diff options
| -rwxr-xr-x | describecomponents.cgi | 14 | ||||
| -rwxr-xr-x | describekeywords.cgi | 28 | ||||
| -rwxr-xr-x | duplicates.cgi | 7 | ||||
| -rwxr-xr-x | quips.cgi | 36 | ||||
| -rwxr-xr-x | report.cgi | 7 | ||||
| -rwxr-xr-x | request.cgi | 26 | ||||
| -rwxr-xr-x | showdependencygraph.cgi | 33 | ||||
| -rwxr-xr-x | showdependencytree.cgi | 40 |
8 files changed, 98 insertions, 93 deletions
diff --git a/describecomponents.cgi b/describecomponents.cgi index 4ce103905..1b1ccbfe0 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -35,6 +35,7 @@ my $user = Bugzilla->login(); GetVersionTable(); my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; my $product = trim($cgi->param('product') || ''); @@ -87,12 +88,13 @@ if (!$product_id || !$user->can_enter_product($product)) { ###################################################################### my @components; -SendSQL("SELECT name, initialowner, initialqacontact, description FROM " . - "components WHERE product_id = $product_id ORDER BY name"); -while (MoreSQLData()) { - my ($name, $initialowner, $initialqacontact, $description) = - FetchSQLData(); - +my $comps = $dbh->selectall_arrayref( + q{SELECT name, initialowner, initialqacontact, description + FROM components + WHERE product_id = ? + ORDER BY name}, undef, $product_id); +foreach my $comp (@$comps) { + my ($name, $initialowner, $initialqacontact, $description) = @$comp; my %component; $component{'name'} = $name; diff --git a/describekeywords.cgi b/describekeywords.cgi index 19140199f..2b21e712c 100755 --- a/describekeywords.cgi +++ b/describekeywords.cgi @@ -36,25 +36,17 @@ my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; -SendSQL("SELECT keyworddefs.name, keyworddefs.description, - COUNT(keywords.bug_id) - FROM keyworddefs LEFT JOIN keywords - ON keyworddefs.id = keywords.keywordid " . +my $keywords = $dbh->selectall_arrayref( + q{SELECT keyworddefs.name, keyworddefs.description, + COUNT(keywords.bug_id) AS bugcount + FROM keyworddefs + LEFT JOIN keywords + ON keyworddefs.id = keywords.keywordid } . $dbh->sql_group_by('keyworddefs.id', - 'keyworddefs.name, keyworddefs.description') . " - ORDER BY keyworddefs.name"); - -my @keywords; - -while (MoreSQLData()) { - my ($name, $description, $bugs) = FetchSQLData(); - - push (@keywords, { name => $name, - description => $description, - bugcount => $bugs }); -} - -$vars->{'keywords'} = \@keywords; + 'keyworddefs.name, keyworddefs.description') . + " ORDER BY keyworddefs.name", {'Slice' => {}}); + +$vars->{'keywords'} = $keywords; $vars->{'caneditkeywords'} = UserInGroup("editkeywords"); print Bugzilla->cgi->header(); diff --git a/duplicates.cgi b/duplicates.cgi index 98b307526..30f027103 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -37,6 +37,7 @@ use Bugzilla::Config qw(:DEFAULT $datadir); use Bugzilla::Constants; my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; # Go directly to the XUL version of the duplicates report (duplicates.xul) # if the user specified ctype=xul. Adds params if they exist, and directs @@ -231,13 +232,13 @@ if (scalar(%count)) { 'params' => $params, ); - SendSQL($query->getSQL()); + my $results = $dbh->selectall_arrayref($query->getSQL()); - while (MoreSQLData()) { + foreach my $result (@$results) { # Note: maximum row count is dealt with in the template. my ($id, $component, $bug_severity, $op_sys, $target_milestone, - $short_desc, $bug_status, $resolution) = FetchSQLData(); + $short_desc, $bug_status, $resolution) = @$result; push (@bugs, { id => $id, count => $count{$id}, @@ -36,6 +36,7 @@ use Bugzilla::Constants; Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; @@ -43,23 +44,24 @@ my $action = $cgi->param('action') || ""; if ($action eq "show") { # Read in the entire quip list - SendSQL("SELECT quipid, userid, quip, approved FROM quips"); + my $quipsref = $dbh->selectall_arrayref( + "SELECT quipid, userid, quip, approved FROM quips"); my $quips; my @quipids; - while (MoreSQLData()) { - my ($quipid, $userid, $quip, $approved) = FetchSQLData(); + foreach my $quipref (@$quipsref) { + my ($quipid, $userid, $quip, $approved) = @$quipref; $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 'approved' => $approved}; push(@quipids, $quipid); } my $users; + my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?"); foreach my $quipid (@quipids) { my $userid = $quips->{$quipid}{'userid'}; if ($userid && not defined $users->{$userid}) { - SendSQL("SELECT login_name FROM profiles WHERE userid = $userid"); - $users->{$userid} = FetchOneColumn(); + ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid); } } $vars->{'quipids'} = \@quipids; @@ -77,20 +79,21 @@ if ($action eq "add") { (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0; my $comment = $cgi->param("quip"); $comment || ThrowUserError("need_quip"); + trick_taint($comment); # Used in a placeholder below - SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " . - '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')'); + $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)", + undef, ($userid, $comment, $approved)); $vars->{'added_quip'} = $comment; } if ($action eq 'approve') { # Read in the entire quip list - SendSQL("SELECT quipid, approved FROM quips"); - + my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips"); + my %quips; - while (MoreSQLData()) { - my ($quipid, $approved) = FetchSQLData(); + foreach my $quipref (@$quipsref) { + my ($quipid, $approved) = @$quipref; $quips{$quipid} = $approved; } @@ -103,9 +106,9 @@ if ($action eq 'approve') { else { push(@unapproved, $quipid); } } } - SendSQL("UPDATE quips SET approved = 1 WHERE quipid IN (" . + $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" . join(",", @approved) . ")") if($#approved > -1); - SendSQL("UPDATE quips SET approved = 0 WHERE quipid IN (" . + $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" . join(",", @unapproved) . ")") if($#unapproved > -1); $vars->{ 'approved' } = \@approved; $vars->{ 'unapproved' } = \@unapproved; @@ -120,9 +123,10 @@ if ($action eq "delete") { ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; $quipid = $1; - SendSQL("SELECT quip FROM quips WHERE quipid = $quipid"); - $vars->{'deleted_quip'} = FetchSQLData(); - SendSQL("DELETE FROM quips WHERE quipid = $quipid"); + ($vars->{'deleted_quip'}) = $dbh->selectrow_array( + "SELECT quip FROM quips WHERE quipid = ?", + undef, $quipid); + $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid); } print $cgi->header(); diff --git a/report.cgi b/report.cgi index ad92e27f3..4e2152542 100755 --- a/report.cgi +++ b/report.cgi @@ -35,6 +35,7 @@ my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; my $vars = {}; my $buffer = $cgi->query_string(); +my $dbh = Bugzilla->dbh; # Go straight back to query.cgi if we are adding a boolean chart. if (grep(/^cmd-/, $cgi->param())) { @@ -149,7 +150,7 @@ my $query = $search->getSQL(); $::SIG{TERM} = 'DEFAULT'; $::SIG{PIPE} = 'DEFAULT'; -SendSQL($query); +my $results = $dbh->selectall_arrayref($query); # We have a hash of hashes for the data itself, and a hash to hold the # row/col/table names. @@ -165,8 +166,8 @@ my $col_isnumeric = 1; my $row_isnumeric = 1; my $tbl_isnumeric = 1; -while (MoreSQLData()) { - my ($row, $col, $tbl) = FetchSQLData(); +foreach my $result (@$results) { + my ($row, $col, $tbl) = @$result; # handle empty dimension member names $row = ' ' if ($row eq ''); diff --git a/request.cgi b/request.cgi index 5506f79ce..689615b32 100755 --- a/request.cgi +++ b/request.cgi @@ -157,14 +157,17 @@ sub queue { # Filter results by exact email address of requester or requestee. if (defined $cgi->param('requester') && $cgi->param('requester') ne "") { - push(@criteria, $dbh->sql_istrcmp('requesters.login_name', - SqlQuote($cgi->param('requester')))); + my $requester = $dbh->quote($cgi->param('requester')); + trick_taint($requester); # Quoted above + push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester)); push(@excluded_columns, 'requester') unless $cgi->param('do_union'); } if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") { if ($cgi->param('requestee') ne "-") { + my $requestee = $dbh->quote($cgi->param('requestee')); + trick_taint($requestee); # Quoted above push(@criteria, $dbh->sql_istrcmp('requestees.login_name', - SqlQuote($cgi->param('requestee')))); + $requestee)); } else { push(@criteria, "flags.requestee_id IS NULL") } push(@excluded_columns, 'requestee') unless $cgi->param('do_union'); @@ -203,8 +206,10 @@ sub queue { } } if (!$has_attachment_type) { push(@excluded_columns, 'attachment') } - - push(@criteria, "flagtypes.name = " . SqlQuote($form_type)); + + my $quoted_form_type = $dbh->quote($form_type); + trick_taint($quoted_form_type); # Already SQL quoted + push(@criteria, "flagtypes.name = " . $quoted_form_type); push(@excluded_columns, 'type') unless $cgi->param('do_union'); } @@ -252,10 +257,10 @@ sub queue { $vars->{'query'} = $query; $vars->{'debug'} = $cgi->param('debug') ? 1 : 0; - SendSQL($query); + my $results = $dbh->selectall_arrayref($query); my @requests = (); - while (MoreSQLData()) { - my @data = FetchSQLData(); + foreach my $result (@$results) { + my @data = @$result; my $request = { 'id' => $data[0] , 'type' => $data[1] , @@ -274,8 +279,9 @@ sub queue { # Get a list of request type names to use in the filter form. my @types = ("all"); - SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name"); - push(@types, FetchOneColumn()) while MoreSQLData(); + my $flagtypes = $dbh->selectcol_arrayref( + "SELECT DISTINCT(name) FROM flagtypes ORDER BY name"); + push(@types, @$flagtypes); $vars->{'products'} = $user->get_selectable_products; $vars->{'excluded_columns'} = \@excluded_columns; diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index fee477f3a..4fe63df2a 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -36,6 +36,7 @@ require "globals.pl"; Bugzilla->login(); my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; @@ -122,10 +123,11 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey] my %baselist; if ($cgi->param('doall')) { - SendSQL("SELECT blocked, dependson FROM dependencies"); + my $dependencies = $dbh->selectall_arrayref( + "SELECT blocked, dependson FROM dependencies"); - while (MoreSQLData()) { - my ($blocked, $dependson) = FetchSQLData(); + foreach my $dependency (@$dependencies) { + my ($blocked, $dependson) = @$dependency; AddLink($blocked, $dependson, $fh); } } else { @@ -136,12 +138,14 @@ if ($cgi->param('doall')) { } my @stack = keys(%baselist); + my $sth = $dbh->prepare( + q{SELECT blocked, dependson + FROM dependencies + WHERE blocked = ? or dependson = ?}); foreach my $id (@stack) { - SendSQL("SELECT blocked, dependson - FROM dependencies - WHERE blocked = $id or dependson = $id"); - while (MoreSQLData()) { - my ($blocked, $dependson) = FetchSQLData(); + my $dependencies = $dbh->selectall_arrayref($sth, undef, ($id, $id)); + foreach my $dependency (@$dependencies) { + my ($blocked, $dependson) = @$dependency; if ($blocked != $id && !exists $seen{$blocked}) { push @stack, $blocked; } @@ -159,16 +163,13 @@ if ($cgi->param('doall')) { } } +my $sth = $dbh->prepare( + q{SELECT bug_status, resolution, short_desc + FROM bugs + WHERE bugs.bug_id = ?}); foreach my $k (keys(%seen)) { - my $summary = ""; - my $stat; - my $resolution; - # Retrieve bug information from the database - - SendSQL("SELECT bug_status, resolution, short_desc FROM bugs " . - "WHERE bugs.bug_id = $k"); - ($stat, $resolution, $summary) = FetchSQLData(); + my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k); $stat ||= 'NEW'; $resolution ||= ''; $summary ||= ''; diff --git a/showdependencytree.cgi b/showdependencytree.cgi index dede3e1c7..e369b4d86 100755 --- a/showdependencytree.cgi +++ b/showdependencytree.cgi @@ -33,6 +33,7 @@ use Bugzilla::Bug; Bugzilla->login(); my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; @@ -145,27 +146,26 @@ sub GetBug { # Retrieves the necessary information about a bug, stores it in the bug cache, # and returns it to the calling code. my ($id) = @_; - + my $dbh = Bugzilla->dbh; + my $bug = {}; if (Bugzilla->user->can_see_bug($id)) { - SendSQL("SELECT 1, + ($bug->{'exists'}, + $bug->{'status'}, + $bug->{'summary'}, + $bug->{'milestone'}, + $bug->{'assignee_id'}, + $bug->{'assignee_email'}) = $dbh->selectrow_array( + "SELECT 1, bug_status, short_desc, $milestone_column, assignee.userid, assignee.login_name - FROM bugs + FROM bugs INNER JOIN profiles AS assignee ON bugs.assigned_to = assignee.userid - WHERE bugs.bug_id = $id"); - - - ($bug->{'exists'}, - $bug->{'status'}, - $bug->{'summary'}, - $bug->{'milestone'}, - $bug->{'assignee_id'}, - $bug->{'assignee_email'}) = FetchSQLData(); + WHERE bugs.bug_id = ?", undef, $id); } $bug->{'open'} = $bug->{'exists'} && IsOpenedState($bug->{'status'}); @@ -176,19 +176,17 @@ sub GetBug { sub GetDependencies { # Returns a list of dependencies for a given bug. - my ($id, $relationship) = @_; - + my $dbh = Bugzilla->dbh; + my $bug_type = ($relationship eq "blocked") ? "dependson" : "blocked"; - SendSQL(" SELECT $relationship + my $dependencies = $dbh->selectcol_arrayref( + "SELECT $relationship FROM dependencies - WHERE $bug_type = $id - ORDER BY $relationship"); - - my @dependencies = (); - push(@dependencies, FetchOneColumn()) while MoreSQLData(); + WHERE $bug_type = ? + ORDER BY $relationship", undef, $id); - return @dependencies; + return @$dependencies; } |