summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Attachment.pm2
-rw-r--r--Bugzilla/CGI.pm75
-rw-r--r--Bugzilla/Chart.pm4
-rw-r--r--Bugzilla/Flag.pm12
-rw-r--r--Bugzilla/Search/Quicksearch.pm2
-rw-r--r--Bugzilla/Search/Saved.pm6
-rw-r--r--Bugzilla/Template.pm4
-rw-r--r--Makefile.PL2
-rwxr-xr-xattachment.cgi10
-rwxr-xr-xbuglist.cgi7
-rwxr-xr-xchart.cgi8
-rwxr-xr-xcolchange.cgi11
-rwxr-xr-xconfig.cgi2
-rwxr-xr-xduplicates.cgi2
-rwxr-xr-xeditclassifications.cgi4
-rwxr-xr-xeditcomponents.cgi4
-rwxr-xr-xeditfields.cgi24
-rwxr-xr-xeditflagtypes.cgi18
-rwxr-xr-xeditgroups.cgi28
-rwxr-xr-xeditproducts.cgi4
-rwxr-xr-xeditusers.cgi16
-rwxr-xr-xeditvalues.cgi4
-rwxr-xr-xeditwhines.cgi4
-rwxr-xr-xenter_bug.cgi6
-rwxr-xr-xpost_bug.cgi8
-rwxr-xr-xprocess_bug.cgi24
-rwxr-xr-xquery.cgi6
-rwxr-xr-xrelogin.cgi7
-rwxr-xr-xreport.cgi6
-rwxr-xr-xreports.cgi2
-rwxr-xr-xrequest.cgi14
-rwxr-xr-xsanitycheck.cgi2
-rwxr-xr-xshow_bug.cgi8
-rwxr-xr-xsummarize_time.cgi6
-rw-r--r--t/004template.t10
-rw-r--r--template/en/default/account/auth/login.html.tmpl2
-rw-r--r--template/en/default/attachment/midair.html.tmpl8
-rw-r--r--template/en/default/bug/create/comment-guided.txt.tmpl22
-rw-r--r--template/en/default/bug/create/comment.txt.tmpl5
-rw-r--r--template/en/default/bug/create/create-guided.html.tmpl7
-rw-r--r--template/en/default/bug/process/header.html.tmpl6
-rw-r--r--template/en/default/bug/process/midair.html.tmpl20
-rw-r--r--template/en/default/bug/process/verify-new-product.html.tmpl13
-rw-r--r--template/en/default/bug/show.xml.tmpl5
-rw-r--r--template/en/default/global/confirm-user-match.html.tmpl6
-rw-r--r--template/en/default/global/hidden-fields.html.tmpl11
-rw-r--r--template/en/default/global/product-select.html.tmpl4
-rw-r--r--template/en/default/global/user-error.html.tmpl17
-rw-r--r--template/en/default/list/list.html.tmpl6
-rw-r--r--template/en/default/pages/linked.html.tmpl6
-rw-r--r--template/en/default/reports/keywords.html.tmpl4
-rw-r--r--template/en/default/request/queue.html.tmpl18
-rwxr-xr-xuserprefs.cgi8
-rw-r--r--xt/extensions/QA/Extension.pm4
54 files changed, 240 insertions, 284 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index 78334ec18..ec318b021 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -1020,7 +1020,7 @@ sub get_content_type {
# The user asked us to auto-detect the content type, so use the type
# specified in the HTTP request headers.
$content_type =
- $cgi->uploadInfo($cgi->param('data'))->{'Content-Type'};
+ $cgi->uploadInfo(scalar $cgi->param('data'))->{'Content-Type'};
$content_type || ThrowUserError("missing_content_type");
# Internet Explorer sends image/x-png for PNG images,
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 4258cd552..b341a86f1 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -18,6 +18,7 @@ use Bugzilla::Error;
use Bugzilla::Util;
use Bugzilla::Hook;
use Bugzilla::Search::Recent;
+use Bugzilla::Install::Util qw(i_am_persistent);
use File::Basename;
@@ -34,8 +35,7 @@ sub _init_bz_cgi_globals {
# We don't precompile any functions here, that's done specially in
# mod_perl code.
- $invocant->_setup_symbols(qw(:no_xhtml :oldstyle_urls :private_tempfiles
- :unique_headers));
+ $invocant->_setup_symbols(qw(:no_xhtml :oldstyle_urls :unique_headers :utf8));
}
BEGIN { __PACKAGE__->_init_bz_cgi_globals() if i_am_cgi(); }
@@ -44,9 +44,7 @@ sub new {
my ($invocant, @args) = @_;
my $class = ref($invocant) || $invocant;
- # Under mod_perl, CGI's global variables get reset on each request,
- # so we need to set them up again every time.
- $class->_init_bz_cgi_globals() if $ENV{MOD_PERL};
+ $class->_init_bz_cgi_globals() if i_am_persistent();
my $self = $class->SUPER::new(@args);
@@ -65,18 +63,11 @@ sub new {
# Path-Info is of no use for Bugzilla and interacts badly with IIS.
# Moreover, it causes unexpected behaviors, such as totally breaking
# the rendering of pages.
- if (my $path_info = $self->path_info) {
+ if ($self->script_name && $self->path_info) {
my @whitelist = ("rest.cgi");
Bugzilla::Hook::process('path_info_whitelist', { whitelist => \@whitelist });
if (!grep($_ eq $script, @whitelist)) {
- # IIS includes the full path to the script in PATH_INFO,
- # so we have to extract the real PATH_INFO from it,
- # else we will be redirected outside Bugzilla.
- my $script_name = $self->script_name;
- $path_info =~ s/^\Q$script_name\E//;
- if ($script_name && $path_info) {
- print $self->redirect($self->url(-path => 0, -query => 1));
- }
+ print $self->redirect($self->url(-path => 0, -query => 1));
}
}
@@ -117,7 +108,7 @@ sub canonicalise_query {
# Reconstruct the URL by concatenating the sorted param=value pairs
my @parameters;
- foreach my $key (sort($self->param())) {
+ foreach my $key (sort($self->multi_param())) {
# Leave this key out if it's in the exclude list
next if grep { $_ eq $key } @exclude;
@@ -127,7 +118,7 @@ sub canonicalise_query {
my $esc_key = url_quote($key);
- foreach my $value ($self->param($key)) {
+ foreach my $value ($self->multi_param($key)) {
# Omit params with an empty value
if (defined($value) && $value ne '') {
my $esc_value = url_quote($value);
@@ -143,7 +134,7 @@ sub canonicalise_query {
sub clean_search_url {
my $self = shift;
# Delete any empty URL parameter.
- my @cgi_params = $self->param;
+ my @cgi_params = $self->multi_param();
foreach my $param (@cgi_params) {
if (defined $self->param($param) && $self->param($param) eq '') {
@@ -252,23 +243,12 @@ sub check_etag {
# Have to add the cookies in.
sub multipart_start {
my $self = shift;
-
- my %args = @_;
-
- # CGI.pm::multipart_start doesn't honour its own charset information, so
- # we do it ourselves here
- if (defined $self->charset() && defined $args{-type}) {
- # Remove any existing charset specifier
- $args{-type} =~ s/;.*$//;
- # and add the specified one
- $args{-type} .= '; charset=' . $self->charset();
- }
-
- my $headers = $self->SUPER::multipart_start(%args);
+ # We have to explicitly pass the charset.
+ my $headers = $self->SUPER::multipart_start(@_, -charset => $self->charset());
# Eliminate the one extra CRLF at the end.
$headers =~ s/$CGI::CRLF$//;
# Add the cookies. We have to do it this way instead of
- # passing them to multpart_start, because CGI.pm's multipart_start
+ # passing them to multipart_start, because CGI.pm's multipart_start
# doesn't understand a '-cookie' argument pointing to an arrayref.
foreach my $cookie (@{$self->{Bugzilla_cookie_list}}) {
$headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
@@ -366,11 +346,15 @@ sub header {
sub param {
my $self = shift;
- local $CGI::LIST_CONTEXT_WARN = 0;
+
+ my @caller = caller(0);
+ if (wantarray && $caller[0] ne 'CGI') {
+ warn 'Illegal call to $cgi->param in list context from ' . $caller[0];
+ }
# When we are just requesting the value of a parameter...
if (scalar(@_) == 1) {
- my @result = $self->SUPER::param(@_);
+ my @result = $self->SUPER::multi_param(@_);
# Also look at the URL parameters, after we look at the POST
# parameters. This is to allow things like login-form submissions
@@ -381,9 +365,6 @@ sub param {
@result = $self->url_param(@_);
}
- # Fix UTF-8-ness of input parameters.
- @result = map { _fix_utf8($_) } @result;
-
return wantarray ? @result : $result[0];
}
# And for various other functions in CGI.pm, we need to correctly
@@ -392,13 +373,13 @@ sub param {
elsif (!scalar(@_) && $self->request_method
&& $self->request_method eq 'POST')
{
- my @post_params = $self->SUPER::param;
+ my @post_params = $self->SUPER::multi_param();
my @url_params = $self->url_param;
my %params = map { $_ => 1 } (@post_params, @url_params);
return keys %params;
}
- return $self->SUPER::param(@_);
+ return $self->SUPER::multi_param(@_);
}
sub url_param {
@@ -409,13 +390,6 @@ sub url_param {
return $self->SUPER::url_param(@_);
}
-sub _fix_utf8 {
- my $input = shift;
- # The is_utf8 is here in case CGI gets smart about utf8 someday.
- utf8::decode($input) if defined $input && !ref $input && !utf8::is_utf8($input);
- return $input;
-}
-
sub should_set {
my ($self, $param) = @_;
my $set = (defined $self->param($param)
@@ -609,21 +583,12 @@ sub STORE {
sub FETCH {
my ($self, $param) = @_;
return $self if $param eq 'CGI'; # CGI.pm did this, so we do too.
