From 1254fcb8c43defcbce99713f5cd85a104670895e Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 31 Oct 2005 05:31:27 +0000 Subject: Bug 304075: Eliminate use of $::userid from Bugzilla - Patch by Frédéric Buclin r=wicked a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla.pm | 4 --- Bugzilla/Auth/Login/WWW.pm | 4 --- Bugzilla/Flag.pm | 16 ++++----- Bugzilla/Search.pm | 4 --- buglist.cgi | 30 ++++++++-------- chart.cgi | 11 +++--- checksetup.pl | 11 +++--- duplicates.cgi | 2 +- editcomponents.cgi | 2 +- editproducts.cgi | 6 ++-- enter_bug.cgi | 3 +- globals.pl | 2 -- index.cgi | 2 +- post_bug.cgi | 6 ++-- quips.cgi | 6 ++-- show_bug.cgi | 6 ++-- showdependencygraph.cgi | 2 -- showdependencytree.cgi | 3 -- userprefs.cgi | 88 ++++++++++++++++++++++++++-------------------- 19 files changed, 95 insertions(+), 113 deletions(-) diff --git a/Bugzilla.pm b/Bugzilla.pm index a86e799eb..de30d8c99 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -145,7 +145,6 @@ sub sudo_request { $_user = $new_user; $_sudoer = $new_sudoer; - $::userid = $new_user->id; # NOTE: If you want to log the start of an sudo session, do it here. @@ -177,7 +176,6 @@ sub login { { $_user = $sudo_target; $_sudoer = $authenticated_user; - $::userid = $sudo_target->id; # NOTE: If you want to do any special logging, do it here. } @@ -216,8 +214,6 @@ sub logout_user_by_id { sub logout_request { undef $_user; undef $_sudoer; - # XXX clean this up eventually - $::userid = 0; # We can't delete from $cgi->cookie, so logincookie data will remain # there. Don't rely on it: use Bugzilla->user->login instead! } diff --git a/Bugzilla/Auth/Login/WWW.pm b/Bugzilla/Auth/Login/WWW.pm index f4bb102b1..29cc7fced 100644 --- a/Bugzilla/Auth/Login/WWW.pm +++ b/Bugzilla/Auth/Login/WWW.pm @@ -75,11 +75,7 @@ sub login { if (Param('sslbase') ne '' and Param('ssl') ne 'never') { Bugzilla->cgi->require_https(Param('sslbase')); } - $user->set_flags('can_logout' => $class->can_logout); - - # Compat stuff - $::userid = $userid; } else { Bugzilla->logout_request(); } diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 6f0cb94cc..6288c920c 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -492,6 +492,7 @@ sub process { sub update_activity { my ($bug_id, $attach_id, $timestamp, $old_summaries, $new_summaries) = @_; my $dbh = Bugzilla->dbh; + my $user_id = Bugzilla->user->id; $attach_id ||= 'NULL'; $old_summaries = join(", ", @$old_summaries); @@ -503,7 +504,7 @@ sub update_activity { my $field_id = get_field_id('flagtypes.name'); $dbh->do("INSERT INTO bugs_activity (bug_id, attach_id, who, bug_when, fieldid, removed, added) - VALUES ($bug_id, $attach_id, $::userid, $timestamp, + VALUES ($bug_id, $attach_id, $user_id, $timestamp, $field_id, $sql_removed, $sql_added)"); $dbh->do("UPDATE bugs SET delta_ts = $timestamp WHERE bug_id = ?", @@ -603,6 +604,7 @@ attachment.cgi midairs. See bug 223878 for details. sub modify { my ($cgi, $timestamp) = @_; + my $setter = Bugzilla->user; # Use the date/time we were given if possible (allowing calling code # to synchronize the comment's timestamp with those of other records). @@ -621,7 +623,6 @@ sub modify { my $status = $cgi->param("flag-$id"); - # If the user entered more than one name into the requestee field # (i.e. they want more than one person to set the flag) we can reuse # the existing flag for the first person (who may well be the existing @@ -639,7 +640,7 @@ sub modify { foreach my $login (@requestees) { create({ type => $flag->{type} , target => $flag->{target} , - setter => new Bugzilla::User($::userid), + setter => $setter, status => "?", requestee => new Bugzilla::User(login_to_id($login)) }, $timestamp); @@ -678,7 +679,7 @@ sub modify { if ($status eq '+' || $status eq '-') { &::SendSQL("UPDATE flags - SET setter_id = $::userid , + SET setter_id = " . $setter->id . ", requestee_id = NULL , status = '$status' , modification_date = $sql_timestamp , @@ -703,7 +704,7 @@ sub modify { # Update the database with the changes. &::SendSQL("UPDATE flags - SET setter_id = $::userid , + SET setter_id = " . $setter->id . ", requestee_id = $requestee_id , status = '$status' , modification_date = $sql_timestamp , @@ -778,8 +779,8 @@ array of flag objects. This array is then passed to Flag::create(). sub FormToNewFlags { my ($target, $cgi) = @_; - my $dbh = Bugzilla->dbh; + my $setter = Bugzilla->user; # Extract a list of flag type IDs from field names. my @type_ids = map(/^flag_type-(\d+)$/ ? $1 : (), $cgi->param()); @@ -787,9 +788,6 @@ sub FormToNewFlags { return () unless scalar(@type_ids); - # Get information about the setter to add to each flag. - my $setter = new Bugzilla::User($::userid); - # Get a list of active flag types available for this target. my $flag_types = Bugzilla::FlagType::match( { 'target_type' => $target->{'type'}, diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index ebccdb51e..468457844 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -30,10 +30,6 @@ use strict; -# The caller MUST require globals.pl before using this module. - -use vars qw($userid); - package Bugzilla::Search; use base qw(Exporter); @Bugzilla::Search::EXPORT = qw(IsValidQueryType); diff --git a/buglist.cgi b/buglist.cgi index 386253556..6de0c7321 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -44,8 +44,7 @@ use Bugzilla::Bug; # Include the Bugzilla CGI and general utility library. require "globals.pl"; -use vars qw($db_name - @components +use vars qw(@components @legal_keywords @legal_platform @legal_priority @@ -53,7 +52,6 @@ use vars qw($db_name @legal_severity @settable_resolution @target_milestone - $userid @versions); my $cgi = Bugzilla->cgi; @@ -204,7 +202,7 @@ sub DiffDate { sub LookupNamedQuery { my ($name) = @_; - Bugzilla->login(LOGIN_REQUIRED); + my $user = Bugzilla->login(LOGIN_REQUIRED); my $dbh = Bugzilla->dbh; # $name is safe -- we only use it below in a SELECT placeholder and then # in error messages (which are always HTML-filtered). @@ -212,7 +210,7 @@ sub LookupNamedQuery { trick_taint($name); my $result = $dbh->selectrow_array("SELECT query FROM namedqueries" . " WHERE userid = ? AND name = ?" - , undef, (Bugzilla->user->id, $name)); + , undef, ($user->id, $name)); defined($result) || ThrowUserError("missing_query", {'queryname' => $name}); $result @@ -316,11 +314,12 @@ sub GetQuip { sub GetGroups { my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; # Create an array where each item is a hash. The hash contains # as keys the name of the columns, which point to the value of # the columns for that row. - my $grouplist = Bugzilla->user->groups_as_string; + my $grouplist = $user->groups_as_string; my $groups = $dbh->selectall_arrayref( "SELECT id, name, description, isactive FROM groups @@ -387,7 +386,7 @@ if ($cgi->param('cmdtype') eq "dorem") { $order = $params->param('order') || $order; } elsif ($cgi->param('remaction') eq "forget") { - Bugzilla->login(LOGIN_REQUIRED); + my $user = Bugzilla->login(LOGIN_REQUIRED); # Copy the name into a variable, so that we can trick_taint it for # the DB. We know it's safe, because we're using placeholders in # the SQL, and the SQL is only a DELETE. @@ -405,7 +404,7 @@ if ($cgi->param('cmdtype') eq "dorem") { = ? AND whine_queries.query_name = ? - ', undef, Bugzilla->user->id, $qname); + ', undef, $user->id, $qname); if (scalar(@$whines_in_use)) { ThrowUserError('saved_search_used_by_whines', { subjects => join(',', @$whines_in_use), @@ -416,10 +415,10 @@ if ($cgi->param('cmdtype') eq "dorem") { # If we are here, then we can safely remove the saved search $dbh->do("DELETE FROM namedqueries" . " WHERE userid = ? AND name = ?" - , undef, ($userid, $qname)); + , undef, ($user->id, $qname)); # Now