(q{SELECT NOW()}); @@ -415,6 +397,7 @@ if (UserInGroup("editbugs")) { WHERE bug_id = ?}, undef, ($timestamp, $kw_list, $id)); } if ($cgi->param('dependson') || $cgi->param('blocked')) { + my %deps = (dependson => $depends_on_ids, blocked => $blocks_ids); foreach my $pair (["blocked", "dependson"], ["dependson", "blocked"]) { my ($me, $target) = @{$pair}; my $sth_dep = $dbh->prepare(qq{ |