- my @result = $self->param($param);
+ my @result = $self->multi_param($param);
return undef if !scalar(@result);
return $result[0] if scalar(@result) == 1;
return \@result;
}
-# For the Vars TIEHASH interface: the normal CGI.pm DELETE doesn't return
-# the value deleted, but Perl's "delete" expects that value.
-sub DELETE {
- my ($self, $param) = @_;
- my $value = $self->FETCH($param);
- $self->delete($param);
- return $value;
-}
-
1;
__END__
diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm
index d0a1312ad..f8d34fe6b 100644
--- a/Bugzilla/Chart.pm
+++ b/Bugzilla/Chart.pm
@@ -57,10 +57,10 @@ sub init {
# &select0=1&select3=1...
# &cumulate=1&datefrom=2002-02-03&dateto=2002-04-04&ctype=html...
# &gt=1&labelgt=Grand+Total
- foreach my $param ($cgi->param()) {
+ foreach my $param ($cgi->multi_param()) {
# Store all the lines
if ($param =~ /^line(\d+)$/a) {
- foreach my $series_id ($cgi->param($param)) {
+ foreach my $series_id ($cgi->multi_param($param)) {
detaint_natural($series_id)
|| ThrowCodeError("invalid_series_id");
my $series = new Bugzilla::Series($series_id);
diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm
index 3d9540a94..6c8dab377 100644
--- a/Bugzilla/Flag.pm
+++ b/Bugzilla/Flag.pm
@@ -843,11 +843,11 @@ sub extract_flags_from_cgi {
}
# Extract a list of flag type IDs from field names.
- my @flagtype_ids = map(/^flag_type-(\d+)$/a ? $1 : (), $cgi->param());
+ my @flagtype_ids = map { /^flag_type-(\d+)$/a ? $1 : () } $cgi->multi_param();
@flagtype_ids = grep($cgi->param("flag_type-$_") ne 'X', @flagtype_ids);
# Extract a list of existing flag IDs.
- my @flag_ids = map(/^flag-(\d+)$/a ? $1 : (), $cgi->param());
+ my @flag_ids = map { /^flag-(\d+)$/a ? $1 : () } $cgi->multi_param();
return ([], []) unless (scalar(@flagtype_ids) || scalar(@flag_ids));
@@ -863,7 +863,7 @@ sub extract_flags_from_cgi {
# (i.e. they want more than one person to set the flag) we can reuse
# the existing flag for the first person (who may well be the existing
# requestee), but we have to create new flags for each additional requestee.
- my @requestees = $cgi->param("requestee-$flag_id");
+ my @requestees = $cgi->multi_param("requestee-$flag_id");
my $requestee_email;
if ($status eq "?"
&& scalar(@requestees) > 1
@@ -935,7 +935,7 @@ sub extract_flags_from_cgi {
my $status = $cgi->param("flag_type-$type_id");
trick_taint($status);
- my @logins = $cgi->param("requestee_type-$type_id");
+ my @logins = $cgi->multi_param("requestee_type-$type_id");
if ($status eq "?" && scalar(@logins)) {
foreach my $login (@logins) {
push (@new_flags, { type_id => $type_id,
@@ -986,7 +986,7 @@ sub multi_extract_flags_from_cgi {
}
# Extract a list of flag type IDs from field names.
- my @flagtype_ids = map(/^flag_type-(\d+)$/a ? $1 : (), $cgi->param());
+ my @flagtype_ids = map { /^flag_type-(\d+)$/a ? $1 : () } $cgi->multi_param();
my (@new_flags, @flags);
@@ -1027,7 +1027,7 @@ sub multi_extract_flags_from_cgi {
my $status = $cgi->param("flag_type-$type_id");
trick_taint($status);
- my @logins = $cgi->param("requestee_type-$type_id");
+ my @logins = $cgi->multi_param("requestee_type-$type_id");
if ($status eq "?" && scalar(@logins)) {
foreach my $login (@logins) {
if ($update) {
diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm
index 8e188161c..249748062 100644
--- a/Bugzilla/Search/Quicksearch.pm
+++ b/Bugzilla/Search/Quicksearch.pm
@@ -248,7 +248,7 @@ sub quicksearch {
}
# Make sure we have some query terms left
- scalar($cgi->param())>0 || ThrowUserError("buglist_parameters_required");
+ scalar $cgi->multi_param() or ThrowUserError("buglist_parameters_required");
}
# List of quicksearch-specific CGI parameters to get rid of.
diff --git a/Bugzilla/Search/Saved.pm b/Bugzilla/Search/Saved.pm
index 9f6addffe..27a2e38ca 100644
--- a/Bugzilla/Search/Saved.pm
+++ b/Bugzilla/Search/Saved.pm
@@ -220,10 +220,10 @@ sub edit_link {
my ($self) = @_;
return $self->{edit_link} if defined $self->{edit_link};
my $cgi = new Bugzilla::CGI($self->url);
- if (!$cgi->param('query_type')
- || !IsValidQueryType($cgi->param('query_type')))
+ if (!$cgi->param('query_format')
+ || !IsValidQueryType(scalar $cgi->param('query_format')))
{
- $cgi->param('query_type', 'advanced');
+ $cgi->param('query_format', 'advanced');
}
$self->{edit_link} = $cgi->canonicalise_query;
return $self->{edit_link};
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 48899cd78..95a89b560 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -1013,6 +1013,10 @@ sub create {
# If an sudo session is in progress, this is the user we're faking
'user' => sub { return Bugzilla->user; },
+ # TT directives are evaluated in list context, conflicting
+ # with CGI checks about using $cgi->param() in list context.
+ 'cgi_param' => sub { return scalar Bugzilla->cgi->param($_[0]) },
+
# Currenly active language
'current_language' => sub { return Bugzilla->current_language; },
diff --git a/Makefile.PL b/Makefile.PL
index 062a94754..5742f8429 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -45,7 +45,7 @@ END {
# PREREQ_PM
my %requires = (
- 'CGI' => '3.51',
+ 'CGI' => '4.09',
'DBI' => '1.614',
'Date::Format' => '2.23',
'DateTime' => '0.75',
diff --git a/attachment.cgi b/attachment.cgi
index eab42903d..b74930306 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -330,8 +330,8 @@ sub view {
# Bug 111522: allow overriding content-type manually in the posted form
# params.
- if (defined $cgi->param('content_type')) {
- $contenttype = $attachment->_check_content_type($cgi->param('content_type'));
+ if (my $content_type = $cgi->param('content_type')) {
+ $contenttype = $attachment->_check_content_type($content_type);
}
# Return the appropriate HTTP response headers.
@@ -503,13 +503,13 @@ sub insert {
my ($timestamp) = $dbh->selectrow_array("SELECT NOW()");
# Detect if the user already used the same form to submit an attachment
- my $token = trim($cgi->param('token'));
+ my $token = trim(scalar $cgi->param('token'));
check_token_data($token, 'create_attachment', 'index.cgi');
# Check attachments the user tries to mark as obsolete.
my @obsolete_attachments;
if ($cgi->param('obsolete')) {
- my @obsolete = $cgi->param('obsolete');
+ my @obsolete = $cgi->multi_param('obsolete');
@obsolete_attachments = Bugzilla::Attachment->validate_obsolete($bug, \@obsolete);
}
@@ -784,7 +784,7 @@ sub delete_attachment {
$attachment->datasize || ThrowUserError('attachment_removed');
# We don't want to let a malicious URL accidentally delete an attachment.
- my $token = trim($cgi->param('token'));
+ my $token = trim(scalar $cgi->param('token'));
if ($token) {
my ($creator_id, $date, $event) = Bugzilla::Token::GetTokenData($token);
unless ($creator_id
diff --git a/buglist.cgi b/buglist.cgi
index fc00641cd..941ec6ed4 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -123,7 +123,7 @@ if (my $last_list = $cgi->param('regetlastlist')) {
# and order by, since relevance only exists when doing a fulltext search.
my $fulltext = 0;
if ($cgi->param('content')) { $fulltext = 1 }
-my @charts = map(/^field(\d-\d-\d)$/ ? $1 : (), $cgi->param());
+my @charts = map { /^field(\d-\d-\d)$/ ? $1 : () } $cgi->multi_param();
foreach my $chart (@charts) {
if ($cgi->param("field$chart") eq 'content' && $cgi->param("value$chart")) {
$fulltext = 1;
@@ -934,7 +934,7 @@ if (scalar(@products) == 1) {
$one_product = Bugzilla::Product->new({ name => $products[0], cache => 1 });
}
# This is used in the "Zarroo Boogs" case.
-elsif (my @product_input = $cgi->param('product')) {
+elsif (my @product_input = $cgi->multi_param('product')) {
if (scalar(@product_input) == 1 and $product_input[0] ne '') {
$one_product = Bugzilla::Product->new({ name => $product_input[0], cache => 1 });
}
@@ -953,7 +953,7 @@ if (scalar(@components) == 1) {
$vars->{one_component} = $components[0];
}
# This is used in the "Zarroo Boogs" case.
-elsif (my @component_input = $cgi->param('component')) {
+elsif (my @component_input = $cgi->multi_param('component')) {
if (scalar(@component_input) == 1 and $component_input[0] ne '') {
$vars->{one_component}= $cgi->param('component');
}
@@ -1122,7 +1122,6 @@ Bugzilla::Hook::process("buglist_format", {'vars' => $vars,
$template->process($format->{'template'}, $vars)
|| ThrowTemplateError($template->error());
-
################################################################################
# Script Conclusion
################################################################################
diff --git a/chart.cgi b/chart.cgi
index 13c9fe4cc..b3a52245c 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -58,7 +58,7 @@ if (!Bugzilla->feature('new_charts')) {
}
# Go back to query.cgi if we are adding a boolean chart parameter.
-if (grep(/^cmd-/, $cgi->param())) {
+if (grep(/^cmd-/, $cgi->multi_param())) {
my $params = $cgi->canonicalise_query("format", "ctype", "action");
print $cgi->redirect("query.cgi?format=" . $cgi->param('query_format') .
