aboutsummaryrefslogtreecommitdiffstats
path: root/editfields.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-09-09 06:11:40 +0000
committerlpsolit%gmail.com <>2006-09-09 06:11:40 +0000
commita806b298f5bfe5914f27a1419d27366fe59da449 (patch)
tree25d737aeb60f17360de9a67f2017369a4d5d8349 /editfields.cgi
parent27c1be36a3cbc57e01c8d51af85be76b0748ece6 (diff)
downloadbugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar
bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.gz
bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.bz2
bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.xz
bugs-a806b298f5bfe5914f27a1419d27366fe59da449.zip
Bug 287326: Ability to add custom single-select fields to a bug - Patch by Frédéric Buclin <LpSolit@gmail.com> and Max Kanat-Alexander <mkanat@bugzilla.org> r=mkanat a=myk
Diffstat (limited to 'editfields.cgi')
-rw-r--r--editfields.cgi18
1 files changed, 10 insertions, 8 deletions
diff --git a/editfields.cgi b/editfields.cgi
index d9f611a96..67b72e98d 100644
--- a/editfields.cgi
+++ b/editfields.cgi
@@ -41,26 +41,25 @@ print $cgi->header();
# List all existing custom fields if no action is given.
if (!$action) {
- $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})];
-
$template->process('admin/custom_fields/list.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
}
# Interface to add a new custom field.
elsif ($action eq 'add') {
- $template->process('admin/custom_fields/create.html.tmpl')
+ $template->process('admin/custom_fields/create.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
}
elsif ($action eq 'new') {
my $name = clean_text($cgi->param('name') || '');
my $desc = clean_text($cgi->param('desc') || '');
- # For now, there is only one type available for custom fields.
- # In the future, we will have to look at $cgi->param('type').
- my $type = FIELD_TYPE_FREETEXT;
+ my $type = trim($cgi->param('type') || FIELD_TYPE_FREETEXT);
my $sortkey = $cgi->param('sortkey') || 0;
# Validate these fields.
$name || ThrowUserError('customfield_missing_name');
+ # Don't want to allow a name that might mess up SQL.
+ $name =~ /^\w+$/ || ThrowUserError('customfield_invalid_name',
+ { name => $name });
# Prepend cf_ to the custom field name to distinguish it from standard fields.
if ($name !~ /^cf_/) {
$name = 'cf_' . $name;
@@ -70,6 +69,11 @@ elsif ($action eq 'new') {
$desc || ThrowUserError('customfield_missing_description', {'name' => $name});
+ # We hardcode valid values for $type. This doesn't matter.
+ my $typ = $type;
+ (detaint_natural($type) && $type < 3)
+ || ThrowCodeError('invalid_customfield_type', {'type' => $typ});
+
my $skey = $sortkey;
detaint_natural($sortkey)
|| ThrowUserError('customfield_invalid_sortkey', {'name' => $name,
@@ -90,7 +94,6 @@ elsif ($action eq 'new') {
Bugzilla::Field::create_or_update($vars);
- $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})];
$vars->{'message'} = 'custom_field_created';
$template->process('admin/custom_fields/list.html.tmpl', $vars)
@@ -142,7 +145,6 @@ elsif ($action eq 'update') {
Bugzilla::Field::create_or_update($vars);
- $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})];
$vars->{'message'} = 'custom_field_updated';
$template->process('admin/custom_fields/list.html.tmpl', $vars)