aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xBugzilla/Bug.pm48
-rwxr-xr-xprocess_bug.cgi66
2 files changed, 66 insertions, 48 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 8ee0d87e2..a530687fe 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -495,8 +495,13 @@ sub _check_assigned_to {
sub _check_bug_file_loc {
my ($invocant, $url) = @_;
- # If bug_file_loc is "http://", the default, use an empty value instead.
- $url = '' if (!defined($url) || $url eq 'http://');
+ $url = '' if !defined($url);
+ # On bug entry, if bug_file_loc is "http://", the default, use an
+ # empty value instead. However, on bug editing people can set that
+ # back if they *really* want to.
+ if (!ref $invocant && $url eq 'http://') {
+ $url = '';
+ }
return $url;
}
@@ -564,13 +569,16 @@ sub _check_comment {
ValidateComment($comment);
- if (Bugzilla->params->{"commentoncreate"} && !$comment) {
- ThrowUserError("description_required");
- }
+ # Creation-only checks
+ if (!ref $invocant) {
+ if (Bugzilla->params->{"commentoncreate"} && !$comment) {
+ ThrowUserError("description_required");
+ }
- # On creation only, there must be a single-space comment, or
- # email will be supressed.
- $comment = ' ' if $comment eq '' && !ref($invocant);
+ # On creation only, there must be a single-space comment, or
+ # email will be supressed.
+ $comment = ' ' if $comment eq '';
+ }
return $comment;
}
@@ -699,12 +707,19 @@ sub _check_keywords {
sub _check_product {
my ($invocant, $name) = @_;
- # Check that the product exists and that the user
- # is allowed to enter bugs into this product.
- Bugzilla->user->can_enter_product($name, THROW_ERROR);
- # can_enter_product already does everything that check_product
- # would do for us, so we don't need to use it.
- my $obj = new Bugzilla::Product({ name => $name });
+ my $obj;
+ if (ref $invocant) {
+ $obj = Bugzilla::Product::check_product($name);
+ }
+ else {
+ # Check that the product exists and that the user
+ # is allowed to enter bugs into this product.
+ Bugzilla->user->can_enter_product($name, THROW_ERROR);
+ # can_enter_product already does everything that check_product
+ # would do for us, so we don't need to use it.
+ $obj = new Bugzilla::Product({ name => $name });
+ }
+
return $obj;
}
@@ -717,7 +732,7 @@ sub _check_op_sys {
sub _check_priority {
my ($invocant, $priority) = @_;
- if (!Bugzilla->params->{'letsubmitterchoosepriority'}) {
+ if (!ref $invocant && !Bugzilla->params->{'letsubmitterchoosepriority'}) {
$priority = Bugzilla->params->{'defaultpriority'};
}
$priority = trim($priority);
@@ -784,6 +799,9 @@ sub _check_strict_isolation {
sub _check_target_milestone {
my ($invocant, $product, $target) = @_;
$target = trim($target);
+ if (ref $invocant) {
+ return undef if !Bugzilla->params->{'usetargetmilestone'};
+ }
$target = $product->default_milestone if !defined $target;
check_field('target_milestone', $target,
[map($_->name, @{$product->milestones})]);
diff --git a/process_bug.cgi b/process_bug.cgi
index 6c0384973..00ff4c759 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -151,10 +151,8 @@ if (defined $cgi->param('id')) {
# Make sure there are bugs to process.
scalar(@idlist) || ThrowUserError("no_bugs_chosen");
-# Build a bug object using $cgi->param('id') as ID.
-# If there are more than one bug changed at once, the bug object will be
-# empty, which doesn't matter.
-my $bug = new Bugzilla::Bug(scalar $cgi->param('id'));
+# Build a bug object using the first bug id, for validations.
+my $bug = new Bugzilla::Bug($idlist[0]);
# Make sure form param 'dontchange' is defined so it can be compared to easily.
$cgi->param('dontchange','') unless defined $cgi->param('dontchange');
@@ -164,11 +162,10 @@ $cgi->param('knob', 'none') unless defined $cgi->param('knob');
# Validate all timetracking fields
foreach my $field ("estimated_time", "work_time", "remaining_time") {
- if (defined $cgi->param($field)) {
- my $er_time = trim($cgi->param($field));
- if ($er_time ne $cgi->param('dontchange')) {
- Bugzilla::Bug::ValidateTime($er_time, $field);
- }
+ if (defined $cgi->param($field)
+ && $cgi->param($field) ne $cgi->param('dontchange'))
+ {
+ $cgi->param($field, $bug->_check_time($cgi->param($field), $field));
}
}
@@ -179,7 +176,7 @@ if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})) {
}
}
-ValidateComment(scalar $cgi->param('comment'));
+$cgi->param('comment', $bug->_check_comment($cgi->param('comment')));
# If the bug(s) being modified have dependencies, validate them
# and rebuild the list with the validated values. This is important
@@ -520,30 +517,33 @@ if (defined $cgi->param('id')) {
# values that have been changed instead of submitting all the new values.
# (XXX those error checks need to happen too, but implementing them
# is more work in the current architecture of this script...)
- my $prod_obj = Bugzilla::Product::check_product($cgi->param('product'));
- check_field('component', scalar $cgi->param('component'),
- [map($_->name, @{$prod_obj->components})]);
- check_field('version', scalar $cgi->param('version'),
- [map($_->name, @{$prod_obj->versions})]);
- if ( Bugzilla->params->{"usetargetmilestone"} ) {
- check_field('target_milestone', scalar $cgi->param('target_milestone'),
- [map($_->name, @{$prod_obj->milestones})]);
- }
- check_field('rep_platform', scalar $cgi->param('rep_platform'));
- check_field('op_sys', scalar $cgi->param('op_sys'));
- check_field('priority', scalar $cgi->param('priority'));
- check_field('bug_severity', scalar $cgi->param('bug_severity'));
-
- # Those fields only have to exist. We don't validate their value here.
- foreach my $field_name ('bug_file_loc', 'short_desc', 'longdesclength') {
- defined($cgi->param($field_name))
- || ThrowCodeError('undefined_field', { field => $field_name });
- }
- $cgi->param('short_desc', clean_text($cgi->param('short_desc')));
- if (trim($cgi->param('short_desc')) eq "") {
- ThrowUserError("require_summary");
- }
+ my $prod = $bug->_check_product($cgi->param('product'));
+ $cgi->param('product', $prod->name);
+
+ my $comp = $bug->_check_component($prod,
+ scalar $cgi->param('component'));
+ $cgi->param('component', $comp->name);
+
+ $cgi->param('version', $bug->_check_version($prod,
+ scalar $cgi->param('version')));
+ $cgi->param('target_milestone', $bug->_check_target_milestone($prod,
+ scalar $cgi->param('target_milestone')));
+ $cgi->param('rep_platform',
+ $bug->_check_rep_platform($cgi->param('rep_platform')));
+ $cgi->param('op_sys',
+ $bug->_check_op_sys($cgi->param('op_sys')));
+ $cgi->param('priority',
+ $bug->_check_priority($cgi->param('priority')));
+ $cgi->param('bug_severity',
+ $bug->_check_bug_severity($cgi->param('bug_severity')));
+
+ ThrowCodeError('undefined_field', { field => 'longdesclength' })
+ if !defined $cgi->param('longdesclength');
+ $cgi->param('bug_file_loc',
+ $bug->_check_bug_file_loc($cgi->param('bug_file_loc')));
+ $cgi->param('short_desc',
+ $bug->_check_short_desc($cgi->param('short_desc')));
}
my $action = trim($cgi->param('action') || '');