($params ? "&$params" : ""));
@@ -73,7 +73,7 @@ $vars->{'doc_section'} = 'using/reports-and-charts.html#charts';
# of the action param, because that value is localization-dependent. So, we
# encode it in the name, as "action-<action>". Some params even contain the
# series_id they apply to (e.g. subscribe, unsubscribe).
-my @actions = grep(/^action-/, $cgi->param());
+my @actions = grep(/^action-/, $cgi->multi_param());
if ($actions[0] && $actions[0] =~ /^action-([^\d]+)(\d*)$/) {
$action = $1;
$series_id = $2 if $2;
@@ -224,14 +224,14 @@ exit;
# Find any selected series and return either the first or all of them.
sub getAndValidateSeriesIDs {
- my @series_ids = grep(/^\d+$/, $cgi->param("name"));
+ my @series_ids = grep(/^\d+$/, $cgi->multi_param("name"));
return wantarray ? @series_ids : $series_ids[0];
}
# Return a list of IDs of all the lines selected in the UI.
sub getSelectedLines {
- my @ids = map { /^select(\d+)$/a ? $1 : () } $cgi->param();
+ my @ids = map { /^select(\d+)$/a ? $1 : () } $cgi->multi_param();
return @ids;
}
diff --git a/colchange.cgi b/colchange.cgi
index e1e78f443..f2da452de 100755
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -71,10 +71,10 @@ if (!$user->is_timetracker) {
$vars->{'columns'} = $columns;
my @collist;
-if (defined $cgi->param('rememberedquery')) {
+if (my $rememberedquery = $cgi->param('rememberedquery')) {
my $search;
- if (defined $cgi->param('saved_search')) {
- $search = new Bugzilla::Search::Saved($cgi->param('saved_search'));
+ if (my $saved_search = $cgi->param('saved_search')) {
+ $search = new Bugzilla::Search::Saved($saved_search);
}
my $token = $cgi->param('token');
@@ -91,7 +91,7 @@ if (defined $cgi->param('rememberedquery')) {
} else {
if (defined $cgi->param("selected_columns")) {
@collist = grep { exists $columns->{$_} }
- $cgi->param("selected_columns");
+ $cgi->multi_param("selected_columns");
}
if (defined $cgi->param('splitheader')) {
$splitheader = $cgi->param('splitheader')? 1: 0;
@@ -131,7 +131,8 @@ if (defined $cgi->param('rememberedquery')) {
$search->update();
}
- my $params = new Bugzilla::CGI($cgi->param('rememberedquery'));
+ utf8::decode($rememberedquery);
+ my $params = new Bugzilla::CGI($rememberedquery);
$params->param('columnlist', join(",", @collist));
$vars->{'redirect_url'} = "buglist.cgi?".$params->query_string();
diff --git a/config.cgi b/config.cgi
index 3e3943989..32c55acf3 100755
--- a/config.cgi
+++ b/config.cgi
@@ -49,7 +49,7 @@ $vars->{'custom_fields'} =
# Include a list of product objects.
if ($cgi->param('product')) {
- my @products = $cgi->param('product');
+ my @products = $cgi->multi_param('product');
foreach my $product_name (@products) {
# We don't use check() because config.cgi outputs mostly
# in XML and JS and we don't want to display an HTML error
diff --git a/duplicates.cgi b/duplicates.cgi
index 0773400fd..da00d8748 100755
--- a/duplicates.cgi
+++ b/duplicates.cgi
@@ -127,7 +127,7 @@ if (!defined $reverse) {
$reverse = 0;
}
}
-my @query_products = $cgi->param('product');
+my @query_products = $cgi->multi_param('product');
my $sortvisible = formvalue("sortvisible");
my @bugs;
if ($sortvisible) {
diff --git a/editclassifications.cgi b/editclassifications.cgi
index 765a34fcb..1ae6e553c 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -196,7 +196,7 @@ if ($action eq 'reclassify') {
if (defined $cgi->param('add_products')) {
check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('prodlist')) {
- foreach my $prod ($cgi->param("prodlist")) {
+ foreach my $prod ($cgi->multi_param("prodlist")) {
trick_taint($prod);
$sth->execute($classification->id, $prod);
push @names, $prod;
@@ -206,7 +206,7 @@ if ($action eq 'reclassify') {
} elsif (defined $cgi->param('remove_products')) {
check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('myprodlist')) {
- foreach my $prod ($cgi->param("myprodlist")) {
+ foreach my $prod ($cgi->multi_param('myprodlist')) {
trick_taint($prod);
$sth->execute(1, $prod);
push @names, $prod;
diff --git a/editcomponents.cgi b/editcomponents.cgi
index 99bd3bb35..ecbbd788f 100755
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -113,7 +113,7 @@ if ($action eq 'new') {
my $default_assignee = trim($cgi->param('initialowner') || '');
my $default_qa_contact = trim($cgi->param('initialqacontact') || '');
my $description = trim($cgi->param('description') || '');
- my @initial_cc = $cgi->param('initialcc');
+ my @initial_cc = $cgi->multi_param('initialcc');
my $isactive = $cgi->param('isactive');
my $component = Bugzilla::Component->create({
@@ -216,7 +216,7 @@ if ($action eq 'update') {
my $default_assignee = trim($cgi->param('initialowner') || '');
my $default_qa_contact = trim($cgi->param('initialqacontact') || '');
my $description = trim($cgi->param('description') || '');
- my @initial_cc = $cgi->param('initialcc');
+ my @initial_cc = $cgi->multi_param('initialcc');
my $isactive = $cgi->param('isactive');
my $component =
diff --git a/editfields.cgi b/editfields.cgi
index 88961a4e4..acb34e2df 100755
--- a/editfields.cgi
+++ b/editfields.cgi
@@ -61,7 +61,7 @@ elsif ($action eq 'new') {
custom => 1,
buglist => 1,
visibility_field_id => scalar $cgi->param('visibility_field_id'),
- visibility_values => [ $cgi->param('visibility_values') ],
+ visibility_values => [ $cgi->multi_param('visibility_values') ],
value_field_id => scalar $cgi->param('value_field_id'),
reverse_desc => scalar $cgi->param('reverse_desc'),
is_mandatory => scalar $cgi->param('is_mandatory'),
@@ -102,17 +102,17 @@ elsif ($action eq 'update') {
my $field = new Bugzilla::Field({'name' => $name});
$field || ThrowUserError('customfield_nonexistent', {'name' => $name});
- $field->set_description($cgi->param('desc'));
- $field->set_long_desc($cgi->param('long_desc'));
- $field->set_sortkey($cgi->param('sortkey'));
- $field->set_in_new_bugmail($cgi->param('new_bugmail'));
- $field->set_enter_bug($cgi->param('enter_bug'));
- $field->set_obsolete($cgi->param('obsolete'));
- $field->set_is_mandatory($cgi->param('is_mandatory'));
- $field->set_visibility_field($cgi->param('visibility_field_id'));
- $field->set_visibility_values([ $cgi->param('visibility_values') ]);
- $field->set_value_field($cgi->param('value_field_id'));
- $field->set_reverse_desc($cgi->param('reverse_desc'));
+ $field->set_description(scalar $cgi->param('desc'));
+ $field->set_long_desc(scalar $cgi->param('long_desc'));
+ $field->set_sortkey(scalar $cgi->param('sortkey'));
+ $field->set_in_new_bugmail(scalar $cgi->param('new_bugmail'));
+ $field->set_enter_bug(scalar $cgi->param('enter_bug'));
+ $field->set_obsolete(scalar $cgi->param('obsolete'));
+ $field->set_is_mandatory(scalar $cgi->param('is_mandatory'));
+ $field->set_visibility_field(scalar $cgi->param('visibility_field_id'));
+ $field->set_visibility_values([ $cgi->multi_param('visibility_values') ]);
+ $field->set_value_field(scalar $cgi->param('value_field_id'));
+ $field->set_reverse_desc(scalar $cgi->param('reverse_desc'));
$field->update();
delete_token($token);
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index a319742d3..ba2d4891b 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -62,11 +62,11 @@ if ($comp_name) {
}
# If 'categoryAction' is set, it has priority over 'action'.
-if (my ($category_action) = grep { $_ =~ /^categoryAction-(?:\w+)$/ } $cgi->param()) {
+if (my ($category_action) = grep { $_ =~ /^categoryAction-(?:\w+)$/ } $cgi->multi_param()) {
$category_action =~ s/^categoryAction-//;
- my @inclusions = $cgi->param('inclusions');
- my @exclusions = $cgi->param('exclusions');
+ my @inclusions = $cgi->multi_param('inclusions');
+ my @exclusions = $cgi->multi_param('exclusions');
my @categories;
if ($category_action =~ /^(in|ex)clude$/) {
if (!$user->in_group('editcomponents') && !$product) {
@@ -93,13 +93,13 @@ if (my ($category_action) = grep { $_ =~ /^categoryAction-(?:\w+)$/ } $cgi->para
}
}
elsif ($category_action eq 'removeInclusion') {
- my @inclusion_to_remove = $cgi->param('inclusion_to_remove');
+ my @inclusion_to_remove = $cgi->multi_param('inclusion_to_remove');
foreach my $remove (@inclusion_to_remove) {
@inclusions = grep { $_ ne $remove } @inclusions;
}
}
elsif ($category_action eq 'removeExclusion') {
- my @exclusion_to_remove = $cgi->param('exclusion_to_remove');
+ my @exclusion_to_remove = $cgi->multi_param('exclusion_to_remove');
foreach my $remove (@exclusion_to_remove) {
@exclusions = grep { $_ ne $remove } @exclusions;
}
@@ -265,8 +265,8 @@ if ($action eq 'insert') {
my $is_multiplicable = $cgi->param('is_multiplicable');
my $grant_group = $cgi->param('grant_group');
my $request_group = $cgi->param('request_group');
- my @inclusions = $cgi->param('inclusions');
- my @exclusions = $cgi->param('exclusions');
+ my @inclusions = $cgi->multi_param('inclusions');
+ my @exclusions = $cgi->multi_param('exclusions');
