diff options
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Attachment.pm | 7 | ||||
| -rw-r--r-- | Bugzilla/Auth.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/Auth/Login/CGI.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Auth/Login/Env.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Auth/Persist/Cookie.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Auth/Verify/LDAP.pm | 18 | ||||
| -rwxr-xr-x | Bugzilla/Bug.pm | 33 | ||||
| -rw-r--r-- | Bugzilla/BugMail.pm | 35 | ||||
| -rw-r--r-- | Bugzilla/Config.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/DB.pm | 12 | ||||
| -rw-r--r-- | Bugzilla/Flag.pm | 8 | ||||
| -rw-r--r-- | Bugzilla/FlagType.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/Mailer.pm | 23 | ||||
| -rw-r--r-- | Bugzilla/Search.pm | 28 | ||||
| -rw-r--r-- | Bugzilla/Search/Quicksearch.pm | 13 | ||||
| -rw-r--r-- | Bugzilla/Template.pm | 10 | ||||
| -rw-r--r-- | Bugzilla/Template/Plugin/Hook.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/Token.pm | 15 | ||||
| -rw-r--r-- | Bugzilla/User.pm | 51 |
19 files changed, 161 insertions, 124 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 78d326049..0ed77974f 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -413,7 +413,8 @@ sub _validate_filename { sub _validate_data { my ($throw_error, $hr_vars) = @_; my $cgi = Bugzilla->cgi; - my $maxsize = $cgi->param('ispatch') ? Param('maxpatchsize') : Param('maxattachmentsize'); + my $maxsize = $cgi->param('ispatch') ? Bugzilla->params->{'maxpatchsize'} + : Bugzilla->params->{'maxattachmentsize'}; $maxsize *= 1024; # Convert from K my $fh; # Skip uploading into a local variable if the user wants to upload huge @@ -439,7 +440,7 @@ sub _validate_data { # makes for a quick way to eat up disk space. Let's compress them. # We do this before we check the size since the uncompressed version # could easily be greater than maxattachmentsize. - if (Param('convert_uncompressed_images') + if (Bugzilla->params->{'convert_uncompressed_images'} && $cgi->param('contenttype') eq 'image/bmp') { require Image::Magick; my $img = Image::Magick->new(magick=>'bmp'); @@ -710,7 +711,7 @@ sub insert_attachment_for_bug { open(AH, ">$attachdir/$hash/attachment.$attachid"); binmode AH; my $sizecount = 0; - my $limit = (Param("maxlocalattachment") * 1048576); + my $limit = (Bugzilla->params->{"maxlocalattachment"} * 1048576); while (<$fh>) { print AH $_; $sizecount += length($_); diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index daacc677a..b6d378a43 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -44,8 +44,8 @@ sub new { my $self = fields::new($class); $params ||= {}; - $params->{Login} ||= Param('user_info_class') . ',Cookie'; - $params->{Verify} ||= Param('user_verify_class'); + $params->{Login} ||= Bugzilla->params->{'user_info_class'} . ',Cookie'; + $params->{Verify} ||= Bugzilla->params->{'user_verify_class'}; $self->{_info_getter} = new Bugzilla::Auth::Login::Stack($params->{Login}); $self->{_verifier} = new Bugzilla::Auth::Verify::Stack($params->{Verify}); diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm index e6fa7d590..d0c29d8aa 100644 --- a/Bugzilla/Auth/Login/CGI.pm +++ b/Bugzilla/Auth/Login/CGI.pm @@ -60,8 +60,10 @@ sub fail_nodata { my $template = Bugzilla->template; # Redirect to SSL if required - if (Param('sslbase') ne '' and Param('ssl') ne 'never') { - $cgi->require_https(Param('sslbase')); + if (Bugzilla->params->{'sslbase'} ne '' + and Bugzilla->params->{'ssl'} ne 'never') + { + $cgi->require_https(Bugzilla->params->{'sslbase'}); } print $cgi->header(); $template->process("account/auth/login.html.tmpl", diff --git a/Bugzilla/Auth/Login/Env.pm b/Bugzilla/Auth/Login/Env.pm index ade192ea0..f9837b3e6 100644 --- a/Bugzilla/Auth/Login/Env.pm +++ b/Bugzilla/Auth/Login/Env.pm @@ -36,9 +36,9 @@ sub get_login_info { my ($self) = @_; my $dbh = Bugzilla->dbh; - my $env_id = $ENV{Param("auth_env_id")} || ''; - my $env_email = $ENV{Param("auth_env_email")} || ''; - my $env_realname = $ENV{Param("auth_env_realname")} || ''; + my $env_id = $ENV{Bugzilla->params->{"auth_env_id"}} || ''; + my $env_email = $ENV{Bugzilla->params->{"auth_env_email"}} || ''; + my $env_realname = $ENV{Bugzilla->params->{"auth_env_realname"}} || ''; return { failure => AUTH_NODATA } if !