summaryrefslogtreecommitdiffstats
path: root/CGI.pl
diff options
context:
space:
mode:
Diffstat (limited to 'CGI.pl')
-rw-r--r--CGI.pl55
1 files changed, 45 insertions, 10 deletions
diff --git a/CGI.pl b/CGI.pl
index 0b9935602..8e8da5871 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -248,22 +248,55 @@ sub CheckFormFieldDefined (\%$) {
}
}
+sub BugAliasToID {
+ # Queries the database for the bug with a given alias, and returns
+ # the ID of the bug if it exists or the undefined value if it doesn't.
+
+ my ($alias) = @_;
+
+ return undef unless Param("usebugaliases");
+
+ PushGlobalSQLState();
+ SendSQL("SELECT bug_id FROM bugs WHERE alias = " . SqlQuote($alias));
+ my $id = FetchOneColumn();
+ PopGlobalSQLState();
+
+ return $id;
+}
+
sub ValidateBugID {
# Validates and verifies a bug ID, making sure the number is a
# positive integer, that it represents an existing bug in the
# database, and that the user is authorized to access that bug.
# We detaint the number here, too
- $_[0] = trim($_[0]); # Allow whitespace arround the number
- detaint_natural($_[0])
- || DisplayError("The bug number is invalid. If you are trying to use " .
- "QuickSearch, you need to enable JavaScript in your " .
- "browser. To help us fix this limitation, look " .
- "<a href=\"http://bugzilla.mozilla.org/show_bug.cgi?id=70907\">here</a>.")
- && exit;
-
- my ($id) = @_;
-
+ my ($id, $skip_authorization) = @_;
+
+ # Get rid of white-space around the ID.
+ $id = trim($id);
+
+ # If the ID isn't a number, it might be an alias, so try to convert it.
+ if ($id !~ /^[1-9][0-9]*$/) {
+ $id = BugAliasToID($id);
+ if (!$id) {
+ my $html_id = html_quote($_[0]);
+ my $alias_specific_message = Param("usebugaliases") ?
+ " (it is neither a bug number nor an alias to a bug number)" : "";
+ DisplayError(qq|
+ The bug number <em>$html_id</em> is invalid$alias_specific_message.
+ If you are trying to use QuickSearch, you need to enable JavaScript
+ in your browser. To help us fix this limitation, add your comments
+ to <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=70907">bug
+ 70907</a>.
+ |);
+ exit;
+ }
+ }
+
+ # Modify the calling code's original variable to contain the trimmed,
+ # converted-from-alias ID.
+ $_[0] = $id;
+
# Get the values of the usergroupset and userid global variables
# and write them to local variables for use within this function,
# setting those local variables to the default value of zero if
@@ -276,6 +309,8 @@ sub ValidateBugID {
|| DisplayError("Bug #$id does not exist.")
&& exit;
+ return if $skip_authorization;
+
return if CanSeeBug($id, $::userid, $::usergroupset);
# The user did not pass any of the authorization tests, which means they