# Filter inclusion and exclusion lists to products the user can see.
unless ($user->in_group('editcomponents')) {
@@ -317,8 +317,8 @@ if ($action eq 'update') {
my $is_multiplicable = $cgi->param('is_multiplicable');
my $grant_group = $cgi->param('grant_group');
my $request_group = $cgi->param('request_group');
- my @inclusions = $cgi->param('inclusions');
- my @exclusions = $cgi->param('exclusions');
+ my @inclusions = $cgi->multi_param('inclusions');
+ my @exclusions = $cgi->multi_param('exclusions');
my ($flagtype, $can_fully_edit) = $user->check_can_admin_flagtype($flag_id);
if ($cgi->param('check_clusions') && !$user->in_group('editcomponents')) {
diff --git a/editgroups.cgi b/editgroups.cgi
index ac0e6a8bd..49bebb04b 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -149,7 +149,7 @@ unless ($action) {
if ($action eq 'changeform') {
# Check that an existing group ID is given
- my $group_id = CheckGroupID($cgi->param('group'));
+ my $group_id = CheckGroupID(scalar $cgi->param('group'));
my $group = new Bugzilla::Group($group_id);
get_current_and_available($group, $vars);
@@ -262,7 +262,7 @@ if ($action eq 'postchanges') {
my $changes = doGroupChanges();
delete_token($token);
- my $group = new Bugzilla::Group($cgi->param('group_id'));
+ my $group = new Bugzilla::Group(scalar $cgi->param('group_id'));
get_current_and_available($group, $vars);
$vars->{'message'} = 'group_updated';
$vars->{'group'} = $group;
@@ -275,9 +275,9 @@ if ($action eq 'postchanges') {
}
if ($action eq 'confirm_remove') {
- my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id')));
+ my $group = new Bugzilla::Group(CheckGroupID(scalar $cgi->param('group_id')));
$vars->{'group'} = $group;
- $vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp'));
+ $vars->{'regexp'} = CheckGroupRegexp(scalar $cgi->param('regexp'));
$vars->{'token'} = issue_session_token('remove_group_members');
$template->process('admin/groups/confirm-remove.html.tmpl', $vars)
@@ -291,8 +291,8 @@ if ($action eq 'remove_regexp') {
# gid = $cgi->param('group') that match the regular expression
# stored in the DB for that group or all of them period
- my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id')));
- my $regexp = CheckGroupRegexp($cgi->param('regexp'));
+ my $group = new Bugzilla::Group(CheckGroupID(scalar $cgi->param('group_id')));
+ my $regexp = CheckGroupRegexp(scalar $cgi->param('regexp'));
$dbh->bz_start_transaction();
@@ -334,27 +334,27 @@ sub doGroupChanges {
$dbh->bz_start_transaction();
# Check that the given group ID is valid and make a Group.
- my $group = new Bugzilla::Group(CheckGroupID($cgi->param('group_id')));
+ my $group = new Bugzilla::Group(CheckGroupID(scalar $cgi->param('group_id')));
if (defined $cgi->param('regexp')) {
- $group->set_user_regexp($cgi->param('regexp'));
+ $group->set_user_regexp(scalar $cgi->param('regexp'));
}
if ($group->is_bug_group) {
if (defined $cgi->param('name')) {
- $group->set_name($cgi->param('name'));
+ $group->set_name(scalar $cgi->param('name'));
}
if (defined $cgi->param('desc')) {
- $group->set_description($cgi->param('desc'));
+ $group->set_description(scalar $cgi->param('desc'));
}
# Only set isactive if we came from the right form.
if (defined $cgi->param('regexp')) {
- $group->set_is_active($cgi->param('isactive'));
+ $group->set_is_active(scalar $cgi->param('isactive'));
}
}
if (defined $cgi->param('icon_url')) {
- $group->set_icon_url($cgi->param('icon_url'));
+ $group->set_icon_url(scalar $cgi->param('icon_url'));
}
my $changes = $group->update();
@@ -403,7 +403,7 @@ sub _do_add {
$current = $group->grant_direct($type);
}
- my $add_items = Bugzilla::Group->new_from_list([$cgi->param($field)]);
+ my $add_items = Bugzilla::Group->new_from_list([$cgi->multi_param($field)]);
foreach my $add (@$add_items) {
next if grep($_->id == $add->id, @$current);
@@ -423,7 +423,7 @@ sub _do_add {
sub _do_remove {
my ($group, $changes, $sth_delete, $field, $type, $reverse) = @_;
my $cgi = Bugzilla->cgi;
- my $remove_items = Bugzilla::Group->new_from_list([$cgi->param($field)]);
+ my $remove_items = Bugzilla::Group->new_from_list([$cgi->multi_param($field)]);
foreach my $remove (@$remove_items) {
my @ids = ($remove->id, $group->id);
diff --git a/editproducts.cgi b/editproducts.cgi
index 5f7434772..942e2073c 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -178,7 +178,7 @@ if ($action eq 'new') {
$dbh->bz_start_transaction();
my $product = Bugzilla::Product->create(\%product_create_params);
- my @initial_cc = $cgi->param('initialcc');
+ my @initial_cc = $cgi->multi_param('initialcc');
my %component_create_params = (
product => $product,
name => trim($cgi->param('component') || ''),
@@ -342,7 +342,7 @@ if ($action eq 'updategroupcontrols') {
my @now_na = ();
my @now_mandatory = ();
- foreach my $f ($cgi->param()) {
+ foreach my $f ($cgi->multi_param()) {
if ($f =~ /^membercontrol_(\d+)$/a) {
my $id = $1;
if ($cgi->param($f) == CONTROLMAPNA) {
diff --git a/editusers.cgi b/editusers.cgi
index 341176871..9d89d2efa 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -67,7 +67,7 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'list') {
my $matchvalue = $cgi->param('matchvalue') || '';
- my $matchstr = trim($cgi->param('matchstr'));
+ my $matchstr = trim(scalar $cgi->param('matchstr'));
my $matchtype = $cgi->param('matchtype');
my $grouprestrict = $cgi->param('grouprestrict') || '0';
# 0 = disabled only, 1 = enabled only, 2 = everyone
@@ -268,14 +268,14 @@ if ($action eq 'search') {
# is not authorized.
my $changes = {};
if ($editusers) {
- $otherUser->set_login($cgi->param('login'));
- $otherUser->set_name($cgi->param('name'));
- $otherUser->set_password($cgi->param('password'))
+ $otherUser->set_login(scalar $cgi->param('login'));
+ $otherUser->set_name(scalar $cgi->param('name'));
+ $otherUser->set_password(scalar $cgi->param('password'))
if $cgi->param('password');
- $otherUser->set_disabledtext($cgi->param('disabledtext'));
- $otherUser->set_disable_mail($cgi->param('disable_mail'));
- $otherUser->set_extern_id($cgi->param('extern_id'))
- if defined($cgi->param('extern_id'));
+ $otherUser->set_disabledtext(scalar $cgi->param('disabledtext'));
+ $otherUser->set_disable_mail(scalar $cgi->param('disable_mail'));
+ $otherUser->set_extern_id(scalar $cgi->param('extern_id'))
+ if defined $cgi->param('extern_id');
# Update bless groups
my @bless_ids = grep { s/bless_// } keys %{ Bugzilla->cgi->Vars };
