From 28fa2f54b2c400ff2067a7e76f1af5f7d361908b Mon Sep 17 00:00:00 2001
From: "kiko%async.com.br" <>
Date: Fri, 23 Jul 2004 00:48:37 +0000
Subject: Fix for bug 252159: centralize time validation. Adds a ValidateTime
 function to Bugzilla::Bug and uses it in relevant callsites. Patch by
 Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>. r=kiko, a=justdave.

---
 Bugzilla/Bug.pm |  8 ++++++++
 post_bug.cgi    |  8 ++------
 process_bug.cgi | 17 ++++-------------
 3 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index f1a1cf341..a09e7a906 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -42,6 +42,7 @@ use Bugzilla::Flag;
 use Bugzilla::FlagType;
 use Bugzilla::User;
 use Bugzilla::Util;
+use Bugzilla::Error;
 
 sub fields {
     # Keep this ordering in sync with bugzilla.dtd
@@ -489,6 +490,13 @@ sub EmitDependList {
   return @list;
 }
 
+sub ValidateTime{
+  my ($time, $field) = @_;
+    if ($time > 99999.99 || $time < 0 || !($time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/)){
+      ThrowUserError("need_positive_number", {field => "$field"}, 1);
+    }
+ }
+
 sub AUTOLOAD {
   use vars qw($AUTOLOAD);
   my $attr = $AUTOLOAD;
diff --git a/post_bug.cgi b/post_bug.cgi
index a751a66a6..94533e38d 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) &&
     defined $::FORM{'estimated_time'}) {
 
     my $est_time = $::FORM{'estimated_time'};
-    if ($est_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) {
-        $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time);
-    } else {
-        ThrowUserError("need_positive_number",
-                       { field => 'estimated_time' });
-    }
+    Bugzilla::Bug::ValidateTime($est_time, 'estimated_time');
+    $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time);
 } else {
     $sql .= "0, 0";
 }
diff --git a/process_bug.cgi b/process_bug.cgi
index 6ed12ba5c..40a1764ea 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) {
         if (defined $::FORM{$field}) {
             my $er_time = trim($::FORM{$field});
             if ($er_time ne $::FORM{'dontchange'}) {
-                if ($er_time > 99999.99) {
-                    ThrowUserError("value_out_of_range", {field => $field});
-                }
-                if ($er_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) {
-                    DoComma();
-                    $::query .= "$field = " . SqlQuote($er_time);
-                } else {
-                    ThrowUserError("need_positive_number",
-                                   {field => $field});
-                }
+                Bugzilla::Bug::ValidateTime($er_time, $field);
+                DoComma();
+                $::query .= "$field = " . SqlQuote($er_time);
             }
         }
     }
@@ -1274,9 +1267,7 @@ foreach my $id (@idlist) {
 
     delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup'));
 
-    if ($::FORM{'work_time'} && $::FORM{'work_time'} > 99999.99) {
-        ThrowUserError("value_out_of_range", {field => 'work_time'});
-    }
+    Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time');
     if ($::FORM{'comment'} || $::FORM{'work_time'}) {
         if ($::FORM{'work_time'} && 
             (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) {
-- 
cgit v1.2.3-24-g4f1b