summaryrefslogtreecommitdiffstats
path: root/extensions/ProductDashboard/lib/Queries.pm
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/ProductDashboard/lib/Queries.pm')
-rw-r--r--extensions/ProductDashboard/lib/Queries.pm59
1 files changed, 30 insertions, 29 deletions
diff --git a/extensions/ProductDashboard/lib/Queries.pm b/extensions/ProductDashboard/lib/Queries.pm
index 63362f5bf..9c3d91539 100644
--- a/extensions/ProductDashboard/lib/Queries.pm
+++ b/extensions/ProductDashboard/lib/Queries.pm
@@ -37,7 +37,8 @@ use Bugzilla::Component;
use Bugzilla::Version;
use Bugzilla::Milestone;
-use Bugzilla::Extension::ProductDashboard::Util qw(open_states closed_states);
+use Bugzilla::Extension::ProductDashboard::Util qw(open_states closed_states
+ quoted_open_states quoted_closed_states);
sub total_bugs {
my $product = shift;
@@ -55,7 +56,7 @@ sub total_open_bugs {
return $dbh->selectrow_array("SELECT COUNT(bug_id)
FROM bugs
- WHERE bug_status IN (" . open_states() . ")
+ WHERE bug_status IN (" . join(',', quoted_open_states()) . ")
AND product_id = ?", undef, $product->id);
}
@@ -92,8 +93,8 @@ sub by_version {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT version, COUNT(bug_id)
FROM bugs
@@ -108,8 +109,8 @@ sub by_milestone {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT target_milestone, COUNT(bug_id)
FROM bugs
@@ -124,8 +125,8 @@ sub by_priority {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT priority, COUNT(bug_id)
FROM bugs
@@ -140,8 +141,8 @@ sub by_severity {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT bug_severity, COUNT(bug_id)
FROM bugs
@@ -156,8 +157,8 @@ sub by_component {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT components.name, COUNT(bugs.bug_id)
FROM bugs INNER JOIN components ON bugs.component_id = components.id
@@ -195,8 +196,8 @@ sub by_value_summary {
$query .= "AND bugs.target_milestone = ? " if $type eq 'target_milestone';
}
- $query .= "AND bugs.bug_status IN (" . open_states() . ") " if $bug_status eq 'open';
- $query .= "AND bugs.bug_status IN (" . closed_states() . ") " if $bug_status eq 'closed';
+ $query .= "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ") " if $bug_status eq 'open';
+ $query .= "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ") " if $bug_status eq 'closed';
trick_taint($value);
@@ -226,8 +227,8 @@ sub by_assignee {
$limit = detaint_natural($limit) ? $dbh->sql_limit($limit) : "";
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
my @result = map { [ Bugzilla::User->new($_->[0]), $_->[1] ] }
@{$dbh->selectall_arrayref("SELECT bugs.assigned_to AS userid, COUNT(bugs.bug_id)
@@ -247,8 +248,8 @@ sub by_status {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectall_arrayref("SELECT bugs.bug_status, COUNT(bugs.bug_id)
FROM bugs
@@ -277,8 +278,8 @@ sub bug_milestone_by_status {
my $dbh = Bugzilla->dbh;
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
return $dbh->selectrow_array("SELECT COUNT(bug_id)
FROM bugs
@@ -296,8 +297,8 @@ sub by_duplicate {
$limit = detaint_natural($limit) ? $dbh->sql_limit($limit) : "";
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
my $unfiltered_bugs = $dbh->selectall_arrayref("SELECT bugs.bug_id AS id,
bugs.bug_status AS status,
@@ -326,8 +327,8 @@ sub by_popularity {
$limit = detaint_natural($limit) ? $dbh->sql_limit($limit) : "";
my $extra;
- $extra = "AND bugs.bug_status IN (" . open_states() . ")" if $bug_status eq 'open';
- $extra = "AND bugs.bug_status IN (" . closed_states() . ")" if $bug_status eq 'closed';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")" if $bug_status eq 'open';
+ $extra = "AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")" if $bug_status eq 'closed';
my $unfiltered_bugs = $dbh->selectall_arrayref("SELECT bugs.bug_id AS id,
bugs.bug_status AS status,
@@ -371,7 +372,7 @@ sub recently_opened {
|| ThrowUserError('illegal_date', { date => $date_to,
format => 'YYYY-MM-DD' });
$date_part = "AND bugs.creation_ts >= ? AND bugs.creation_ts <= ?";
- push(@values, $date_from, $date_to);
+ push(@values, trick_taint($date_from), trick_taint($date_to));
}
else {
$date_part = "AND bugs.creation_ts >= NOW() - " . $dbh->sql_to_days('?');
@@ -387,7 +388,7 @@ sub recently_opened {
FROM bugs, components
WHERE bugs.product_id = ?
AND bugs.component_id = components.id
- AND bugs.bug_status IN (" . open_states() . ")
+ AND bugs.bug_status IN (" . join(',', quoted_open_states()) . ")
$date_part
ORDER BY bugs.bug_id DESC $limit",
{'Slice' => {}}, @values);
@@ -419,7 +420,7 @@ sub recently_closed {
|| ThrowUserError('illegal_date', { date => $date_to,
format => 'YYYY-MM-DD' });
$date_part = "AND bugs.creation_ts >= ? AND bugs.creation_ts <= ?";
- push(@values, $date_from, $date_to);
+ push(@values, trick_taint($date_from), trick_taint($date_to));
}
else {
$date_part = "AND bugs.creation_ts >= NOW() - " . $dbh->sql_to_days('?');
@@ -435,9 +436,9 @@ sub recently_closed {
FROM bugs, components, bugs_activity
WHERE bugs.product_id = ?
AND bugs.component_id = components.id
- AND bugs.bug_status IN (" . closed_states() . ")
+ AND bugs.bug_status IN (" . join(',', quoted_closed_states()) . ")
AND bugs.bug_id = bugs_activity.bug_id
- AND bugs_activity.added IN (" . closed_states() . ")
+ AND bugs_activity.added IN (" . join(',', quoted_closed_states()) . ")
$date_part
ORDER BY bugs.bug_id DESC $limit",
{'Slice' => {}}, @values);
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-07-15 13:28:10 +0200