Closed
Bug 287947
Opened 19 years ago
Closed 19 years ago
Change CheckFormField/CheckFormFieldDefined subs in CGI.pl to use CGI object instead FORM hash
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: wicked, Assigned: wicked)
References
Details
Attachments
(1 file, 1 obsolete file)
8.35 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
Currently CheckFormField and CheckFormFieldDefined subs in CGI.pl take the FORM hash. That hash is used to check and retrieve the field values to be verified. They needs to be changed to use CGI object instead. I'm fairly certain this can be done separately without breaking process_bug.cgi or post_bug.cgi.
Assignee | ||
Comment 1•19 years ago
|
||
Here's a patch that just converts CheckFormField and CheckFormFieldDefined to use passed CGI object instead of FORM hash. Also call sites in process_bug.cgi and post_bug.cgi are changed acordingly. Patch is based on work done by GavinS. Code passes runtests and I briefly tested that field verification seems to be working.
Attachment #178762 -
Flags: review?(LpSolit)
Comment 2•19 years ago
|
||
Comment on attachment 178762 [details] [diff] [review] Convert FORM hash to CGI object, V1 Some fields are altered in .cgi files, such as $::FORM{'assigned_to'} in post_bug.cgi, line 136. If you are a user with no privs, you get an error message from ThrowCodeError(): Form field assigned_to was not defined; this may indicate a bug in your browser. Updating $::FORM{} does not update its $cgi->param() counterpart, unfortunately.
Attachment #178762 -
Flags: review?(LpSolit) → review-
Assignee | ||
Comment 3•19 years ago
|
||
I added temporary compatibility code to reflect changes in certain FORM hash variables back to CGI object. This corrects the unprivileged user problem.
Attachment #178762 -
Attachment is obsolete: true
Attachment #179009 -
Flags: review?(LpSolit)
Comment 4•19 years ago
|
||
Comment on attachment 179009 [details] [diff] [review] Convert FORM hash to CGI object, V2 works fine. r=LpSolit
Attachment #179009 -
Flags: review?(LpSolit) → review+
Updated•19 years ago
|
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 2.20
Comment 5•19 years ago
|
||
Comment on attachment 179009 [details] [diff] [review] Convert FORM hash to CGI object, V2 >RCS file: /cvsroot/mozilla/webtools/bugzilla/CGI.pl,v >+ if (!defined $cgi->param($fieldname) >+ || trim($cgi->param($fieldname)) eq "" >+ || (defined($legalsRef) >+ && lsearch($legalsRef, $cgi->param($fieldname))<0) >+ ){ > SendSQL("SELECT description FROM fielddefs WHERE name=" . SqlQuote($fieldname)); > my $result = FetchOneColumn(); > my $field; Note to the checker-in: put the closing parenthesis of the test condition on the previous line and align "{" with "if".
Updated•19 years ago
|
Flags: approval? → approval+
Comment 6•19 years ago
|
||
Note to the checked-in: this patch as #2. Next one will be bug 238875.
Depends on: 238878
Comment 7•19 years ago
|
||
Checking in CGI.pl; /cvsroot/mozilla/webtools/bugzilla/CGI.pl,v <-- CGI.pl new revision: 1.237; previous revision: 1.236 done Checking in post_bug.cgi; /cvsroot/mozilla/webtools/bugzilla/post_bug.cgi,v <-- post_bug.cgi new revision: 1.111; previous revision: 1.110 done Checking in process_bug.cgi; /cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi new revision: 1.247; previous revision: 1.246 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•