reset the cached queries - Bugzilla->user->flush_queries_cache(); + $user->flush_queries_cache(); print $cgi->header(); # Generate and return the UI (HTML page) from the appropriate template. @@ -433,13 +432,12 @@ if ($cgi->param('cmdtype') eq "dorem") { } elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { - Bugzilla->login(LOGIN_REQUIRED); - InsertNamedQuery(Bugzilla->user->id, DEFAULT_QUERY_NAME, $buffer); + my $user = Bugzilla->login(LOGIN_REQUIRED); + InsertNamedQuery($user->id, DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } elsif ($cgi->param('remtype') eq "asnamed") { - Bugzilla->login(LOGIN_REQUIRED); - my $userid = Bugzilla->user->id; + my $user = Bugzilla->login(LOGIN_REQUIRED); my $query_name = $cgi->param('newqueryname'); my $new_query = $cgi->param('newquery'); my $query_type = QUERY_LIST; @@ -468,7 +466,7 @@ elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) { $query_type = LIST_OF_BUGS; } my $tofooter = 1; - my $existed_before = InsertNamedQuery($userid, $query_name, $new_query, + my $existed_before = InsertNamedQuery($user->id, $query_name, $new_query, $tofooter, $query_type); if ($existed_before) { $vars->{'message'} = "buglist_updated_named_query"; @@ -479,7 +477,7 @@ elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) { # Make sure to invalidate any cached query data, so that the footer is # correctly displayed - Bugzilla->user->flush_queries_cache(); + $user->flush_queries_cache(); $vars->{'queryname'} = $query_name; diff --git a/chart.cgi b/chart.cgi index 2835bcaa2..c60eedac4 100755 --- a/chart.cgi +++ b/chart.cgi @@ -86,7 +86,7 @@ if ($action eq "search") { exit; } -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); UserInGroup(Param("chartgroup")) || ThrowUserError("auth_failure", {group => Param("chartgroup"), @@ -103,7 +103,7 @@ if ($action =~ /^(assemble|add|remove|sum|subscribe|unsubscribe)$/) { if ($action =~ /^subscribe|unsubscribe$/) { detaint_natural($series_id) || ThrowCodeError("invalid_series_id"); my $series = new Bugzilla::Series($series_id); - $series->$action($::userid); + $series->$action($user->id); } my $chart = new Bugzilla::Chart($cgi); @@ -203,14 +203,15 @@ sub getSelectedLines { # Check if the user is the owner of series_id or is an admin. sub assertCanEdit { my ($series_id) = @_; - - return if UserInGroup("admin"); + my $user = Bugzilla->user; + + return if $user->in_group('admin'); my $dbh = Bugzilla->dbh; my $iscreator = $dbh->selectrow_array("SELECT CASE WHEN creator = ? " . "THEN 1 ELSE 0 END FROM series " . "WHERE series_id = ?", undef, - $::userid, $series_id); + $user->id, $series_id); $iscreator || ThrowUserError("illegal_series_edit"); } diff --git a/checksetup.pl b/checksetup.pl index d04a07b7c..c728c4636 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -3427,10 +3427,6 @@ if (!$series_exists) { my $all_name = "-All-"; my $open_name = "All Open"; - # We can't give the Series we create a meaningful owner; that's not a big - # problem. But we do need to set this global, otherwise Series.pm objects. - $::userid = 0; - my $products = $dbh->selectall_arrayref("SELECT name FROM products"); foreach my $product ((map { $_->[0] } @$products), "-All-") { @@ -3448,9 +3444,10 @@ if (!$series_exists) { $queries{$_} = ($query_prod . "resolution=$_") foreach (@resolutions); foreach my $field (@fields) { - # Create a Series for each field in this product + # Create a Series for each field in this product. + # user ID = 0 is used. my $series = new Bugzilla::Series(undef, $product, $all_name, - $field, $::userid, 1, + $field, 0, 1, $queries{$field}, 1); $series->writeToDatabase(); $seriesids{$field} = $series->{'series_id'}; @@ -3461,7 +3458,7 @@ if (!