diff --git a/editvalues.cgi b/editvalues.cgi
index 4be8cfd44..2b276df4b 100755
--- a/editvalues.cgi
+++ b/editvalues.cgi
@@ -76,7 +76,7 @@ if (!$cgi->param('field')) {
}
# At this point, the field must be defined.
-my $field = Bugzilla::Field->check($cgi->param('field'));
+my $field = Bugzilla::Field->check(scalar $cgi->param('field'));
if (!$field->is_select || $field->is_abnormal) {
ThrowUserError('fieldname_invalid', { field => $field });
}
@@ -119,7 +119,7 @@ if ($action eq 'new') {
}
# After this, we always have a value
-my $value = Bugzilla::Field::Choice->type($field)->check($cgi->param('value'));
+my $value = Bugzilla::Field::Choice->type($field)->check(scalar $cgi->param('value'));
$vars->{'value'} = $value;
#
diff --git a/editwhines.cgi b/editwhines.cgi
index 6597db893..d545845b1 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -125,8 +125,8 @@ if ($cgi->param('update')) {
}
else {
# check the subject, body and mailifnobugs for changes
- my $subject = ($cgi->param("event_${eventid}_subject") or '');
- my $body = ($cgi->param("event_${eventid}_body") or '');
+ my $subject = $cgi->param("event_${eventid}_subject") // '';
+ my $body = $cgi->param("event_${eventid}_body") // '';
my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0;
trick_taint($subject) if $subject;
diff --git a/enter_bug.cgi b/enter_bug.cgi
index d6cc90764..4f0992df7 100755
--- a/enter_bug.cgi
+++ b/enter_bug.cgi
@@ -186,7 +186,7 @@ foreach my $field (@enter_bug_fields) {
my $cf_value = $cgi->param($cf_name);
if (defined $cf_value) {
if ($field->type == FIELD_TYPE_MULTI_SELECT) {
- $cf_value = [$cgi->param($cf_name)];
+ $cf_value = [$cgi->multi_param($cf_name)];
}
$default{$cf_name} = $vars->{$cf_name} = $cf_value;
}
@@ -270,7 +270,7 @@ else {
$vars->{'estimated_time'} = formvalue('estimated_time');
$vars->{'see_also'} = formvalue('see_also');
- $vars->{'cc'} = join(', ', $cgi->param('cc'));
+ $vars->{'cc'} = join(', ', $cgi->multi_param('cc'));
$vars->{'comment'} = formvalue('comment');
$vars->{'comment_is_private'} = formvalue('comment_is_private');
@@ -341,7 +341,7 @@ if ($picked_status and grep($_->name eq $picked_status, @statuses)) {
$default{'bug_status'} = Bugzilla::Bug->default_bug_status(@statuses);
}
-my @groups = $cgi->param('groups');
+my @groups = $cgi->multi_param('groups');
if ($cloned_bug) {
my @clone_groups = map { $_->name } @{ $cloned_bug->groups_in };
# It doesn't matter if there are duplicate names, since all we check
diff --git a/post_bug.cgi b/post_bug.cgi
index 17d0fe4ea..712d765d8 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -44,7 +44,7 @@ unless ($cgi->param()) {
}
# Detect if the user already used the same form to submit a bug
-my $token = trim($cgi->param('token'));
+my $token = trim(scalar $cgi->param('token'));
check_token_data($token, 'create_bug', 'index.cgi');
# do a match on the fields if applicable
@@ -112,7 +112,7 @@ foreach my $field (@bug_fields) {
}
foreach my $field (qw(cc groups)) {
next if !$cgi->should_set($field);
- $bug_params{$field} = [$cgi->param($field)];
+ $bug_params{$field} = [$cgi->multi_param($field)];
}
$bug_params{'comment'} = $comment;
$bug_params{'is_markdown'} = $cgi->param('use_markdown');
@@ -122,7 +122,7 @@ my @multi_selects = grep {$_->type == FIELD_TYPE_MULTI_SELECT && $_->enter_bug}
foreach my $field (@multi_selects) {
next if !$cgi->should_set($field->name);
- $bug_params{$field->name} = [$cgi->param($field->name)];
+ $bug_params{$field->name} = [$cgi->multi_param($field->name)];
}
@@ -165,7 +165,7 @@ my $data_fh = $cgi->upload('data');
my $attach_text = $cgi->param('attach_text');
if ($data_fh || $attach_text) {
- $cgi->param('isprivate', $cgi->param('comment_is_private'));
+ $cgi->param('isprivate', scalar $cgi->param('comment_is_private'));
# Must be called before create() as it may alter $cgi->param('ispatch').
my $content_type = Bugzilla::Attachment::get_content_type();
diff --git a/process_bug.cgi b/process_bug.cgi
index ea803d1f7..2b34d1b80 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -63,7 +63,7 @@ if (defined $cgi->param('id')) {
$cgi->param('id', $bug->id);
push(@bug_objects, $bug);
} else {
- foreach my $i ($cgi->param()) {
+ foreach my $i ($cgi->multi_param()) {
if ($i =~ /^id_([1-9][0-9]*)/) {
my $id = $1;
push(@bug_objects, Bugzilla::Bug->check_for_edit($id));
@@ -78,7 +78,7 @@ my $first_bug = $bug_objects[0]; # Used when we're only updating a single bug.
# Delete any parameter set to 'dontchange'.
if (defined $cgi->param('dontchange')) {
- foreach my $name ($cgi->param) {
+ foreach my $name ($cgi->multi_param()) {
next if $name eq 'dontchange'; # But don't delete dontchange itself!
# Skip ones we've already deleted (such as "defined_$name").
next if !defined $cgi->param($name);
@@ -247,7 +247,7 @@ if (should_set('see_also')) {
[split(/[\s]+/, $cgi->param('see_also'))];
}
if (should_set('remove_see_also')) {
- $set_all_fields{'see_also'}->{remove} = [$cgi->param('remove_see_also')];
+ $set_all_fields{'see_also'}->{remove} = [$cgi->multi_param('remove_see_also')];
}
foreach my $dep_field (qw(dependson blocked)) {
if (should_set($dep_field)) {
@@ -271,18 +271,18 @@ if (defined $cgi->param('newcc')
# remove cc's... otherwise, we came from show_bug and may need to do both.
if (defined $cgi->param('masscc')) {
if ($cgi->param('ccaction') eq 'add') {
- @cc_add = $cgi->param('masscc');
+ @cc_add = $cgi->multi_param('masscc');
} elsif ($cgi->param('ccaction') eq 'remove') {
- @cc_remove = $cgi->param('masscc');
+ @cc_remove = $cgi->multi_param('masscc');
}
} else {
- @cc_add = $cgi->param('newcc');
+ @cc_add = $cgi->multi_param('newcc');
push(@cc_add, $user) if $cgi->param('addselfcc');
# We came from show_bug which uses a select box to determine what cc's
# need to be removed...
if ($cgi->param('removecc') && $cgi->param('cc')) {
- @cc_remove = $cgi->param('cc');
+ @cc_remove = $cgi->multi_param('cc');
}
}
@@ -300,7 +300,7 @@ if (defined $cgi->param('id')) {
# aliases need to be removed...
my @alias_remove = ();
if ($cgi->param('removealias') && $cgi->param('alias')) {
- @alias_remove = $cgi->param('alias');
+ @alias_remove = $cgi->multi_param('alias');
}
$set_all_fields{alias} = { add => \@alias_add, remove => \@alias_remove };
@@ -308,7 +308,7 @@ if (defined $cgi->param('id')) {
}
my %is_private;
-foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
+foreach my $field (grep(/^defined_isprivate/, $cgi->multi_param())) {
if ($field =~ /(\d+)$/a) {
my $comment_id = $1;
$is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
@@ -316,8 +316,8 @@ foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
}
$set_all_fields{comment_is_private} = \%is_private;
-my @check_groups = $cgi->param('defined_groups');
-my @set_groups = $cgi->param('groups');
+my @check_groups = $cgi->multi_param('defined_groups');
+my @set_groups = $cgi->multi_param('groups');
my ($removed_groups) = diff_arrays(\@check_groups, \@set_groups);
$set_all_fields{groups} = { add => \@set_groups, remove => $removed_groups };
@@ -325,7 +325,7 @@ my @custom_fields = Bugzilla->active_custom_fields;
foreach my $field (@custom_fields) {
my $fname = $field->name;
if (should_set($fname, 1)) {
- $set_all_fields{$fname} = [$cgi->param($fname)];
+ $set_all_fields{$fname} = [$cgi->multi_param($fname)];
}
}
diff --git a/query.cgi b/query.cgi
index 4fa52f5c8..88277bf35 100755
--- a/query.cgi
+++ b/query.cgi
@@ -114,7 +114,7 @@ sub PrefillForm {
# search or from an old link on the web somewhere) then convert them
# to the new "custom search" format so that the form is populated
# properly.
- my $any_boolean_charts = grep { /^field-?\d+/ } $buf->param();
+ my $any_boolean_charts = grep { /^field-?\d+/ } $buf->multi_param();
if ($any_boolean_charts) {
my $search = new Bugzilla::Search(params => scalar $buf->Vars);
$search->boolean_charts_to_custom_search($buf);
@@ -124,10 +124,10 @@ sub PrefillForm {
my @skip = qw(format query_format list_id columnlist);
# Iterate over the URL parameters
- foreach my $name ($buf->param()) {
+ foreach my $name ($buf->multi_param()) {
next if grep { $_ eq $name } @skip;
$foundone = 1;
- my @values = $buf->param($name);
+ my @values = $buf->multi_param($name);
# If the name is a single letter followed by numbers, it's part
# of Custom Search. We store these as an array of hashes.
diff --git a/relogin.cgi b/relogin.cgi
index 65c29a2c4..798bba00d 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -101,8 +101,9 @@ elsif ($action eq 'begin-sudo') {
# Did the user actually go trough the 'sudo-prepare' action? Do some
# checks on the token the action should have left.
+ my $token = $cgi->param('token');
my ($token_user, $token_timestamp, $token_data) =
- Bugzilla::Token::GetTokenData($cgi->param('token'));
+ Bugzilla::Token::GetTokenData($token);
unless (defined($token_user)
&& defined($token_data)
&& ($token_user == $user->id)
@@ -111,13 +112,13 @@ elsif ($action eq 'begin-sudo') {
ThrowUserError('sudo_preparation_required',
{ target_login => $target_login, reason => $reason });
}
- delete_token($cgi->param('token'));
+ delete_token($token);
# Calculate the session expiry time (T + 6 hours)
my $time_string = time2str('%a, %d-%b-%Y %T %Z', time + MAX_SUDO_TOKEN_AGE, 'GMT');
# For future sessions, store the unique ID of the target user
- my $token = Bugzilla::Token::_create_token($user->id, 'sudo', $target_user->id);
+ $token = Bugzilla::Token::_create_token($user->id, 'sudo', $target_user->id);
my %args;
if (Bugzilla->params->{ssl_redirect}) {
diff --git a/report.cgi b/report.cgi
index 2f637fca4..5c57246f7 100755
--- a/report.cgi
+++ b/report.cgi
@@ -28,7 +28,7 @@ my $template = Bugzilla->template;
my $vars = {};
# Go straight back to query.cgi if we are adding a boolean chart.
-if (grep(/^cmd-/, $cgi->param())) {
+if (grep(/^cmd-/, $cgi->multi_param())) {
my $params = $cgi->canonicalise_query("format", "ctype");
my $location = "query.cgi?format=" . $cgi->param('query_format') .
