From b7c87a7217ea157c1305526e6d62c94d5ef8d36f Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Tue, 19 Dec 2006 14:39:28 +0000 Subject: Bug 339380: Make Bugzilla::Component use Bugzilla::Object Patch By Max Kanat-Alexander r=LpSolit, a=myk --- Bugzilla/Object.pm | 87 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 68 insertions(+), 19 deletions(-) (limited to 'Bugzilla/Object.pm') diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index a2ca8ff94..30ecc77e2 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -60,6 +60,8 @@ sub _init { my $object; if (defined $id) { + # We special-case if somebody specifies an ID, so that we can + # validate it as numeric. detaint_natural($id) || ThrowCodeError('param_must_be_numeric', {function => $class . '::_init'}); @@ -67,23 +69,40 @@ sub _init { $object = $dbh->selectrow_hashref(qq{ SELECT $columns FROM $table WHERE $id_field = ?}, undef, $id); - } elsif (defined $param->{'name'}) { - trick_taint($param->{'name'}); - $object = $dbh->selectrow_hashref(qq{ - SELECT $columns FROM $table - WHERE } . $dbh->sql_istrcmp($name_field, '?'), - undef, $param->{'name'}); } else { - ThrowCodeError('bad_arg', - {argument => 'param', - function => $class . '::_init'}); + unless (defined $param->{name} || (defined $param->{'condition'} + && defined $param->{'values'})) + { + ThrowCodeError('bad_arg', { argument => 'param', + function => $class . '::new' }); + } + + my ($condition, @values); + if (defined $param->{name}) { + $condition = $dbh->sql_istrcmp($name_field, '?'); + push(@values, $param->{name}); + } + elsif (defined $param->{'condition'} && defined $param->{'values'}) { + caller->isa('Bugzilla::Object') + || ThrowCodeError('protection_violation', + { caller => caller, + function => $class . '::new', + argument => 'condition/values' }); + $condition = $param->{'condition'}; + push(@values, @{$param->{'values'}}); + } + + map { trick_taint($_) } @values; + $object = $dbh->selectrow_hashref( + "SELECT $columns FROM $table WHERE $condition", undef, @values); } return $object; } sub new_from_list { - my $class = shift; + my $invocant = shift; + my $class = ref($invocant) || $invocant; my ($id_list) = @_; my $dbh = Bugzilla->dbh; my $columns = join(',', $class->DB_COLUMNS); @@ -363,17 +382,47 @@ the L usually can't be updated.) =item C - Description: The constructor is used to load an existing object - from the database, by id or by name. +=over + +=item B + +The constructor is used to load an existing object from the database, +by id or by name. - Params: $param - If you pass an integer, the integer is the - id of the object, from the database, that we - want to read in. If you pass in a hash with - C key, then the value of the name key - is the case-insensitive name of the object from - the DB. +=item B + +If you pass an integer, the integer is the id of the object, +from the database, that we want to read in. (id is defined +as the value in the L column). + +If you pass in a hash, you can pass a C key. The +value of the C key is the case-insensitive name of the object +(from L) in the DB. + +B + +If you are a subclass of C, you can pass +C and C as hash keys, instead of the above. + +C is a set of SQL conditions for the WHERE clause, which contain +placeholders. + +C is a reference to an array. The array contains the values +for each placeholder in C, in order. - Returns: A fully-initialized object. +This is to allow subclasses to have complex parameters, and then to +translate those parameters into C and C when they +call C<$self->SUPER::new> (which is this function, usually). + +If you try to call C outside of a subclass with the C +and C parameters, Bugzilla will throw an error. These parameters +are intended B for use by subclasses. + +=item B + +A fully-initialized object. + +=back =item C -- cgit v1.2.3-24-g4f1b