$series_exists) { my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"); my $query = join("&", map { "bug_status=$_" } @openedstatuses); my $series = new Bugzilla::Series(undef, $product, $all_name, - $open_name, $::userid, 1, + $open_name, 0, 1, $query_prod . $query, 1); $series->writeToDatabase(); $seriesids{$open_name} = $series->{'series_id'}; diff --git a/duplicates.cgi b/duplicates.cgi index 30f027103..07bddc688 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -68,7 +68,7 @@ else { Bugzilla->switch_to_shadow_db(); -use vars qw ($userid @legal_product); +use vars qw (@legal_product); my %dbmcount; my %count; diff --git a/editcomponents.cgi b/editcomponents.cgi index 5b0088bd6..60074cb40 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -204,7 +204,7 @@ if ($action eq 'new') { foreach my $sdata (@series) { my $series = new Bugzilla::Series(undef, $product->name, $comp_name, $sdata->[0], - $::userid, 1, $sdata->[1], 1); + $whoid, 1, $sdata->[1], 1); $series->writeToDatabase(); } diff --git a/editproducts.cgi b/editproducts.cgi index 9195dfe09..7b2123697 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -304,7 +304,7 @@ if ($action eq 'new') { foreach my $sdata (@series) { my $series = new Bugzilla::Series(undef, $product->name, scalar $cgi->param('subcategory'), - $sdata->[0], $::userid, 1, + $sdata->[0], $whoid, 1, $sdata->[1] . "&product=" . url_quote($product->name), 1); $series->writeToDatabase(); @@ -652,7 +652,7 @@ if ($action eq 'updategroupcontrols') { $dbh->selectrow_array($sth_Select2, undef, $groupid); LogActivityEntry($bugid, "bug_group", $removed, "", - $::userid, $timestamp); + $whoid, $timestamp); if ($mailiscurrent) { $sth_Update2->execute($timestamp, $timestamp, $bugid); @@ -695,7 +695,7 @@ if ($action eq 'updategroupcontrols') { $dbh->selectrow_array($sth_Select2, undef, $groupid); LogActivityEntry($bugid, "bug_group", "", $added, - $::userid, $timestamp); + $whoid, $timestamp); if ($mailiscurrent) { $sth_Update2->execute($timestamp, $timestamp, $bugid); diff --git a/enter_bug.cgi b/enter_bug.cgi index 230d39bf8..1692289ff 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -50,7 +50,6 @@ use vars qw( @legal_priority @legal_severity @legal_keywords - $userid %versions %target_milestone $proddesc @@ -323,7 +322,7 @@ $cloned_bug_id = $cgi->param('cloned_bug_id'); if ($cloned_bug_id) { ValidateBugID($cloned_bug_id); - $cloned_bug = new Bugzilla::Bug($cloned_bug_id, $userid); + $cloned_bug = new Bugzilla::Bug($cloned_bug_id, Bugzilla->user->id); } # We need to check and make sure diff --git a/globals.pl b/globals.pl index deff2e043..8fd88fc13 100644 --- a/globals.pl +++ b/globals.pl @@ -44,7 +44,6 @@ use Bugzilla::Error; sub globals_pl_sillyness { my $zz; - $zz = @main::default_column_list; $zz = @main::enterable_products; $zz = %main::keywordsbyname; $zz = @main::legal_bug_status; @@ -60,7 +59,6 @@ sub globals_pl_sillyness { $zz = @main::milestoneurl; $zz = %main::proddesc; $zz = @main::prodmaxvotes; - $zz = $main::userid; } # diff --git a/index.cgi b/index.cgi index f3e8ccd17..a35be0726 100755 --- a/index.cgi +++ b/index.cgi @@ -32,7 +32,7 @@ use strict; use lib "."; require "globals.pl"; -# Check whether or not the user is logged in and, if so, set the $::userid +# Check whether or not the user is logged in use Bugzilla::Constants; Bugzilla->login(LOGIN_OPTIONAL); diff --git a/post_bug.cgi b/post_bug.cgi index c1af2a5d0..a2516c321 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -298,7 +298,7 @@ $comment = trim($comment); # OK except for the fact that it causes e-mail to be suppressed. $comment = $comment ? $comment : " "; -$sql .= "$::userid, $sql_timestamp, "; +$sql .