diff options
| -rwxr-xr-x | Bugzilla/Bug.pm | 54 | ||||
| -rwxr-xr-x | post_bug.cgi | 9 | ||||
| -rwxr-xr-x | process_bug.cgi | 38 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 6 |
4 files changed, 71 insertions, 36 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 7d93139a1..4439a7993 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -50,7 +50,7 @@ use Bugzilla::Error; use base qw(Exporter); @Bugzilla::Bug::EXPORT = qw( AppendComment ValidateComment - bug_alias_to_id + bug_alias_to_id ValidateBugAlias RemoveVotes CheckIfVotedConfirmed ); @@ -982,6 +982,58 @@ sub CheckIfVotedConfirmed { return $ret; } +# +# Field Validation +# + +# ValidateBugAlias: +# Check that the bug alias is valid and not used by another bug. If +# curr_id is specified, verify the alias is not used for any other +# bug id. +sub ValidateBugAlias { + my ($alias, $curr_id) = @_; + my $dbh = Bugzilla->dbh; + + $alias = trim($alias || ""); + trick_taint($alias); + + if ($alias eq "") { + ThrowUserError("alias_not_defined"); + } + + # Make sure the alias isn't too long. + if (length($alias) > 20) { + ThrowUserError("alias_too_long"); + } + + # Make sure the alias is unique. + my $query = "SELECT bug_id FROM bugs WHERE alias = ?"; + if (detaint_natural($curr_id)) { + $query .= " AND bug_id != $curr_id"; + } + my $id = $dbh->selectrow_array($query, undef, $alias); + + my $vars = {}; + $vars->{'alias'} = $alias; + if ($id) { + $vars->{'bug_link'} = &::GetBugLink($id, $id); + ThrowUserError("alias_in_use", $vars); + } + + # Make sure the alias isn't just a number. + if ($alias =~ /^\d+$/) { + ThrowUserError("alias_is_numeric", $vars); + } + + # Make sure the alias has no commas or spaces. + if ($alias =~ /[, ]/) { + ThrowUserError("alias_has_comma_or_space", $vars); + } + + $_[0] = $alias; +} + + sub AUTOLOAD { use vars qw($AUTOLOAD); my $attr = $AUTOLOAD; diff --git a/post_bug.cgi b/post_bug.cgi index 9bc87e593..9a4860409 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -144,6 +144,15 @@ my @bug_fields = ("version", "rep_platform", "bug_status", "bug_file_loc", "short_desc", "target_milestone", "status_whiteboard"); +if (Param("usebugaliases")) { + my $alias = trim($cgi->param('alias') || ""); + if ($alias ne "") { + ValidateBugAlias($alias); + $cgi->param('alias', $alias); + push (@bug_fields,"alias"); + } +} + # Retrieve the default QA contact if the field is empty if (Param("useqacontact")) { my $qa_contact; diff --git a/process_bug.cgi b/process_bug.cgi index b62271e8b..6eb82fc5a 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -768,47 +768,17 @@ if (Param("usebugaliases") && defined $cgi->param('alias')) { # for one bug at a time, so ignore the alias change unless only a single # bug is being changed. if (scalar(@idlist) == 1) { - # Validate the alias if the user entered one. - if ($alias ne "") { - # Make sure the alias isn't too long. - if (length($alias) > 20) { - ThrowUserError("alias_too_long"); - } - - # Make sure the alias is unique. - my $escaped_alias = SqlQuote($alias); - my $vars = { alias => $alias }; - - SendSQL("SELECT bug_id FROM bugs WHERE alias = $escaped_alias " . - "AND bug_id != $idlist[0]"); - my $id = FetchOneColumn(); - - if ($id) { - $vars->{'bug_link'} = GetBugLink($id, "Bug $id"); - ThrowUserError("alias_in_use", $vars); - } - - # Make sure the alias isn't just a number. - if ($alias =~ /^\d+$/) { - ThrowUserError("alias_is_numeric", $vars); - } - - # Make sure the alias has no commas or spaces. - if ($alias =~ /[, ]/) { - ThrowUserError("alias_has_comma_or_space", $vars); - } - } - # Add the alias change to the query. If the field contains the blank # value, make the field be NULL to indicate that the bug has no alias. # Otherwise, if the field contains a value, update the record # with that value. DoComma(); $::query .= "alias = "; - if ($alias eq "") { - $::query .= "NULL"; + if ($alias ne "") { + ValidateBugAlias($alias, $idlist[0]); + $::query .= $dbh->quote($alias); } else { - $::query .= SqlQuote($alias); + $::query .= "NULL"; } } } diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 98cd7418b..6c1af5b26 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -76,9 +76,13 @@ [% ELSIF error == "alias_in_use" %] [% title = "Alias In Use" %] - [% bug_link FILTER none %] has already taken the alias + [% terms.Bug %] [%+ bug_link FILTER none %] has already taken the alias <em>[% alias FILTER html %]</em>. Please choose another one. + [% ELSIF error == "alias_not_defined" %] + [% title = "Alias Is Not Defined" %] + You did not supply an alias to this [% terms.bug %]. + [% ELSIF error == "alias_is_numeric" %] [% title = "Alias Is Numeric" %] You tried to give this [% terms.bug %] the alias <em>[% alias FILTER html %]</em>, |