($params ? "&$params" : "");
@@ -53,7 +53,7 @@ elsif ($action eq 'add') {
my $user = Bugzilla->login(LOGIN_REQUIRED);
check_hash_token($token, ['save_report']);
- my $name = clean_text($cgi->param('name'));
+ my $name = clean_text(scalar $cgi->param('name'));
my $query = $cgi->param('query');
if (my ($report) = grep{ lc($_->name) eq lc($name) } @{$user->reports}) {
@@ -444,5 +444,5 @@ sub get_field_restrictions {
my $field = shift;
my $cgi = Bugzilla->cgi;
- return join('&amp;', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field));
+ return join('&amp;', map {url_quote($field) . '=' . url_quote($_)} $cgi->multi_param($field));
}
diff --git a/reports.cgi b/reports.cgi
index 06890b38d..e40c22384 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -83,7 +83,7 @@ else {
}
# Make sure there is something to plot.
- my @datasets = $cgi->param('datasets');
+ my @datasets = $cgi->multi_param('datasets');
scalar(@datasets) || ThrowUserError('missing_datasets');
if (grep { $_ !~ /^[A-Za-z0-9:_-]+$/ } @datasets) {
diff --git a/request.cgi b/request.cgi
index 95e4fd1fd..54b568a84 100755
--- a/request.cgi
+++ b/request.cgi
@@ -84,8 +84,8 @@ sub queue {
my $userid = $user->id;
my $vars = {};
- my $status = validateStatus($cgi->param('status'));
- my $form_group = validateGroup($cgi->param('group'));
+ my $status = validateStatus(scalar $cgi->param('status'));
+ my $form_group = validateGroup(scalar $cgi->param('group'));
my $query =
# Select columns describing each flag, the bug/attachment on which
@@ -167,15 +167,15 @@ sub queue {
my $do_union = $cgi->param('do_union');
# Filter results by exact email address of requester or requestee.
- if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
- my $requester = $dbh->quote($cgi->param('requester'));
+ if (my $requester = $cgi->param('requester')) {
+ $requester = $dbh->quote($requester);
trick_taint($requester); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
push(@excluded_columns, 'requester') unless $do_union;
}
- if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
- if ($cgi->param('requestee') ne "-") {
- my $requestee = $dbh->quote($cgi->param('requestee'));
+ if (my $requestee = $cgi->param('requestee')) {
+ if ($requestee ne '-') {
+ $requestee = $dbh->quote($requestee);
trick_taint($requestee); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee));
}
diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index bb131a65a..85f73bc6d 100755
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -69,7 +69,7 @@ else {
# web browser and a parameter is passed to the script.
# XXX - Maybe these two parameters should be deleted once logged in?
$cgi->delete('GoAheadAndLogIn', 'Bugzilla_restrictlogin');
- if (scalar($cgi->param())) {
+ if (scalar $cgi->multi_param()) {
my $token = $cgi->param('token');
check_hash_token($token, ['sanitycheck']);
}
diff --git a/show_bug.cgi b/show_bug.cgi
index 09cb91a86..41aa00682 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -61,7 +61,7 @@ if ($single) {
}
}
} else {
- foreach my $id ($cgi->param('id')) {
+ foreach my $id ($cgi->multi_param('id')) {
# Be kind enough and accept URLs of the form: id=1,2,3.
my @ids = split(/,/, $id);
my @check_bugs;
@@ -108,7 +108,7 @@ my @fieldlist = (Bugzilla::Bug->fields, 'flag', 'group', 'long_desc',
my %displayfields;
if ($cgi->param("field")) {
- @fieldlist = $cgi->param("field");
+ @fieldlist = $cgi->multi_param("field");
}
unless ($user->is_timetracker) {
@@ -119,8 +119,8 @@ foreach (@fieldlist) {
$displayfields{$_} = 1;
}
-foreach ($cgi->param("excludefield")) {
- $displayfields{$_} = undef;
+foreach ($cgi->multi_param("excludefield")) {
+ $displayfields{$_} = undef;
}
$vars->{'displayfields'} = \%displayfields;
diff --git a/summarize_time.cgi b/summarize_time.cgi
index 193899f0d..dd1e9e08e 100755
--- a/summarize_time.cgi
+++ b/summarize_time.cgi
@@ -264,7 +264,7 @@ my $detailed = $cgi->param('detailed');
my $do_report = $cgi->param('do_report');
my $inactive = $cgi->param('inactive');
my $do_depends = $cgi->param('do_depends');
-my $ctype = scalar($cgi->param("ctype"));
+my $ctype = $cgi->param('ctype');
my ($start_date, $end_date);
if ($do_report) {
@@ -280,8 +280,8 @@ if ($do_report) {
@bugs = @{ $user->visible_bugs(\@bugs) };
}
- $start_date = trim $cgi->param('start_date');
- $end_date = trim $cgi->param('end_date');
+ $start_date = trim(scalar $cgi->param('start_date'));
+ $end_date = trim(scalar $cgi->param('end_date'));
foreach my $date ($start_date, $end_date) {
next unless $date;
diff --git a/t/004template.t b/t/004template.t
index e6c241cc0..5296564ae 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -22,7 +22,7 @@ use CGI qw(-no_debug);
use File::Spec;
use Template;
-use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files );
+use Test::More tests => ( scalar(@referenced_files) + 3 * $num_actual_files );
# Capture the TESTOUT from Test::More or Test::Builder for printing errors.
# This will handle verbosity for us automatically.
@@ -117,6 +117,14 @@ foreach my $include_path (@include_paths) {
else {
ok(1, "$path contains no blacklisted constructs");
}
+
+ # Forbid cgi.param(). cgi_param() must be used instead.
+ if ($data =~ /cgi\.param/) {
+ ok(0, "$path calls cgi.param() instead of cgi_param()");
+ }
+ else {
+ ok(1, "$path correctly calls CGI parameters");
+ }
}
}
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index 05d177d09..afa77df7f 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -25,7 +25,7 @@
</h2>
<form id="login_form" name="login" action="[% urlbase FILTER html %][% target FILTER html %]"
- method="POST" [% IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]>
+ method="POST" [% IF cgi_param("data") %] enctype="multipart/form-data"[% END %]>
<table>
<tr>
<th>
diff --git a/template/en/default/attachment/midair.html.tmpl b/template/en/default/attachment/midair.html.tmpl
index 68db5d974..4dd44ef4d 100644
--- a/template/en/default/attachment/midair.html.tmpl
+++ b/template/en/default/attachment/midair.html.tmpl
@@ -14,10 +14,6 @@
# attachment: object; the attachment being changed.
#%]
-[%# The global Bugzilla->cgi object is used to obtain form variable values. %]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
-
[% PROCESS global/header.html.tmpl title = "Mid-air collision!" %]
<h1>Mid-air collision detected!</h1>
@@ -33,11 +29,11 @@
[% PROCESS "bug/activity/table.html.tmpl" incomplete_data=0 %]
</p>
-[% IF cgi.param("comment") %]
+[% IF cgi_param("comment") %]
<p>
Your comment was:<br>
<blockquote><pre class="bz_comment_text">
- [% cgi.param("comment") FILTER html %]
+ [% cgi_param("comment") FILTER html %]
</pre></blockquote>
</p>
[% END %]
diff --git a/template/en/default/bug/create/comment-guided.txt.tmpl b/template/en/default/bug/create/comment-guided.txt.tmpl
index e85a36469..0a7b5223a 100644
--- a/template/en/default/bug/create/comment-guided.txt.tmpl
+++ b/template/en/default/bug/create/comment-guided.txt.tmpl
@@ -8,27 +8,27 @@
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
User-Agent: [%+ cgi.user_agent() %]
-Build Identifier: [%+ cgi.param("buildid") %]
+Build Identifier: [%+ cgi_param("buildid") %]
-[%+ cgi.param("comment") IF cgi.param("comment") %]
+[%+ cgi_param("comment") IF cgi_param("comment") %]
-[%+ IF cgi.param("reproducible") != "Choose one..." -%]
-Reproducible: [%+ cgi.param("reproducible") %]
+[%+ IF cgi_param("reproducible") != "Choose one..." -%]
+Reproducible: [%+ cgi_param("reproducible") %]
[% END %]
-[% IF !(cgi.param("reproduce_steps").match('^1\.\s*2\.\s*3\.\s*$') || cgi.param("reproduce_steps").match('^\s*$')) %]
+[% IF !(cgi_param("reproduce_steps").match('^1\.\s*2\.\s*3\.\s*$') || cgi_param("reproduce_steps").match('^\s*$')) %]
Steps to Reproduce:
-[%+ cgi.param("reproduce_steps") %]
+[%+ cgi_param("reproduce_steps") %]
[% END %]
-[% IF cgi.param("actual_results") -%]
+[% IF cgi_param("actual_results") -%]
Actual Results:
-[%+ cgi.param("actual_results") %]
+[%+ cgi_param("actual_results") %]
[% END %]
-[% IF cgi.param("expected_results") %]
+[% IF cgi_param("expected_results") %]
Expected Results:
-[%+ cgi.param("expected_results") %]
+[%+ cgi_param("expected_results") %]
[% END %]
-[%+ cgi.param("additional_info") %]
+[%+ cgi_param("additional_info") %]
diff --git a/template/en/default/bug/create/comment.txt.tmpl b/template/en/default/bug/create/comment.txt.tmpl
index 4cd78ddd1..8eb6bfaf0 100644
--- a/template/en/default/bug/create/comment.txt.tmpl
+++ b/template/en/default/bug/create/comment.txt.tmpl
@@ -5,8 +5,7 @@
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
#%]
-[% USE Bugzilla %]
-[% Hook.process("form") %]
+[% Hook.process("form") %]
-[% Bugzilla.cgi.param("comment") %]
+[% cgi_param("comment") %]
diff --git a/template/en/default/bug/create/create-guided.html.tmpl b/template/en/default/bug/create/create-guided.html.tmpl
index 1adae4588..0169d9e6b 100644
--- a/template/en/default/bug/create/create-guided.html.tmpl
+++ b/template/en/default/bug/create/create-guided.html.tmpl
@@ -10,9 +10,6 @@
# This template has the same interface as create.html.tmpl
#%]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
-
[% PROCESS global/header.html.tmpl
title = "Enter $terms.ABug"
onload = "PutDescription()"
@@ -165,8 +162,8 @@ function PutDescription() {
</tr>
[%# Accept URL parameter build ID for non-browser products %]
- [% IF cgi.param("buildid") %]
- [% buildid = cgi.param("buildid") %]
+ [% IF cgi_param("buildid") %]
+ [% buildid = cgi_param("buildid") %]
[% END %]
<tr class="guided_form_field">
diff --git a/template/en/default/bug/process/header.html.tmpl b/template/en/default/bug/process/header.html.tmpl