= $user->id . ", $sql_timestamp, "; # Time Tracking if (UserInGroup(Param("timetrackinggroup")) && @@ -443,10 +443,10 @@ $dbh->do("UPDATE bugs SET creation_ts = ? WHERE bug_id = ?", $dbh->bz_unlock_tables(); # Email everyone the details of the new bug -$vars->{'mailrecipients'} = {'changer' => Bugzilla->user->login}; +$vars->{'mailrecipients'} = {'changer' => $user->login}; $vars->{'id'} = $id; -my $bug = new Bugzilla::Bug($id, $::userid); +my $bug = new Bugzilla::Bug($id, $user->id); $vars->{'bug'} = $bug; ThrowCodeError("bug_error", { bug => $bug }) if $bug->error; diff --git a/quips.cgi b/quips.cgi index c7dadee5d..b2fd482bc 100755 --- a/quips.cgi +++ b/quips.cgi @@ -25,15 +25,13 @@ use strict; -use vars qw($userid); - use lib qw(.); require "globals.pl"; use Bugzilla::Constants; -Bugzilla->login(LOGIN_REQUIRED); +my $user = Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -82,7 +80,7 @@ if ($action eq "add") { trick_taint($comment); # Used in a placeholder below $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)", - undef, ($userid, $comment, $approved)); + undef, ($user->id, $comment, $approved)); $vars->{'added_quip'} = $comment; } diff --git a/show_bug.cgi b/show_bug.cgi index 0a99598b5..4d6819a36 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -30,8 +30,6 @@ use Bugzilla::User; require "globals.pl"; -use vars qw($userid); - use Bugzilla::Bug; my $cgi = Bugzilla->cgi; @@ -69,7 +67,7 @@ if ($single) { # Its a bit silly to do the validation twice - that functionality should # probably move into Bug.pm at some point ValidateBugID($id); - push @bugs, new Bugzilla::Bug($id, $userid); + push @bugs, new Bugzilla::Bug($id, Bugzilla->user->id); if (defined $cgi->param('mark')) { foreach my $range (split ',', $cgi->param('mark')) { if ($range =~ /^(\d+)-(\d+)$/) { @@ -83,7 +81,7 @@ if ($single) { } } else { foreach my $id ($cgi->param('id')) { - my $bug = new Bugzilla::Bug($id, $userid); + my $bug = new Bugzilla::Bug($id, Bugzilla->user->id); push @bugs, $bug; } } diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 4fe63df2a..0bdaab3e6 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -44,8 +44,6 @@ my $vars = {}; # performance. Bugzilla->switch_to_shadow_db(); -use vars qw($userid); - my %seen; my %edgesdone; my %bugtitles; # html title attributes for imagemap areas diff --git a/showdependencytree.cgi b/showdependencytree.cgi index e369b4d86..3e4c4bf88 100755 --- a/showdependencytree.cgi +++ b/showdependencytree.cgi @@ -41,9 +41,6 @@ my $vars = {}; # performance. Bugzilla->switch_to_shadow_db(); -# More warning suppression silliness. -$::userid = $::userid; - ################################################################################ # Data/Security Validation # ################################################################################ diff --git a/userprefs.cgi b/userprefs.cgi index ebbcefbab..101dead40 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -34,9 +34,6 @@ use Bugzilla::User; require "globals.pl"; -# Use global template variables. -use vars qw($userid); - my $template = Bugzilla->template; my $vars = {}; @@ -48,8 +45,10 @@ my $vars = {}; ############################################################################### sub DoAccount { my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; + ($vars->{'realname'}) = $dbh->selectrow_array( - "SELECT realname FROM profiles WHERE userid = ?", undef, $userid); + "SELECT realname FROM profiles WHERE userid = ?", undef, $user->id); if(Param('allowemailchange')) { my @token = $dbh->selectrow_array( @@ -58,7 +57,7 @@ sub DoAccount { FROM tokens WHERE userid = ? AND tokentype LIKE 'email%' - ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $userid); + ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $user->id); if (scalar(@token) > 0) { my ($tokentype, $change_date, $eventdata) = @token; $vars->{'login_change_date'} = $change_date; @@ -74,6 +73,7 @@ sub DoAccount { sub SaveAccount { my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; my $pwd1 = $cgi->param('new_password1'); my $pwd2 = $cgi->param('new_password2'); @@ -83,7 +83,7 @@ sub SaveAccount { { my ($oldcryptedpwd) = $dbh->selectrow_array( q{SELECT cryptpassword FROM profiles WHERE userid = ?