Closed Bug 287947 Opened 19 years ago Closed 19 years ago

Change CheckFormField/CheckFormFieldDefined subs in CGI.pl to use CGI object instead FORM hash

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.19.2
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.20

People

(Reporter: wicked, Assigned: wicked)

References

Details

Attachments

(1 file, 1 obsolete file)

Convert FORM hash to CGI object, V2
8.35 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review 
Currently CheckFormField and CheckFormFieldDefined subs in CGI.pl take the FORM
hash. That hash is used to check and retrieve the field values to be verified.
They needs to be changed to use CGI object instead.

I'm fairly certain this can be done separately without breaking process_bug.cgi
or post_bug.cgi.
Here's a patch that just converts CheckFormField and CheckFormFieldDefined to
use passed CGI object instead of FORM hash. Also call sites in process_bug.cgi
and post_bug.cgi are changed acordingly. Patch is based on work done by GavinS.


Code passes runtests and I briefly tested that field verification seems to be
working.
Attachment #178762 - Flags: review?(LpSolit)
Comment on attachment 178762 [details] [diff] [review]
Convert FORM hash to CGI object, V1

Some fields are altered in .cgi files, such as $::FORM{'assigned_to'} in
post_bug.cgi, line 136. If you are a user with no privs, you get an error
message from ThrowCodeError():

Form field assigned_to was not defined; this may indicate a bug in your
browser.

Updating $::FORM{} does not update its $cgi->param() counterpart,
unfortunately.
Attachment #178762 - Flags: review?(LpSolit) → review-
I added temporary compatibility code to reflect changes in certain FORM hash
variables back to CGI object. This corrects the unprivileged user problem.
Attachment #178762 - Attachment is obsolete: true
Attachment #179009 - Flags: review?(LpSolit)
Comment on attachment 179009 [details] [diff] [review]
Convert FORM hash to CGI object, V2

works fine. r=LpSolit
Attachment #179009 - Flags: review?(LpSolit) → review+
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 2.20
Comment on attachment 179009 [details] [diff] [review]
Convert FORM hash to CGI object, V2

>RCS file: /cvsroot/mozilla/webtools/bugzilla/CGI.pl,v

>+    if (!defined $cgi->param($fieldname)
>+        || trim($cgi->param($fieldname)) eq ""
>+        || (defined($legalsRef)
>+            && lsearch($legalsRef, $cgi->param($fieldname))<0)
>+       ){
>         SendSQL("SELECT description FROM fielddefs WHERE name=" . SqlQuote($fieldname));
>         my $result = FetchOneColumn();
>         my $field;


Note to the checker-in: put the closing parenthesis of the test condition on
the previous line and align "{" with "if".
Flags: approval? → approval+
Note to the checked-in: this patch as #2. Next one will be bug 238875.
Depends on: 238878
Checking in CGI.pl;
/cvsroot/mozilla/webtools/bugzilla/CGI.pl,v  <--  CGI.pl
new revision: 1.237; previous revision: 1.236
done
Checking in post_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/post_bug.cgi,v  <--  post_bug.cgi
new revision: 1.111; previous revision: 1.110
done
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v  <--  process_bug.cgi
new revision: 1.247; previous revision: 1.246
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: