Closed
Bug 303697
Opened 19 years ago
Closed 19 years ago
Eliminate deprecated Bugzilla::DB routines from token.cgi
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.22
People
(Reporter: wicked, Assigned: wicked)
References
Details
Attachments
(1 file, 1 obsolete file)
|
7.08 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
These lines need to rewritten to use DBI:
token.cgi:68: $::quotedtoken = SqlQuote($::token);
token.cgi:80: SendSQL( "SELECT tokentype FROM tokens WHERE token =
$::quotedtoken" );
token.cgi:81: (my $tokentype = FetchSQLData()) ||
ThrowUserError("token_inexistent");
token.cgi:117: my $quotedloginname = SqlQuote($cgi->param('loginname'));
token.cgi:118: SendSQL("SELECT userid FROM profiles WHERE " .
token.cgi:120: FetchSQLData()
token.cgi:201: my $quotedpassword = SqlQuote($cryptedpassword);
token.cgi:204: SendSQL("SELECT userid FROM tokens WHERE token = $::quotedtoken");
token.cgi:205: my $userid = FetchSQLData();
token.cgi:210: SendSQL("UPDATE profiles
token.cgi:213: SendSQL("DELETE FROM tokens WHERE token = $::quotedtoken");
token.cgi:239: SendSQL("SELECT userid, eventdata FROM tokens
token.cgi:241: my ($userid, $eventdata) = FetchSQLData();
token.cgi:243: my $quotednewemail = SqlQuote($new_email);
token.cgi:260: SendSQL("UPDATE profiles
token.cgi:263: SendSQL("DELETE FROM tokens WHERE token = $::quotedtoken");
token.cgi:264: SendSQL("DELETE FROM tokens WHERE userid = $userid
token.cgi:287: SendSQL("SELECT userid, tokentype, eventdata FROM tokens
token.cgi:289: my ($userid, $tokentype, $eventdata) = FetchSQLData();
token.cgi:295: SendSQL("SELECT login_name FROM profiles WHERE userid =
$userid");
token.cgi:296: my $actualemail = FetchSQLData();
token.cgi:300: my $quotedoldemail = SqlQuote($old_email);
token.cgi:303: SendSQL("UPDATE profiles
token.cgi:329: SendSQL("DELETE FROM tokens
|
Assignee | |
Updated•19 years ago
|
Assignee: general → wicked
|
||
Comment 2•19 years ago
|
||
Comment on attachment 197370 [details] [diff] [review] Rewrite deprecated SQL code, V1 >Index: token.cgi >+ my $quotedloginname = $dbh->quote($cgi->param('loginname')); >+ $dbh->selectrow_array('SELECT userid FROM profiles WHERE ' . >+ $dbh->sql_istrcmp('login_name', $quotedloginname)) > || ThrowUserError("account_inexistent"); 1) $cgi->param('loginname') should be saved in a variable and you should use trick_taint() on it; 2) Moreover, write $dbh->sql_istrcmp('login_name', ?) (see for instance User::login_to_id()); 3) Nit: I personally prefer to save the result in a variable and then do: $my_var || ThrowUserError(). >+ $dbh->do(q{DELETE FROM tokens WHERE userid = ? >+ AND tokentype = 'emailnew'}, undef, $userid); Nit: I would align 'AND' with 'DELETE' (I don't think we use indentation elsewhere). >+ $dbh->do(q{DELETE FROM tokens WHERE userid = ? >+ AND tokentype = 'emailold' OR tokentype = 'emailnew'}, >+ undef, $userid); Nit: same comment here.
Attachment #197370 -
Flags: review?(myk) → review-
|
|
Assignee | |
Comment 3•19 years ago
|
||
Review comments, including nits, fixed.
Attachment #197370 -
Attachment is obsolete: true
Attachment #199064 -
Flags: review?(LpSolit)
|
|
||
Comment 4•19 years ago
|
||
Comment on attachment 199064 [details] [diff] [review] Rewrite deprecated SQL code, V1.5 r=LpSolit
Attachment #199064 -
Flags: review?(LpSolit) → review+
|
|
||
Updated•19 years ago
|
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 2.22
|
||
Updated•19 years ago
|
Flags: approval? → approval+
|
|
||
Comment 5•19 years ago
|
||
Checking in token.cgi; /cvsroot/mozilla/webtools/bugzilla/token.cgi,v <-- token.cgi new revision: 1.37; previous revision: 1.36 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•