$env_email; diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 7d1209a0e..3d8599c18 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -52,7 +52,7 @@ sub persist_login { my $ip_addr = $cgi->remote_addr; unless ($cgi->param('Bugzilla_restrictlogin') || - Param('loginnetmask') == 32) + Bugzilla->params->{'loginnetmask'} == 32) { $ip_addr = get_netaddr($ip_addr); } @@ -70,8 +70,8 @@ sub persist_login { # Remember cookie only if admin has told so # or admin didn't forbid it and user told to remember. - if ( Param('rememberlogin') eq 'on' || - (Param('rememberlogin') ne 'off' && + if ( Bugzilla->params->{'rememberlogin'} eq 'on' || + (Bugzilla->params->{'rememberlogin'} ne 'off' && $cgi->param('Bugzilla_remember') && $cgi->param('Bugzilla_remember') eq 'on') ) { diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm index 2ee5247ec..713619589 100644 --- a/Bugzilla/Auth/Verify/LDAP.pm +++ b/Bugzilla/Auth/Verify/LDAP.pm @@ -85,7 +85,7 @@ sub check_credentials { my $user_entry = $detail_result->shift_entry; - my $mail_attr = Param("LDAPmailattribute"); + my $mail_attr = Bugzilla->params->{"LDAPmailattribute"}; if ($mail_attr) { if (!$user_entry->exists($mail_attr)) { return { failure => AUTH_ERROR, @@ -106,17 +106,19 @@ sub check_credentials { sub _bz_search_params { my ($username) = @_; - return (base => Param("LDAPBaseDN"), + return (base => Bugzilla->params->{"LDAPBaseDN"}, scope => "sub", - filter => '(&(' . Param("LDAPuidattribute") . "=$username)" - . Param("LDAPfilter") . ')'); + filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"} + . "=$username)" + . Bugzilla->params->{"LDAPfilter"} . ')'); } sub _bind_ldap_anonymously { my ($self) = @_; my $bind_result; - if (Param("LDAPbinddn")) { - my ($LDAPbinddn,$LDAPbindpass) = split(":",Param("LDAPbinddn")); + if (Bugzilla->params->{"LDAPbinddn"}) { + my ($LDAPbinddn,$LDAPbindpass) = + split(":",Bugzilla->params->{"LDAPbinddn"}); $bind_result = $self->ldap->bind($LDAPbinddn, password => $LDAPbindpass); } @@ -136,7 +138,7 @@ sub ldap { my ($self) = @_; return $self->{ldap} if $self->{ldap}; - my $server = Param("LDAPserver"); + my $server = Bugzilla->params->{"LDAPserver"}; ThrowCodeError("ldap_server_not_defined") unless $server; my $port = DEFAULT_PORT; @@ -166,7 +168,7 @@ sub ldap { || ThrowCodeError("ldap_connect_failed", { server => $conn_string }); # try to start TLS if needed - if (Param("LDAPstarttls")) { + if (Bugzilla->params->{"LDAPstarttls"}) { my $mesg = $self->{ldap}->start_tls(); ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() }) if $mesg->code(); diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index f7e89c33d..72ca27093 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -298,10 +298,9 @@ sub fields { reporter assigned_to cc), # Conditional Fields - Param('useqacontact') ? "qa_contact" : (), - Param('timetrackinggroup') ? qw(estimated_time remaining_time - actual_time deadline) - : (), + Bugzilla->params->{'useqacontact'} ? "qa_contact" : (), + Bugzilla->params->{'timetrackinggroup'} ? + qw(estimated_time remaining_time actual_time deadline) : (), # Custom Fields Bugzilla->custom_field_names @@ -346,7 +345,7 @@ sub actual_time { return $self->{'actual_time'} if exists $self->{'actual_time'}; if ( $self->{'error'} || - !Bugzilla->user->in_group(Param("timetrackinggroup")) ) { + !Bugzilla->user->in_group(Bugzilla->params->{"timetrackinggroup"}) ) { $self->{'actual_time'} = undef; return $self->{'actual_time'}; } @@ -492,7 +491,7 @@ sub qa_contact { return $self->{'qa_contact'} if exists $self->{'qa_contact'}; return undef if $self->{'error'}; - if (Param('useqacontact') && $self->{'qa_contact_id'}) { + if (Bugzilla->params->{'useqacontact'} && $self->{'qa_contact_id'}) { $self->{'qa_contact'} = new Bugzilla::User($self->{'qa_contact_id'}); } else { # XXX - This is somewhat inconsistent with the assignee/reporter @@ -542,7 +541,8 @@ sub use_votes { $self->{'prod_obj'} ||= new Bugzilla::Product({name => $self->{'product'}}); - return Param('usevotes') && $self->{'prod_obj'}->votes_per_user > 0; + return Bugzilla->params->{'usevotes'} + && $self->{'prod_obj'}->votes_per_user > 0; } sub groups { @@ -617,7 +617,7 @@ sub user { return {} if $self->{'error'}; my $user = Bugzilla->user; - my $canmove = Param('move-enabled') && $user->is_mover; + my $canmove = Bugzilla->params->{'move-enabled'} && $user->is_mover; # In