index 55de0c324..b95e1dcd3 100644
--- a/template/en/default/bug/process/header.html.tmpl
+++ b/template/en/default/bug/process/header.html.tmpl
@@ -10,13 +10,11 @@
# As global/header.html.tmpl.
#%]
-[% USE Bugzilla %]
-
[% PROCESS "bug/show-header.html.tmpl" %]
-[% IF title_tag == "bug_processed" %]
+[% IF title_tag == "bug_processed" %]
[% title = BLOCK %]
- [% IF Bugzilla.cgi.param('id') %]
+ [% IF cgi_param('id') %]
[%+ id FILTER html %]
[% ELSE %]
[% terms.Bugs %]
diff --git a/template/en/default/bug/process/midair.html.tmpl b/template/en/default/bug/process/midair.html.tmpl
index f89590df2..ca7e095c1 100644
--- a/template/en/default/bug/process/midair.html.tmpl
+++ b/template/en/default/bug/process/midair.html.tmpl
@@ -15,10 +15,6 @@
# bug: Bugzilla::Bug; the bug being changed.
#%]
-[%# The global Bugzilla->cgi object is used to obtain form variable values. %]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
-
[% UNLESS header_done %]
[% PROCESS bug/process/header.html.tmpl %]
[% END %]
@@ -45,11 +41,11 @@
</p>
[% END %]
-[% IF cgi.param("comment") %]
+[% IF cgi_param("comment") %]
<p>
Your comment was:<br>
<blockquote><pre class="bz_comment_text">
- [% cgi.param("comment") FILTER html %]
+ [% cgi_param("comment") FILTER html %]
</pre></blockquote>
</p>
[% END %]
@@ -70,16 +66,16 @@ You have the following choices:
[% ", except for the added comment(s)" IF comments.size %].
</form>
</li>
- [% IF cgi.param("comment") %]
+ [% IF cgi_param("comment") %]
<li>
<form method="post" action="process_bug.cgi">
- <input type="hidden" name="id" value="[% cgi.param("id") FILTER html %]">
+ <input type="hidden" name="id" value="[% cgi_param("id") FILTER html %]">
<input type="hidden" name="delta_ts" value="[% bug.delta_ts FILTER html %]">
- <input type="hidden" name="comment" value="[% cgi.param("comment") FILTER html %]">
- <input type="hidden" name="use_markdown" value="[% cgi.param("use_markdown") FILTER html %]">
+ <input type="hidden" name="comment" value="[% cgi_param("comment") FILTER html %]">
+ <input type="hidden" name="use_markdown" value="[% cgi_param("use_markdown") FILTER html %]">
<input type="hidden" name="comment_is_private"
- value="[% cgi.param("comment_is_private") FILTER html %]">
- <input type="hidden" name="token" value="[% cgi.param("token") FILTER html %]">
+ value="[% cgi_param("comment_is_private") FILTER html %]">
+ <input type="hidden" name="token" value="[% cgi_param("token") FILTER html %]">
<input type="submit" id="process_comment" value="Submit only my new comment">
</form>
</li>
diff --git a/template/en/default/bug/process/verify-new-product.html.tmpl b/template/en/default/bug/process/verify-new-product.html.tmpl
index c562bf54d..837a9836f 100644
--- a/template/en/default/bug/process/verify-new-product.html.tmpl
+++ b/template/en/default/bug/process/verify-new-product.html.tmpl
@@ -17,6 +17,9 @@
# verify_bug_groups: If groups need to be confirmed in addition to fields.
#%]
+[% USE Bugzilla %]
+[% cgi = Bugzilla.cgi %]
+
[% PROCESS global/header.html.tmpl
title = 'Verify New Product Details...'
style_urls = ['skins/standard/buglist.css']
@@ -165,14 +168,14 @@
<input type="checkbox" name="defined_groups"
id="defined_group_[% group.group.id FILTER html %]"
value="[% group.group.name FILTER html %]"
- [% IF cgi.param("defined_groups").contains(group.group.name) %] checked="checked"[% END %]
+ [% IF cgi.multi_param("defined_groups").contains(group.group.name) %] checked="checked"[% END %]
onchange="turn_off(this, 'group_[% group.group.id FILTER html %]')">
</td>
<td class="center">
<input type="checkbox" name="groups"
id="group_[% group.group.id FILTER html %]"
value="[% group.group.name FILTER html %]"
- [% IF cgi.param("groups").contains(group.group.name) %] checked="checked"[% END %]
+ [% IF cgi.multi_param("groups").contains(group.group.name) %] checked="checked"[% END %]
onchange="turn_off(this, 'defined_group_[% group.group.id FILTER html %]')">
</td>
<td>
@@ -189,7 +192,7 @@
name="groups"
[% ' checked="checked"' IF ((group.membercontrol == constants.CONTROLMAPDEFAULT && user.in_group(group.group.name))
|| (group.othercontrol == constants.CONTROLMAPDEFAULT && !user.in_group(group.group.name))
- || cgi.param("groups").contains(group.group.name)) %]
+ || cgi.multi_param("groups").contains(group.group.name)) %]
value="[% group.group.name FILTER html %]">
<label for="group_[% group.group.id FILTER html %]">
[% group.group.name FILTER html %]: [% group.group.description FILTER html %]
@@ -224,8 +227,8 @@
[%# If 'id' is defined, then we are editing a single bug.
# Else we are editing several bugs at once. %]
-[% IF cgi.param('id') AND cgi.param('id').match('^\d+$') %]
- [% id = cgi.param('id') %]
+[% IF cgi_param('id') AND cgi_param('id').match('^\d+$') %]
+ [% id = cgi_param('id') %]
Cancel and Return to [% "$terms.bug $id" FILTER bug_link(id) FILTER none %]
[% ELSE %]
Cancel and Return to <a href="buglist.cgi?regetlastlist=1">the last search results</a>
diff --git a/template/en/default/bug/show.xml.tmpl b/template/en/default/bug/show.xml.tmpl
index 10ec0a3c1..2b2d32d5a 100644
--- a/template/en/default/bug/show.xml.tmpl
+++ b/template/en/default/bug/show.xml.tmpl
@@ -6,10 +6,9 @@
# defined by the Mozilla Public License, v. 2.0.
#%]
[% PROCESS bug/time.html.tmpl %]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
+
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
-<!DOCTYPE bugzilla [% IF cgi.param('dtd') %][[% PROCESS pages/bugzilla.dtd.tmpl %]][% ELSE %]SYSTEM "[% urlbase FILTER xml %]page.cgi?id=bugzilla.dtd"[% END %]>
+<!DOCTYPE bugzilla [% IF cgi_param('dtd') %][[% PROCESS pages/bugzilla.dtd.tmpl %]][% ELSE %]SYSTEM "[% urlbase FILTER xml %]page.cgi?id=bugzilla.dtd"[% END %]>
<bugzilla version="[% constants.BUGZILLA_VERSION %]"
urlbase="[% urlbase FILTER xml %]"
diff --git a/template/en/default/global/confirm-user-match.html.tmpl b/template/en/default/global/confirm-user-match.html.tmpl
index 613f097e1..b497256a3 100644
--- a/template/en/default/global/confirm-user-match.html.tmpl
+++ b/template/en/default/global/confirm-user-match.html.tmpl
@@ -41,13 +41,11 @@
[% IF matchsuccess == 1 %]
[% PROCESS global/header.html.tmpl title="Confirm Match" %]
- [% USE Bugzilla %]
-
<form method="post"
[% IF script -%]
action="[% script %]"
[%- END -%]
- [% IF Bugzilla.cgi.param("data") %]
+ [% IF cgi_param("data") %]
enctype="multipart/form-data"
[% END %]
>
@@ -147,7 +145,7 @@
[% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
[% FOREACH key IN matches.keys %]
- [% exclude_these.push(key) IF Bugzilla.cgi.param(key) == '' %]
+ [% exclude_these.push(key) IF cgi_param(key) == '' %]
[% END %]
[% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
[% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
diff --git a/template/en/default/global/hidden-fields.html.tmpl b/template/en/default/global/hidden-fields.html.tmpl
index 88d267354..f8f353233 100644
--- a/template/en/default/global/hidden-fields.html.tmpl
+++ b/template/en/default/global/hidden-fields.html.tmpl
@@ -16,12 +16,9 @@
[% cgi = Bugzilla.cgi %]
[%# Generate hidden form fields for non-excluded fields. %]
-[% FOREACH field = cgi.param() %]
+[% FOREACH field = cgi.multi_param() %]
[% NEXT IF exclude && field.search(exclude) %]
- [%# The '.slice(0)' bit is here to force the 'param(field)' to be evaluated
- in a list context, so we can avoid extra code checking for single valued or
- empty fields %]
- [% IF field == "data" && cgi.param("data") %]
+ [% IF field == "data" && cgi_param("data") %]
<div class="box">
<p>
We were unable to store the file you uploaded because of incomplete information
@@ -30,7 +27,7 @@
remaining missing information above.