}, - undef, $userid); + undef, $user->id); $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password"); if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne @@ -103,7 +103,7 @@ sub SaveAccount { $dbh->do(q{UPDATE profiles SET cryptpassword = ? WHERE userid = ?}, - undef, ($cryptedpassword, $userid)); + undef, ($cryptedpassword, $user->id)); # Invalidate all logins except for the current one Bugzilla->logout(LOGOUT_KEEP_CURRENT); @@ -120,7 +120,7 @@ sub SaveAccount { use Bugzilla::Token; # Block multiple email changes for the same user. - if (Bugzilla::Token::HasEmailChangeToken($userid)) { + if (Bugzilla::Token::HasEmailChangeToken($user->id)) { ThrowUserError("email_change_in_progress"); } @@ -131,8 +131,8 @@ sub SaveAccount { is_available_username($new_login_name) || ThrowUserError("account_exists", {email => $new_login_name}); - Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name, - $new_login_name); + Bugzilla::Token::IssueEmailChangeToken($user->id, $old_login_name, + $new_login_name); $vars->{'email_changes_saved'} = 1; } @@ -141,12 +141,14 @@ sub SaveAccount { my $realname = trim($cgi->param('realname')); trick_taint($realname); # Only used in a placeholder $dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?", - undef, ($realname, $userid)); + undef, ($realname, $user->id)); } sub DoSettings { - my $settings = Bugzilla->user->settings; + my $user = Bugzilla->user; + + my $settings = $user->settings; $vars->{'settings'} = $settings; my @setting_list = keys %$settings; @@ -165,9 +167,10 @@ sub DoSettings { sub SaveSettings { my $cgi = Bugzilla->cgi; + my $user = Bugzilla->user; - my $settings = Bugzilla->user->settings; - my @setting_list = keys %{Bugzilla->user->settings}; + my $settings = $user->settings; + my @setting_list = keys %$settings; foreach my $name (@setting_list) { next if ! ($settings->{$name}->{'is_enabled'}); @@ -184,11 +187,12 @@ sub SaveSettings { $settings->{$name}->set($value); } } - $vars->{'settings'} = Bugzilla->user->settings(1); + $vars->{'settings'} = $user->settings(1); } sub DoEmail { my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; ########################################################################### # User watching @@ -198,12 +202,12 @@ sub DoEmail { "SELECT profiles.login_name FROM watch INNER JOIN profiles" . " ON watch.watched = profiles.userid" . " WHERE watcher = ?", - undef, $userid); + undef, $user->id); $vars->{'watchedusers'} = join(',', @$watched_ref); my $watcher_ids = $dbh->selectcol_arrayref( "SELECT watcher FROM watch WHERE watched = ?", - undef, $userid); + undef, $user->id); my @watchers; foreach my $watcher_id (@$watcher_ids) { @@ -218,10 +222,10 @@ sub DoEmail { ########################################################################### # Role-based preferences ########################################################################### - my $sth = Bugzilla->dbh->prepare("SELECT relationship, event " . - "FROM email_setting " . - "WHERE user_id = $userid"); - $sth->execute(); + my $sth = $dbh->prepare("SELECT relationship, event " . + "FROM email_setting " . + "WHERE user_id = ?"); + $sth->execute($user->id); my %mail; while (my ($relationship, $event) = $sth->fetchrow_array()) { @@ -234,6 +238,7 @@ sub DoEmail { sub SaveEmail { my $dbh = Bugzilla->dbh; my $cgi = Bugzilla->cgi; + my $user = Bugzilla->user; ########################################################################### # Role-based preferences @@ -241,7 +246,7 @@ sub SaveEmail { $dbh->bz_lock_tables("email_setting WRITE"); # Delete all the user's current preferences - $dbh->do("DELETE FROM email_setting WHERE user_id = $userid"); + $dbh->do("DELETE FROM email_setting WHERE user_id = ?", undef, $user->id); # Repopulate the table - first, with normal events in the # relationship/event matrix. @@ -255,7 +260,8 @@ sub SaveEmail { { $dbh->do("INSERT INTO email_setting " . "(user_id, relationship, event) " . - "VALUES ($userid, $rel, $event)"); + "VALUES (?, ?, ?)", + undef, ($user->id, $rel, $event)); } } @@ -266,7 +272,8 @@ sub SaveEmail { { $dbh->do("INSERT INTO email_setting " . "(user_id, relationship, event) " . - "VALUES ($userid, $rel, $event)"); + "VALUES (?, ?, ?)", + undef, ($user->id, $rel, $event)); } } } @@ -278,7 +285,8 @@ sub SaveEmail { { $dbh->do("INSERT INTO email_setting " . "(user_id, relationship, event) " . - "VALUES ($userid, " . REL_ANY . ", $event)"); + "VALUES (?, ?, ?)", + undef, ($user->id, REL_ANY, $event)); } } @@ -297,7 +305,7 @@ sub SaveEmail { # what the db looks like now my $old_watch_ids = $dbh->selectcol_arrayref("SELECT watched FROM watch" - . " WHERE watcher = ?", undef, $userid); + . " WHERE watcher = ?", undef, $user->id); # The new information given to us by the user. my @new_watch_names = split(/[,\s]+/, $cgi->param('watchedusers')); @@ -312,14 +320,14 @@ sub SaveEmail { my $delete_sth = $dbh->prepare('DELETE FROM watch WHERE watched = ?' . ' AND watcher = ?'); foreach my $remove_me (@$removed) { - $delete_sth->execute($remove_me, $userid); + $delete_sth->execute($remove_me, $user->id); } # Add people who were added. my $insert_sth = $dbh->prepare('INSERT INTO watch (watched, watcher)' . ' VALUES (?, ?)'); foreach my $add_me (@$added) { - $insert_sth->execute($add_me, $userid); + $insert_sth->execute($add_me, $user->id); } $dbh->bz_unlock_tables(); @@ -329,11 +337,12 @@ sub SaveEmail { sub DoPermissions { my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; my (@has_bits, @set_bits); my $groups = $dbh->selectall_arrayref( "SELECT DISTINCT name, description FROM groups WHERE id IN (" . - Bugzilla->user->groups_as_string . ") ORDER BY name"); + $user->groups_as_string . ") ORDER BY name"); foreach my $group (@$groups) { my ($nam, $desc) = @$group; push(@has_bits, {"desc" => $desc, "name" => $nam}); @@ -342,7 +351,7 @@ sub DoPermissions { "SELECT DISTINCT name, description FROM groups ORDER BY name"); foreach my $group (@$groups) { my ($nam, $desc) = @$group; - if (Bugzilla->user->can_bless($nam)) { + if ($user->can_bless($nam)) { push(@set_bits, {"desc" => $desc, "name" => $nam}); } } @@ -357,8 +366,9 @@ sub DoPermissions { sub DoSavedSearches { # 2004-12-13 - colin.ogilvie@gmail.com, bug 274397 # Need to work around the possibly missing query_format=advanced - $vars->{'user'} = Bugzilla->user; - my @queries = @{Bugzilla->user->queries}; + my $user = Bugzilla->user; + + my @queries = @{$user->queries}; my @newqueries; foreach my $q (@queries) { if ($q->{'query'} =~ /query_format=([^&]*)/) { @@ -382,22 +392,24 @@ sub DoSavedSearches { sub SaveSavedSearches { my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; - my @queries = @{Bugzilla->user->queries}; + my $user = Bugzilla->user; + + my @queries = @{$user->queries}; my $sth = $dbh->prepare("UPDATE namedqueries SET linkinfooter = ? WHERE userid = ? AND name = ?"); foreach my $q (@queries) { my $linkinfooter = defined($cgi->param("linkinfooter_$q->{'name'}")) ? 1 : 0; - $sth->execute($linkinfooter, $userid, $q->{'name'}); + $sth->execute($linkinfooter, $user->id, $q->{'name'}); } - Bugzilla->user->flush_queries_cache; + $user->flush_queries_cache; my $showmybugslink = defined($cgi->param("showmybugslink")) ? 1 : 0; - $dbh->do("UPDATE profiles SET mybugslink = $showmybugslink " . - "WHERE userid = " . Bugzilla->user->id); - Bugzilla->user->{'showmybugslink'} = $showmybugslink; + $dbh->do("UPDATE profiles SET mybugslink = ? WHERE userid = ?", + undef, ($showmybugslink, $user->id)); + $user->{'showmybugslink'} = $showmybugslink; } -- cgit v1.2.3-24-g4f1b