From 5fed7ece4b48ecd990d50be4f09f13954f06c075 Mon Sep 17 00:00:00 2001
From: "travis%sedsystems.ca" <>
Date: Sat, 8 Jan 2005 05:34:06 +0000
Subject: Bug 153461: describe components shouldn't give an error for a bad
product Patch: LpSolit@netscape.net r=mkanat a=justdave
---
describecomponents.cgi | 60 ++++++++++---------------
template/en/default/global/messages.html.tmpl | 6 +++
template/en/default/global/user-error.html.tmpl | 4 --
3 files changed, 29 insertions(+), 41 deletions(-)
diff --git a/describecomponents.cgi b/describecomponents.cgi
index 6ec4ae5a7..e5805f535 100755
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -21,27 +21,25 @@
# Contributor(s): Terry Weissman
# Bradley Baetz
-use vars qw(
- %legal_product
-);
-
use strict;
-
use lib qw(.);
use Bugzilla;
use Bugzilla::Constants;
-
require "CGI.pl";
+use vars qw($vars @legal_product);
+
Bugzilla->login();
GetVersionTable();
my $cgi = Bugzilla->cgi;
-my $product = $cgi->param('product');
+my $template = Bugzilla->template;
+my $product = trim($cgi->param('product') || '');
+my $product_id = get_product_id($product);
-if (!defined $product) {
+if (!$product_id || !CanEnterProduct($product)) {
# Reference to a subset of %::proddesc, which the user is allowed to see
my %products;
@@ -55,7 +53,7 @@ if (!defined $product) {
}
}
else {
- %products = %::proddesc;
+ %products = %::proddesc;
}
my $prodsize = scalar(keys %products);
@@ -63,43 +61,32 @@ if (!defined $product) {
ThrowUserError("no_products");
}
elsif ($prodsize > 1) {
- $::vars->{'proddesc'} = \%products;
- $::vars->{'target'} = "describecomponents.cgi";
+ $vars->{'proddesc'} = \%products;
+ $vars->{'target'} = "describecomponents.cgi";
+ # If an invalid product name is given, or the user is not
+ # allowed to access that product, a message is displayed
+ # with a list of the products the user can choose from.
+ if ($product) {
+ $vars->{'message'} = "product_invalid";
+ $vars->{'product'} = $product;
+ }
print $cgi->header();
- $::template->process("global/choose-product.html.tmpl", $::vars)
- || ThrowTemplateError($::template->error());
+ $template->process("global/choose-product.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
exit;
}
$product = (keys %products)[0];
}
-# Make sure the user specified a valid product name. Note that
-# if the user specifies a valid product name but is not authorized
-# to access that product, they will receive a different error message
-# which could enable people guessing product names to determine
-# whether or not certain products exist in Bugzilla, even if they
-# cannot get any other information about that product.
-my $product_id = get_product_id($product);
-
-if (!$product_id) {
- ThrowUserError("invalid_product_name",
- { product => $product });
-}
-
-# Make sure the user is authorized to access this product.
-CanEnterProduct($product)
- || ThrowUserError("product_access_denied");
-
######################################################################
# End Data/Security Validation
######################################################################
my @components;
SendSQL("SELECT name, initialowner, initialqacontact, description FROM " .
- "components WHERE product_id = $product_id ORDER BY " .
- "name");
+ "components WHERE product_id = $product_id ORDER BY name");
while (MoreSQLData()) {
my ($name, $initialowner, $initialqacontact, $description) =
FetchSQLData();
@@ -116,10 +103,9 @@ while (MoreSQLData()) {
push @components, \%component;
}
-$::vars->{'product'} = $product;
-$::vars->{'components'} = \@components;
+$vars->{'product'} = $product;
+$vars->{'components'} = \@components;
print $cgi->header();
-$::template->process("reports/components.html.tmpl", $::vars)
- || ThrowTemplateError($::template->error());
-
+$template->process("reports/components.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 2dfe74c5f..b007af2e1 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -135,6 +135,12 @@
Back to flag types.
+ [% ELSIF message_tag == "product_invalid" %]
+ [% title = "$terms.Bugzilla Component Descriptions" %]
+ The product [% product FILTER html %] does not exist
+ or you don't have access to it. The following is a list of the
+ products you can choose from.
+
[% ELSIF message_tag == "series_created" %]
[% title = "Series Created" %]
The series [% series.category FILTER html %] /
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 24000983a..6b922d0c2 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -798,10 +798,6 @@
Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
Try breaking your patch into several pieces.
- [% ELSIF error == "product_access_denied" %]
- [% title = "Access Denied" %]
- You do not have the permissions necessary to access that product.
-
[% ELSIF error == "product_edit_denied" %]
[% title = "Product Edit Access Denied" %]
You are not permitted to edit [% terms.bugs %] in product
--
cgit v1.2.3-24-g4f1b