</p>
<p>
- Please re-attach the file <b>[% cgi.param(field) FILTER html %]</b> in
+ Please re-attach the file <b>[% cgi_param(field) FILTER html %]</b> in
the field below:
</p>
<p>
@@ -38,7 +35,7 @@
</p>
</div>
[% ELSE %]
- [% FOREACH mvalue = cgi.param(field).slice(0) %]
+ [% FOREACH mvalue = cgi.multi_param(field) %]
<input type="hidden" name="[% field FILTER html %]"
value="[% mvalue FILTER html_linebreak %]">
[% END %]
diff --git a/template/en/default/global/product-select.html.tmpl b/template/en/default/global/product-select.html.tmpl
index 23a7b3d58..f9e5670ad 100644
--- a/template/en/default/global/product-select.html.tmpl
+++ b/template/en/default/global/product-select.html.tmpl
@@ -69,7 +69,7 @@
<optgroup label="[% c FILTER html %]">
[% FOREACH p = classifications.$c %]
<option value="[% p.$valueattribute FILTER html %]"
- [% " selected" IF (cgi.param(name) == p.name) || (value.contains(p.name)) %]>
+ [% " selected" IF cgi_param(name) == p.name || value.contains(p.name) %]>
[% p.name FILTER html %]
</option>
[% END %]
@@ -81,7 +81,7 @@
[% END %]
[% FOREACH p = products %]
<option value="[% p.$valueattribute FILTER html %]"
- [% " selected" IF (cgi.param(name) == p.name) || (value.contains(p.name)) %]>
+ [% " selected" IF cgi_param(name) == p.name || value.contains(p.name) %]>
[% p.name FILTER html %]
</option>
[% END %]
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 8c0cc8b7a..bd8c54f2d 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -2036,29 +2036,28 @@
Please press <b>Back</b> and try again.
</p>
-[%# If a saved search fails, people want the ability to edit or delete it.
+[%# If a saved search fails, people want the ability to edit or delete it.
# This is the best way of getting information about that possible saved
# search from any error call location. %]
-[% namedcmd = Bugzilla.cgi.param("namedcmd") %]
-[% sharer_id = Bugzilla.cgi.param("sharer_id") %]
+[% namedcmd = cgi_param("namedcmd") %]
[% IF namedcmd AND error != "missing_query"
AND error != "saved_search_used_by_whines"
- AND !sharer_id %]
- <p>
- Alternatively, you can
+ AND !cgi_param("sharer_id") %]
+ <p>
+ Alternatively, you can
<a href="buglist.cgi?cmdtype=dorem&amp;remaction=forget&amp;namedcmd=
[% namedcmd FILTER uri %]">forget</a>
-
+
[% FOREACH q = Bugzilla.user.queries %]
[% IF q.name == namedcmd %]
or <a href="query.cgi?[% q.url FILTER html %]">edit</a>
[% END %]
[% END %]
-
+
the saved search '[% namedcmd FILTER html %]'.
</p>
-[% END %]
+[% END %]
[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index 42af50123..190486b12 100644
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -33,11 +33,11 @@
[% IF quicksearch %]
[% new_param = BLOCK ~%]
quicksearch=[% quicksearch FILTER uri %]
- [%~ IF cgi.param('list_id') ~%]
- &list_id=[% cgi.param('list_id') FILTER uri %]
+ [%~ IF cgi_param('list_id') ~%]
+ &list_id=[% cgi_param('list_id') FILTER uri %]
[%~ END %]
[% END %]
- [% ELSIF cgi.param('token') != '' %]
+ [% ELSIF cgi_param('token') != '' %]
[% new_param = cgi.canonicalise_query('token', 'cmdtype', 'remtype') %]
[% ELSE %]
[% new_param = cgi.canonicalise_query %]
diff --git a/template/en/default/pages/linked.html.tmpl b/template/en/default/pages/linked.html.tmpl
index ab74470c2..e7e55fa8a 100644
--- a/template/en/default/pages/linked.html.tmpl
+++ b/template/en/default/pages/linked.html.tmpl
@@ -7,8 +7,6 @@
#%]
[% INCLUDE global/header.html.tmpl title = "Your Linkified Text" %]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
<p>
Copy and paste the text below:
@@ -18,7 +16,7 @@
<p>
<pre class="bz_comment_text">
-[%- cgi.param("text") FILTER markdown FILTER html -%]
+[%- cgi_param("text") FILTER markdown FILTER html -%]
</pre>
</p>
@@ -33,7 +31,7 @@
<p>
<pre class="bz_comment_text">
-[%- cgi.param("text") FILTER markdown -%]
+[%- cgi_param("text") FILTER markdown -%]
</pre>
</p>
diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl
index 6e7ad0c50..9c172ab06 100644
--- a/template/en/default/reports/keywords.html.tmpl
+++ b/template/en/default/reports/keywords.html.tmpl
@@ -18,8 +18,8 @@
title = "$terms.Bugzilla Keyword Descriptions"
style_urls = ['skins/standard/admin.css']
%]
-[% cgi = Bugzilla.cgi %]
-[% show_inactive_keywords = cgi.param("show_inactive_keywords") %]
+
+[% show_inactive_keywords = cgi_param("show_inactive_keywords") %]
<script>
$(document).ready(function () {
diff --git a/template/en/default/request/queue.html.tmpl b/template/en/default/request/queue.html.tmpl
index fd3dbde8a..fe26c53b6 100644
--- a/template/en/default/request/queue.html.tmpl
+++ b/template/en/default/request/queue.html.tmpl
@@ -6,9 +6,6 @@
# defined by the Mozilla Public License, v. 2.0.
#%]
-[% USE Bugzilla %]
-[% cgi = Bugzilla.cgi %]
-
[% PROCESS "global/js-products.html.tmpl" %]
[% PROCESS global/header.html.tmpl
@@ -36,7 +33,7 @@ to some group are shown by default.
[% INCLUDE global/userselect.html.tmpl
id => "requester"
name => "requester"
- value => cgi.param('requester')
+ value => cgi_param('requester')
size => 20
emptyok => 1
field_title => "Requester's email address"
@@ -56,7 +53,7 @@ to some group are shown by default.
[% PROCESS "global/select-menu.html.tmpl"
name="type"
options=types
- default=cgi.param('type') %]
+ default=cgi_param('type') %]
</td>
[%# We could let people see a "queue" of non-pending requests. %]
@@ -66,7 +63,7 @@ to some group are shown by default.
[%# PROCESS "global/select-menu.html.tmpl"
name="status"
options=["all", "?", "+-", "+", "-"]
- default=cgi.param('status') %]
+ default=cgi_param('status') %]
</td>
-->
@@ -77,7 +74,7 @@ to some group are shown by default.
[% INCLUDE global/userselect.html.tmpl
id => "requestee"
name => "requestee"
- value => cgi.param('requestee')
+ value => cgi_param('requestee')
size => 20
emptyok => 1
hyphenok => 1
@@ -89,7 +86,7 @@ to some group are shown by default.
<select name="component">
<option value="">Any</option>
[% FOREACH comp = components %]
- <option value="[% comp FILTER html %]" [% "selected" IF cgi.param('component') == comp %]>
+ <option value="[% comp FILTER html %]" [% "selected" IF cgi_param('component') == comp %]>
[% comp FILTER html %]</option>
[% END %]
</select>
@@ -102,7 +99,8 @@ to some group are shown by default.
"Flag" => 'type' ,
"Product/Component" => 'category'
} %]
- [% PROCESS "global/select-menu.html.tmpl" name="group" options=groups default=cgi.param('group') %]
+ [% PROCESS "global/select-menu.html.tmpl"
+ name = "group", options = groups, default = cgi_param('group') %]
</td>
</tr>
<tr>
@@ -110,7 +108,7 @@ to some group are shown by default.
<td>
<select id="do_union" name="do_union">
<option value="0">Match the requester AND requestee</option>
- <option value="1" [% 'selected="selected"' IF cgi.param('do_union') %]>
+ <option value="1" [% 'selected="selected"' IF cgi_param('do_union') %]>
Match the requester OR requestee</option>
</select>
</td>
diff --git a/userprefs.cgi b/userprefs.cgi
index d7366a878..c94c63f5f 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -77,7 +77,7 @@ sub SaveAccount {
my $verified_password;
my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2');
- my $new_login_name = trim($cgi->param('new_login_name'));
+ my $new_login_name = trim(scalar $cgi->param('new_login_name'));
if ($user->authorizer->can_change_password
&& ($pwd1 ne "" || $pwd2 ne ""))
@@ -117,7 +117,7 @@ sub SaveAccount {
}
}
- $user->set_name($cgi->param('realname'));
+ $user->set_name(scalar $cgi->param('realname'));
$user->update({ keep_session => 1, keep_tokens => 1 });
$dbh->bz_commit_transaction;
}
@@ -301,7 +301,7 @@ sub SaveEmail {
}
if (defined $cgi->param('remove_watched_users')) {
- my @removed = $cgi->param('watched_by_you');
+ my @removed = $cgi->multi_param('watched_by_you');
# Remove people who were removed.
my $delete_sth = $dbh->prepare('DELETE FROM watch WHERE watched = ?'
. ' AND watcher = ?');
@@ -331,7 +331,7 @@ sub SaveEmail {
map { $ignored_bugs{$_} = 1 } @add_ignored;
# Remove any bug ids the user no longer wants to ignore
- foreach my $key (grep(/^remove_ignored_bug_/, $cgi->param)) {
+ foreach my $key (grep(/^remove_ignored_bug_/, $cgi->multi_param())) {
my ($bug_id) = $key =~ /(\d+)$/a;
delete $ignored_bugs{$bug_id};
}
diff --git a/xt/extensions/QA/Extension.pm b/xt/extensions/QA/Extension.pm
index 9f60ea95b..2259cfecc 100644
--- a/xt/extensions/QA/Extension.pm
+++ b/xt/extensions/QA/Extension.pm
@@ -31,7 +31,7 @@ sub page_before_template {
print $cgi->header;
# Needed to make sure he can access and edit bugs.
- my $user = Bugzilla::User->check($cgi->param('sender'));
+ my $user = Bugzilla::User->check(scalar $cgi->param('sender'));
Bugzilla->set_user($user);
my ($output, $tmpl_file);
@@ -47,7 +47,7 @@ sub page_before_template {
elsif ($action =~ /^update(_with_headers)?$/) {
my $f = $1 || '';
$tmpl_file = "qa/update_bug$f.txt.tmpl";
- my $bug = Bugzilla::Bug->check($cgi->param('bug_id'));
+ my $bug = Bugzilla::Bug->check(scalar $cgi->param('bug_id'));
$vars->{bug_id} = $bug->id;
}
else {