the below, if the person hasn't logged in, then we treat them # as if they can do anything. That's because we don't know why they @@ -629,7 +629,7 @@ sub user { || $user->in_group("editbugs"); my $canedit = $unknown_privileges || $user->id == $self->{assigned_to_id} - || (Param('useqacontact') + || (Bugzilla->params->{'useqacontact'} && $self->{'qa_contact_id'} && $user->id == $self->{qa_contact_id}); my $canconfirm = $unknown_privileges @@ -703,7 +703,7 @@ sub settable_resolutions { # the ID of the bug if it exists or the undefined value if it doesn't. sub bug_alias_to_id { my ($alias) = @_; - return undef unless Param("usebugaliases"); + return undef unless Bugzilla->params->{"usebugaliases"}; my $dbh = Bugzilla->dbh; trick_taint($alias); return $dbh->selectrow_array( @@ -823,7 +823,7 @@ sub GetComments { while (my $comment_ref = $sth->fetchrow_hashref()) { my %comment = %$comment_ref; - $comment{'email'} .= Param('emailsuffix'); + $comment{'email'} .= Bugzilla->params->{'emailsuffix'}; $comment{'name'} = $comment{'name'} || $comment{'email'}; push (@comments, \%comment); @@ -856,7 +856,9 @@ sub GetBugActivity { # Only includes attachments the user is allowed to see. my $suppjoins = ""; my $suppwhere = ""; - if (Param("insidergroup") && !UserInGroup(Param('insidergroup'))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{'insidergroup'})) + { $suppjoins = "LEFT JOIN attachments ON attachments.attach_id = bugs_activity.attach_id"; $suppwhere = "AND COALESCE(attachments.isprivate, 0) = 0"; @@ -901,7 +903,8 @@ sub GetBugActivity { || $fieldname eq 'work_time' || $fieldname eq 'deadline') { - $activity_visible = UserInGroup(Param('timetrackinggroup')) ? 1 : 0; + $activity_visible = + UserInGroup(Bugzilla->params->{'timetrackinggroup'}) ? 1 : 0; } else { $activity_visible = 1; } @@ -1090,7 +1093,7 @@ sub RemoveVotes { # been reduced or removed. my $vars = { - 'to' => $name . Param('emailsuffix'), + 'to' => $name . Bugzilla->params->{'emailsuffix'}, 'bugid' => $id, 'reason' => $reason, @@ -1281,7 +1284,7 @@ sub check_can_change_field { } # - change the priority (unless he could have set it originally) if ($field eq 'priority' - && !Param('letsubmitterchoosepriority')) + && !Bugzilla->params->{'letsubmitterchoosepriority'}) { $PrivilegesRequired = 2; return 0; diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm index 7c8aee1ba..dc6efc735 100644 --- a/Bugzilla/BugMail.pm +++ b/Bugzilla/BugMail.pm @@ -239,7 +239,8 @@ sub ProcessOneBug { my $diffpart = {}; if ($who ne $lastwho) { $lastwho = $who; - $diffheader = "\n$whoname <$who" . Param('emailsuffix') . "> changed:\n\n"; + $diffheader = "\n$whoname <$who" . Bugzilla->params->{'emailsuffix'} + . "> changed:\n\n"; $diffheader .= FormatTriple("What ", "Removed", "Added"); $diffheader .= ('-' x 76) . "\n"; } @@ -293,7 +294,7 @@ sub ProcessOneBug { $deptext .= $thisdiff; } $lastbug = $depbug; - my $urlbase = Param("urlbase"); + my $urlbase = Bugzilla->params->{"urlbase"}; $thisdiff = "\nBug $id depends on bug $depbug, which changed state.\n\n" . "Bug $depbug Summary: $summary\n" . @@ -352,7 +353,7 @@ sub ProcessOneBug { $recipients{$reporter}->{+REL_REPORTER} = BIT_DIRECT; # QA Contact - if (Param('useqacontact')) { + if (Bugzilla->params->{'useqacontact'}) { foreach (@qa_contacts) { # QA Contact can be blank; ignore it if so. $recipients{$_}->{+REL_QA} = BIT_DIRECT if $_; @@ -387,7 +388,7 @@ sub ProcessOneBug { } } - if (Param("supportwatchers")) { + if (Bugzilla->params->{"supportwatchers"}) { # Find all those user-watching anyone on the current list, who is not # on it already themselves. my $involved = join(",", keys %recipients); @@ -444,9 +445,9 @@ sub ProcessOneBug { # If we are using insiders, and the comment is private, only send # to insiders my $insider_ok = 1; - $insider_ok = 0 if (Param("insidergroup") && + $insider_ok = 0 if (Bugzilla->params->{"insidergroup"} && ($anyprivate != 0) && - (!$user->groups->{Param("insidergroup")})); + (!$user->groups->{Bugzilla->params->{"insidergroup"}})); # We shouldn't send mail if this is a dependency mail (i.e. there # is something in @depbugs), and any of the depending bugs are not @@ -518,7 +519,7 @@ sub sendMail { } # Only send estimated_time if it is enabled and the user is in the group if (($f ne 'estimated_time' && $f ne 'deadline') || - $user->groups->{Param('timetrackinggroup')}) { + $user->groups->{Bugzilla->params->{'timetrackinggroup'}}) { my $desc = $fielddescription{$f}; $head .