From c1ca86053ed276aa05eac8468cea61785629ac5e Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Mon, 30 Jun 2008 02:57:54 +0000
Subject: Bug 440612 â Use Bugzilla::Bug->check everywhere instead of
 ValidateBugID Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit,
 a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 attachment.cgi | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'attachment.cgi')

diff --git a/attachment.cgi b/attachment.cgi
index 2520c0032..c28a300a0 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -165,8 +165,10 @@ sub validateID {
       || ThrowUserError("invalid_attach_id", { attach_id => $attach_id });
 
     # Make sure the user is authorized to access this attachment's bug.
-    ValidateBugID($attachment->bug_id);
-    if ($attachment->isprivate && $user->id != $attachment->attacher->id && !$user->is_insider) {
+    Bugzilla::Bug->check($attachment->bug_id);
+    if ($attachment->isprivate && $user->id != $attachment->attacher->id 
+        && !$user->is_insider) 
+    {
         ThrowUserError('auth_failure', {action => 'access',
                                         object => 'attachment'});
     }
@@ -281,9 +283,8 @@ sub diff {
 # HTML page.
 sub viewall {
     # Retrieve and validate parameters
-    my $bugid = $cgi->param('bugid');
-    ValidateBugID($bugid);
-    my $bug = new Bugzilla::Bug($bugid);
+    my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
+    my $bugid = $bug->id;
 
     my $attachments = Bugzilla::Attachment->get_attachments_by_bug($bugid);
 
@@ -301,13 +302,12 @@ sub viewall {
 # Display a form for entering a new attachment.
 sub enter {
   # Retrieve and validate parameters
-  my $bugid = $cgi->param('bugid');
-  ValidateBugID($bugid);
+  my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
+  my $bugid = $bug->id;
   validateCanChangeBug($bugid);
   my $dbh = Bugzilla->dbh;
   my $user = Bugzilla->user;
 
-  my $bug = new Bugzilla::Bug($bugid, $user->id);
   # Retrieve the attachments the user can edit from the database and write
   # them into an array of hashes where each hash represents one attachment.
   my $canEdit = "";
@@ -344,8 +344,8 @@ sub insert {
     $dbh->bz_start_transaction;
 
     # Retrieve and validate parameters
-    my $bugid = $cgi->param('bugid');
-    ValidateBugID($bugid);
+    my $bug = Bugzilla::Bug->check(scalar $cgi->param('bugid'));
+    my $bugid = $bug->id;
     validateCanChangeBug($bugid);
     my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()");
 
@@ -373,7 +373,6 @@ sub insert {
         }
     }
 
-    my $bug = new Bugzilla::Bug($bugid);
     my $attachment =
         Bugzilla::Attachment->insert_attachment_for_bug(THROW_ERROR, $bug, $user,
                                                         $timestamp, $vars);
-- 
cgit v1.2.3-24-g4f1b