1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# Contributor(s): Dan Mosedale <dmose@mozilla.org>
# Frédéric Buclin <LpSolit@gmail.com>
package Bugzilla::Field;
use strict;
use base qw(Exporter);
@Bugzilla::Field::EXPORT = qw(check_form_field check_form_field_defined
get_field_id);
use Bugzilla::Util;
use Bugzilla::Error;
sub check_form_field {
my ($cgi, $fieldname, $legalsRef) = @_;
my $dbh = Bugzilla->dbh;
if (!defined $cgi->param($fieldname)
|| trim($cgi->param($fieldname)) eq ""
|| (defined($legalsRef)
&& lsearch($legalsRef, $cgi->param($fieldname)) < 0))
{
trick_taint($fieldname);
my ($result) = $dbh->selectrow_array("SELECT description FROM fielddefs
WHERE name = ?", undef, $fieldname);
my $field = $result || $fieldname;
ThrowCodeError("illegal_field", { field => $field });
}
}
sub check_form_field_defined {
my ($cgi, $fieldname) = @_;
if (!defined $cgi->param($fieldname)) {
ThrowCodeError("undefined_field", { field => $fieldname });
}
}
sub get_field_id {
my ($name) = @_;
my $dbh = Bugzilla->dbh;
trick_taint($name);
my $id = $dbh->selectrow_array('SELECT fieldid FROM fielddefs
WHERE name = ?', undef, $name);
ThrowCodeError('invalid_field_name', {field => $name}) unless $id;
return $id
}
1;
__END__
=head1 NAME
Bugzilla::Field - Useful routines for fields manipulation
=head1 SYNOPSIS
use Bugzilla::Field;
# Validation Routines
check_form_field($cgi, $fieldname, \@legal_values);
check_form_field_defined($cgi, $fieldname);
$fieldid = get_field_id($fieldname);
=head1 DESCRIPTION
This package provides functions for dealing with CGI form fields.
=head1 FUNCTIONS
This package provides several types of routines:
=head2 Validation
=over
=item C<check_form_field($cgi, $fieldname, \@legal_values)>
Description: Makes sure the field $fieldname is defined and its value
is non empty. If @legal_values is defined, this routine
also checks whether its value is one of the legal values
associated with this field. If the test fails, an error
is thrown.
Params: $cgi - a CGI object
$fieldname - the field name to check
@legal_values - (optional) ref to a list of legal values
Returns: nothing
=item C<check_form_field_defined($cgi, $fieldname)>
Description: Makes sure the field $fieldname is defined and its value
is non empty. Else an error is thrown.
Params: $cgi - a CGI object
$fieldname - the field name to check
Returns: nothing
=item C<get_field_id($fieldname)>
Description: Returns the ID of the specified field name and throws
an error if this field does not exist.
Params: $fieldname - a field name
Returns: the corresponding field ID or an error if the field name
does not exist.
=back
|