= FormatDouble($desc, $value); @@ -539,12 +540,12 @@ sub sendMail { $diff->{'fieldname'} eq 'remaining_time' || $diff->{'fieldname'} eq 'work_time' || $diff->{'fieldname'} eq 'deadline')){ - if ($user->groups->{Param("timetrackinggroup")}) { + if ($user->groups->{Bugzilla->params->{"timetrackinggroup"}}) { $add_diff = 1; } } elsif (($diff->{'isprivate'}) - && Param('insidergroup') - && !($user->groups->{Param('insidergroup')}) + && Bugzilla->params->{'insidergroup'} + && !($user->groups->{Bugzilla->params->{'insidergroup'}}) ) { $add_diff = 0; } else { @@ -599,7 +600,7 @@ sub sendMail { if ( $newcomments =~ /Created an attachment \(/ ) { my $showattachurlbase = - Param('urlbase') . "attachment.cgi?id="; + Bugzilla->params->{'urlbase'} . "attachment.cgi?id="; $newcomments =~ s/(Created an attachment \(id=([0-9]+)\))/$1\n --> \(${showattachurlbase}$2\)/g; } @@ -639,7 +640,7 @@ sub sendMail { $substs{"changer"} = $values{'changer'}; $substs{"changername"} = $values{'changername'}; - my $sitespec = '@' . Param('urlbase'); + my $sitespec = '@' . Bugzilla->params->{'urlbase'}; $sitespec =~ s/:\/\//\./; # Make the protocol look like part of the domain $sitespec =~ s/^([^:\/]+):(\d+)/$1/; # Remove a port number, to relocate if ($2) { @@ -653,7 +654,7 @@ sub sendMail { $user->id . "$sitespec>"; } - my $template = Param("newchangedmail"); + my $template = Bugzilla->params->{"newchangedmail"}; my $msg = perform_substs($template, \%substs); @@ -667,7 +668,7 @@ sub MailPassword { my ($login, $password) = (@_); my $template = Bugzilla->template; my $vars = { - mailaddress => $login . Param('emailsuffix'), + mailaddress => $login . Bugzilla->params->{'emailsuffix'}, login => $login, password => $password }; my $msg; @@ -716,10 +717,10 @@ sub get_comments_by_bug { my ($who, $whoname, $when, $text, $isprivate, $already_wrapped) = @$_; if ($count) { $result .= "\n\n--- Comment #$count from $whoname <$who" . - Param('emailsuffix'). "> " . format_time($when) . - " ---\n"; + Bugzilla->params->{'emailsuffix'}. "> " + . format_time($when) . " ---\n"; } - if ($isprivate > 0 && Param('insidergroup')) { + if ($isprivate > 0 && Bugzilla->params->{'insidergroup'}) { $anyprivate = 1; } $result .= ($already_wrapped ? $text : wrap_comment($text)); diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm index 53e8b1b77..c4a23f9cb 100644 --- a/Bugzilla/Config.pm +++ b/Bugzilla/Config.pm @@ -280,7 +280,7 @@ Bugzilla::Config - Configuration parameters for Bugzilla # Getting parameters use Bugzilla::Config; - my $fooSetting = Param('foo'); + my $fooSetting = Bugzilla->params->{'foo'}; # Administration functions use Bugzilla::Config qw(:admin); @@ -305,7 +305,7 @@ Parameters can be set, retrieved, and updated. =over 4 -=item C<Param($name)> +=item C<Bugzilla->params->{$name}> Returns the Param with the specified name. Either a string, or, in the case of multiple-choice parameters, an array reference. diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 87e0bc4b2..3d30dd778 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -52,11 +52,13 @@ use constant BLOB_TYPE => DBI::SQL_BLOB; ##################################################################### sub connect_shadow { - die "Tried to connect to non-existent shadowdb" unless Param('shadowdb'); + my $params = Bugzilla->params; + die "Tried to connect to non-existent shadowdb" + unless $params->{'shadowdb'}; - return _connect($db_driver, Param("shadowdbhost"), - Param('shadowdb'), Param("shadowdbport"), - Param("shadowdbsock"), $db_user, $db_pass); + return _connect($db_driver, $params->{"shadowdbhost"}, + $params->{'shadowdb'}, $params->{"shadowdbport"}, + $params->{"shadowdbsock"}, $db_user, $db_pass); } sub connect_main { @@ -205,7 +207,7 @@ sub bz_get_field_defs { my ($self) = @_; my $extra = ""; - if (!Bugzilla->user->in_group(Param('timetrackinggroup'))) { + if (!Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})) { $extra = "AND name NOT IN ('estimated_time', 'remaining_time', " . "'work_time', 'percentage_complete', 'deadline')"; } diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index bcea5b043..8646e72ac 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -305,8 +305,8 @@ sub validate { # the requestee isn't in the group of insiders who can see it. if ($attach_id && $cgi->param('isprivate') - && Param("insidergroup") - && !