From 28fa2f54b2c400ff2067a7e76f1af5f7d361908b Mon Sep 17 00:00:00 2001 From: "kiko%async.com.br" <> Date: Fri, 23 Jul 2004 00:48:37 +0000 Subject: Fix for bug 252159: centralize time validation. Adds a ValidateTime function to Bugzilla::Bug and uses it in relevant callsites. Patch by Alexandre Michetti Manduca . r=kiko, a=justdave. --- Bugzilla/Bug.pm | 8 ++++++++ post_bug.cgi | 8 ++------ process_bug.cgi | 17 ++++------------- 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index f1a1cf341..a09e7a906 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -42,6 +42,7 @@ use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::User; use Bugzilla::Util; +use Bugzilla::Error; sub fields { # Keep this ordering in sync with bugzilla.dtd @@ -489,6 +490,13 @@ sub EmitDependList { return @list; } +sub ValidateTime{ + my ($time, $field) = @_; + if ($time > 99999.99 || $time < 0 || !($time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/)){ + ThrowUserError("need_positive_number", {field => "$field"}, 1); + } + } + sub AUTOLOAD { use vars qw($AUTOLOAD); my $attr = $AUTOLOAD; diff --git a/post_bug.cgi b/post_bug.cgi index a751a66a6..94533e38d 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) && defined $::FORM{'estimated_time'}) { my $est_time = $::FORM{'estimated_time'}; - if ($est_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) { - $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time); - } else { - ThrowUserError("need_positive_number", - { field => 'estimated_time' }); - } + Bugzilla::Bug::ValidateTime($est_time, 'estimated_time'); + $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time); } else { $sql .= "0, 0"; } diff --git a/process_bug.cgi b/process_bug.cgi index 6ed12ba5c..40a1764ea 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) { if (defined $::FORM{$field}) { my $er_time = trim($::FORM{$field}); if ($er_time ne $::FORM{'dontchange'}) { - if ($er_time > 99999.99) { - ThrowUserError("value_out_of_range", {field => $field}); - } - if ($er_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) { - DoComma(); - $::query .= "$field = " . SqlQuote($er_time); - } else { - ThrowUserError("need_positive_number", - {field => $field}); - } + Bugzilla::Bug::ValidateTime($er_time, $field); + DoComma(); + $::query .= "$field = " . SqlQuote($er_time); } } } @@ -1274,9 +1267,7 @@ foreach my $id (@idlist) { delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup')); - if ($::FORM{'work_time'} && $::FORM{'work_time'} > 99999.99) { - ThrowUserError("value_out_of_range", {field => 'work_time'}); - } + Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time'); if ($::FORM{'comment'} || $::FORM{'work_time'}) { if ($::FORM{'work_time'} && (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) { -- cgit v1.2.3-24-g4f1b