$requestee->in_group(Param("insidergroup"))) + && Bugzilla->params->{"insidergroup"} + && !$requestee->in_group(Bugzilla->params->{"insidergroup"})) { ThrowUserError("flag_requestee_unauthorized_attachment", { flag_type => $flag->{'type'}, @@ -798,8 +798,8 @@ sub notify { next if ($bug->groups && !$ccuser->can_see_bug($bug->bug_id)); next if $attachment_is_private - && Param("insidergroup") - && !$ccuser->in_group(Param("insidergroup")); + && Bugzilla->params->{"insidergroup"} + && !$ccuser->in_group(Bugzilla->params->{"insidergroup"}); push(@new_cc_list, $cc); } $flag->{'type'}->{'cc_list'} = join(", ", @new_cc_list); diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 572c4fad7..078f6de71 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -398,9 +398,9 @@ sub validate { # Throw an error if the target is a private attachment and # the requestee isn't in the group of insiders who can see it. if ($attach_id - && Param("insidergroup") + && Bugzilla->params->{"insidergroup"} && $cgi->param('isprivate') - && !$requestee->in_group(Param("insidergroup"))) + && !$requestee->in_group(Bugzilla->params->{"insidergroup"})) { ThrowUserError("flag_requestee_unauthorized_attachment", { flag_type => $flag_type, diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm index ce3565368..9f51c71e0 100644 --- a/Bugzilla/Mailer.pm +++ b/Bugzilla/Mailer.pm @@ -50,12 +50,15 @@ use MIME::Base64; sub MessageToMTA { my ($msg) = (@_); - return if (Param('mail_delivery_method') eq "none"); + my $params = Bugzilla->params; + return if ($params->{'mail_delivery_method'} eq "none"); my ($header, $body) = $msg =~ /(.*?\n)\n(.*)/s ? ($1, $2) : ('', $msg); my $headers; - if (Param('utf8') and (!is_7bit_clean($header) or !is_7bit_clean($body))) { + if ($params->{'utf8'} + and (!is_7bit_clean($header) or !is_7bit_clean($body))) + { ($headers, $body) = encode_message($msg); } else { my @header_lines = split(/\n/, $header); @@ -65,7 +68,7 @@ sub MessageToMTA { # Use trim to remove any whitespace (incl. newlines) my $from = trim($headers->get('from')); - if (Param("mail_delivery_method") eq "sendmail" && $^O =~ /MSWin32/i) { + if ($params->{"mail_delivery_method"} eq "sendmail" && $^O =~ /MSWin32/i) { my $cmd = '|' . SENDMAIL_EXE . ' -t -i'; if ($from) { # We're on Windows, thus no danger of command injection @@ -82,23 +85,25 @@ sub MessageToMTA { } my @args; - if (Param("mail_delivery_method") eq "sendmail") { + if ($params->{"mail_delivery_method"} eq "sendmail") { push @args, "-i"; if ($from) { push(@args, "-f$from"); } } - if (Param("mail_delivery_method") eq "sendmail" && !Param("sendmailnow")) { + if ($params->{"mail_delivery_method"} eq "sendmail" + && !$params->{"sendmailnow"}) + { push @args, "-ODeliveryMode=deferred"; } - if (Param("mail_delivery_method") eq "smtp") { - push @args, Server => Param("smtpserver"); + if ($params->{"mail_delivery_method"} eq "smtp") { + push @args, Server => $params->{"smtpserver"}; if ($from) { $ENV{'MAILADDRESS'} = $from; } } - my $mailer = new Mail::Mailer Param("mail_delivery_method"), @args; - if (Param("mail_delivery_method") eq "testfile") { + my $mailer = new Mail::Mailer($params->{"mail_delivery_method"}, @args); + if ($params->{"mail_delivery_method"} eq "testfile") { $Mail::Mailer::testfile::config{outfile} = bz_locations()->{'datadir'} . '/mailer.testfile'; } diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 9f3d0213d..f9bf55388 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -346,7 +346,7 @@ sub init { my $sql_deadlinefrom; my $sql_deadlineto; - if (Bugzilla->user->in_group(Param('timetrackinggroup'))){ + if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})){ my $deadlinefrom; my $deadlineto; @@ -579,8 +579,8 @@ sub init { # Add the longdescs table to the query so we can search comments. my $table = "longdescs_$chartid"; my $extra = ""; - if (Param("insidergroup") - && !UserInGroup(Param("insidergroup"))) + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) { $extra = "AND $table.isprivate < 1"; } @@ -644,7 +644,9 @@ sub init { } my $table = "longdescs_$chartseq"; my $extra = ""; - if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) + { $extra = "AND $table.isprivate < 1"; } push(@supptables, "LEFT JOIN longdescs AS $table " . @@ -662,7 +664,9 @@ sub init { } my $table = "longdescs_$chartseq"; my $extra = ""; - if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) + { $extra = "AND $table.isprivate < 1"; } if ($list) { @@ -683,7 +687,9 @@ sub init { "^long_?desc," => sub { my $table = "longdescs_$chartid"; my $extra = ""; - if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) + { $extra = "AND $table.isprivate < 1"; } push(@supptables, "INNER JOIN longdescs AS $table " . @@ -790,7 +796,9 @@ sub init { my $atable = "attachments_$chartid"; my $dtable = "attachdata_$chartid"; my $extra = ""; - if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) + { $extra = "AND $atable.isprivate = 0"; } push(@supptables, "INNER JOIN attachments AS $atable " . @@ -802,7 +810,9 @@ sub init { "^attachments\..*," => sub { my $table = "attachments_$chartid"; my $extra = ""; - if (Param("insidergroup") && !UserInGroup(Param("insidergroup"))) { + if (Bugzilla->params->{"insidergroup"} + && !UserInGroup(Bugzilla->params->{"insidergroup"})) + { $extra = "AND $table.isprivate = 0"; } push(@supptables, "INNER JOIN attachments AS $table " . @@ -1422,7 +1432,7 @@ sub init { $query .= " OR (bugs.reporter_accessible = 1 AND bugs.reporter = $userid) " . " OR (bugs.cclist_accessible = 1 AND cc.who IS NOT NULL) " . " OR (bugs.assigned_to = $userid) "; - if (Param('useqacontact')) { + if (Bugzilla->params->{'useqacontact'}) { $query .= "OR (bugs.qa_contact = $userid) "; } } diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm index 19bc6738c..48b825318 100644 --- a/Bugzilla/Search/Quicksearch.pm +++ b/Bugzilla/Search/Quicksearch.pm @@ -118,7 +118,7 @@ sub quicksearch { if (index($searchstring, ',') < $[) { # Single bug number; shortcut to show_bug.cgi. - print $cgi->redirect(-uri => Param('urlbase') . + print $cgi->redirect(-uri => Bugzilla->params->{'urlbase'} . "show_bug.cgi?id=$searchstring"); exit; } @@ -138,7 +138,7 @@ sub quicksearch { WHERE alias = ?}, undef, $1)) { - print $cgi->redirect(-uri => Param('urlbase') . + print $cgi->redirect(-uri => Bugzilla->params->{'urlbase'} . "show_bug.cgi?id=$1"); exit; } @@ -154,7 +154,8 @@ sub quicksearch { $searchstring =~ s/\s+NOT\s+/ -/g; my @words = splitString($searchstring); - my $searchComments = $#words < Param('quicksearch_comment_cutoff'); + my $searchComments = + $#words < Bugzilla->params->{'quicksearch_comment_cutoff'}; my @openStates = BUG_STATE_OPEN; my @closedStates; my (%states, %resolutions); @@ -381,9 +382,9 @@ sub quicksearch { if ($cgi->param('load')) { # Param 'load' asks us to display the query in the advanced search form. - print $cgi->redirect(-uri => Param('urlbase') . "query.cgi?" . - "format=advanced&" . - $modified_query_string); + print $cgi->redirect(-uri => Bugzilla->params->{'urlbase'} + . "query.cgi?format=advanced&" + . $modified_query_string); } # Otherwise, pass the modified query string to the caller. diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 2a6cb901d..65d937510 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -113,7 +113,7 @@ sub getTemplateIncludePath { my $templatedir = bz_locations()->{'templatedir'}; my $project = bz_locations()->{'project'}; - my $languages = trim(Param('languages')); + my $languages = trim(Bugzilla->params->{'languages'}); if (not ($languages =~ /,/)) { if ($project) { $template_include_path = [ @@ -141,7 +141,7 @@ sub getTemplateIncludePath { push (@usedlanguages, @found); } } - push(@usedlanguages, Param('defaultlanguage')); + push(@usedlanguages, Bugzilla->params->{'defaultlanguage'}); if ($project) { $template_include_path = [ map(( @@ -277,7 +277,9 @@ sub quoteUrls { my $tmp; # Provide tooltips for full bug links (Bug 74355) - my $urlbase_re = '(' . join('|', map { qr/$_/ } grep($_, Param('urlbase'), Param('sslbase'))) . ')'; + my $urlbase_re = '(' . join('|', + map { qr/$_/ } grep($_, Bugzilla->params->{'urlbase'}, + Bugzilla->params->{'sslbase'})) . ')'; $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+))\b ~($things[$count++] = get_bug_link($3, $1)) && ("\0\0" . ($count-1) . "\0\0") @@ -697,7 +699,7 @@ sub create { my ($var) = Template::Filters::html_filter(@_); # Obscure '@'. $var =~ s/\@/\@/g; - if (Param('utf8')) { + if (Bugzilla->params->{'utf8'}) { # Remove the following characters because they're # influencing BiDi: # -------------------------------------------------------- diff --git a/Bugzilla/Template/Plugin/Hook.pm b/Bugzilla/Template/Plugin/Hook.pm index c2e1626ef..6f744a8aa 100644 --- a/Bugzilla/Template/Plugin/Hook.pm +++ b/Bugzilla/Template/Plugin/Hook.pm @@ -107,7 +107,7 @@ sub process { # get a list of languages we accept so we can find the hook # that corresponds to our desired languages: sub getLanguages() { - my $languages = trim(Param('languages')); + my $languages = trim(Bugzilla->params->{'languages'}); if (not ($languages =~ /,/)) { # only one language return $languages; } diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 40eef4f1b..c2e11f5a3 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -50,6 +50,7 @@ my $maxtokenage = 3; sub IssueEmailChangeToken { my ($userid, $old_email, $new_email) = @_; + my $email_suffix = Bugzilla->params->{'emailsuffix'}; my ($token, $token_ts) = _create_token($userid, 'emailold', $old_email . ":" . $new_email); @@ -60,14 +61,14 @@ sub IssueEmailChangeToken { my $template = Bugzilla->template; my $vars = {}; - $vars->{'oldemailaddress'} = $old_email . Param('emailsuffix'); - $vars->{'newemailaddress'} = $new_email . Param('emailsuffix'); + $vars->{'oldemailaddress'} = $old_email . $email_suffix; + $vars->{'newemailaddress'} = $new_email . $email_suffix; $vars->{'max_token_age'} = $maxtokenage; $vars->{'token_ts'} = $token_ts; $vars->{'token'} = $token; - $vars->{'emailaddress'} = $old_email . Param('emailsuffix'); + $vars->{'emailaddress'} = $old_email . $email_suffix; my $message; $template->process("account/email/change-old.txt.tmpl", $vars, \$message) @@ -76,7 +77,7 @@ sub IssueEmailChangeToken { MessageToMTA($message); $vars->{'token'} = $newtoken; - $vars->{'emailaddress'} = $new_email . Param('emailsuffix'); + $vars->{'emailaddress'} = $new_email . $email_suffix; $message = ""; $template->process("account/email/change-new.txt.tmpl", $vars, \$message) @@ -112,7 +113,7 @@ sub IssuePasswordToken { # Mail the user the token along with instructions for using it. $vars->{'token'} = $token; - $vars->{'emailaddress'} = $loginname . Param('emailsuffix'); + $vars->{'emailaddress'} = $loginname . Bugzilla->params->{'emailsuffix'}; $vars->{'max_token_age'} = $maxtokenage; $vars->{'token_ts'} = $token_ts; @@ -191,11 +192,11 @@ sub Cancel { undef, $token); # Get the email address of the Bugzilla maintainer. - my $maintainer = Param('maintainer'); + my $maintainer = Bugzilla->params->{'maintainer'}; my $template = Bugzilla->template; - $vars->{'emailaddress'} = $loginname . Param('emailsuffix'); + $vars->{'emailaddress'} = $loginname . Bugzilla->params->{'emailsuffix'}; $vars->{'maintainer'} = $maintainer; $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; $vars->{'token'} = $token; diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 7ad1593ce..1c30ce024 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -152,7 +152,7 @@ sub _create { # Accessors for user attributes sub id { $_[0]->{id}; } sub login { $_[0]->{login}; } -sub email { $_[0]->{login} . Param('emailsuffix'); } +sub email { $_[0]->{login} . Bugzilla->params->{'emailsuffix'}; } sub name { $_[0]->{name}; } sub disabledtext { $_[0]->{'disabledtext'}; } sub is_disabled { $_[0]->disabledtext ? 1 : 0; } @@ -365,7 +365,9 @@ sub bless_groups { } # If visibilitygroups are used, restrict the set of groups. - if ((!$self->in_group('editusers')) && Param('usevisibilitygroups')) { + if (!$self->in_group('editusers') + && Bugzilla->params->{'usevisibilitygroups'}) + { # Users need to see a group in order to bless it. my $visibleGroups = join(', ', @{$self->visible_groups_direct()}) || return $self->{'bless_groups'} = []; @@ -393,7 +395,7 @@ sub can_see_user { my ($self, $otherUser) = @_; my $query; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { # If the user can see no groups, then no users are visible either. my $visibleGroups = $self->visible_groups_as_string() || return 0; $query = qq{SELECT COUNT(DISTINCT userid) @@ -466,7 +468,8 @@ sub can_see_bug { $self->{sthCanSeeBug} = $sth; return ($ready && ((($reporter == $userid) && $reporter_access) - || (Param('useqacontact') && $qacontact && ($qacontact == $userid)) + || (Bugzilla->params->{'useqacontact'} + && $qacontact && ($qacontact == $userid)) || ($owner == $userid) || ($isoncclist && $cclist_access) || (!$missinggroup))); @@ -493,7 +496,7 @@ sub get_selectable_products { "FROM products " . "LEFT JOIN group_control_map " . "ON group_control_map.product_id = products.id "; - if (Param('useentrygroupdefault')) { + if (Bugzilla->params->{'useentrygroupdefault'}) { $query .= "AND group_control_map.entry != 0 "; } else { $query .= "AND group_control_map.membercontrol = " . @@ -503,7 +506,7 @@ sub get_selectable_products { $self->groups_as_string . ") " . "WHERE group_id IS NULL "; - if (Param('useclassification') && $classification_id) { + if (Bugzilla->params->{'useclassification'} && $classification_id) { $query .= "AND classification_id = ? "; detaint_natural($classification_id); push(@params, $classification_id); @@ -783,20 +786,22 @@ sub match { # first try wildcards my $wildstr = $str; - if ($wildstr =~ s/\*/\%/g && # don't do wildcards if no '*' in the string - Param('usermatchmode') ne 'off') { # or if we only want exact matches + if ($wildstr =~ s/\*/\%/g # don't do wildcards if no '*' in the string + # or if we only want exact matches + && Bugzilla->params->{'usermatchmode'} ne 'off') + { # Build the query. trick_taint($wildstr); my $query = "SELECT DISTINCT login_name FROM profiles "; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= "INNER JOIN user_group_map ON user_group_map.user_id = profiles.userid "; } $query .= "WHERE (" . $dbh->sql_istrcmp('login_name', '?', "LIKE") . " OR " . $dbh->sql_istrcmp('realname', '?', "LIKE") . ") "; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= "AND isbless = 0 " . "AND group_id IN(" . join(', ', (-1, @{$user->visible_groups_inherited})) . ") "; @@ -824,21 +829,21 @@ sub match { # then try substring search if ((scalar(@users) == 0) - && (Param('usermatchmode') eq 'search') + && (Bugzilla->params->{'usermatchmode'} eq 'search') && (length($str) >= 3)) { $str = lc($str); trick_taint($str); my $query = "SELECT DISTINCT login_name FROM profiles "; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= "INNER JOIN user_group_map ON user_group_map.user_id = profiles.userid "; } $query .= " WHERE (" . $dbh->sql_position('?', 'LOWER(login_name)') . " > 0" . " OR " . $dbh->sql_position('?', 'LOWER(realname)') . " > 0) "; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= " AND isbless = 0" . " AND group_id IN(" . join(', ', (-1, @{$user->visible_groups_inherited})) . ") "; @@ -907,6 +912,8 @@ sub match_field { my $need_confirm = 0; # whether to display confirmation screen my $match_multiple = 0; # whether we ever matched more than one user + my $params = Bugzilla->params; + # prepare default form values # What does a "--do_not_change--" field look like (if any)? @@ -1007,8 +1014,8 @@ sub match_field { } my $limit = 0; - if (Param('maxusermatches')) { - $limit = Param('maxusermatches') + 1; + if ($params->{'maxusermatches'}) { + $limit = $params->{'maxusermatches'} + 1; } for my $query (@queries) { @@ -1039,16 +1046,16 @@ sub match_field { $cgi->append(-name=>$field, -values=>[@{$users}[0]->{'login'}]); - $need_confirm = 1 if Param('confirmuniqueusermatch'); + $need_confirm = 1 if $params->{'confirmuniqueusermatch'}; } elsif ((scalar(@{$users}) > 1) - && (Param('maxusermatches') != 1)) { + && ($params->{'maxusermatches'} != 1)) { $need_confirm = 1; $match_multiple = 1; - if ((Param('maxusermatches')) - && (scalar(@{$users}) > Param('maxusermatches'))) + if (($params->{'maxusermatches'}) + && (scalar(@{$users}) > $params->{'maxusermatches'})) { $matches->{$field}->{$query}->{'status'} = 'trunc'; pop @{$users}; # take the last one out @@ -1251,7 +1258,7 @@ sub is_mover { my $self = shift; if (!defined $self->{'is_mover'}) { - my @movers = map { trim($_) } split(',', Param('movers')); + my @movers = map { trim($_) } split(',', Bugzilla->params->{'movers'}); $self->{'is_mover'} = ($self->id && lsearch(\@movers, $self->login) != -1); } @@ -1265,13 +1272,13 @@ sub get_userlist { my $dbh = Bugzilla->dbh; my $query = "SELECT DISTINCT login_name, realname,"; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= " COUNT(group_id) "; } else { $query .= " 1 "; } $query .= "FROM profiles "; - if (Param('usevisibilitygroups')) { + if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= "LEFT JOIN user_group_map " . "ON user_group_map.user_id = userid AND isbless = 0 " . "AND group_id IN(" . |