diff options
author | lpsolit%gmail.com <> | 2006-09-09 06:11:40 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-09-09 06:11:40 +0000 |
commit | a806b298f5bfe5914f27a1419d27366fe59da449 (patch) | |
tree | 25d737aeb60f17360de9a67f2017369a4d5d8349 /editfields.cgi | |
parent | 27c1be36a3cbc57e01c8d51af85be76b0748ece6 (diff) | |
download | bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.gz bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.bz2 bugs-a806b298f5bfe5914f27a1419d27366fe59da449.tar.xz bugs-a806b298f5bfe5914f27a1419d27366fe59da449.zip |
Bug 287326: Ability to add custom single-select fields to a bug - Patch by Frédéric Buclin <LpSolit@gmail.com> and Max Kanat-Alexander <mkanat@bugzilla.org> r=mkanat a=myk
Diffstat (limited to 'editfields.cgi')
-rw-r--r-- | editfields.cgi | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/editfields.cgi b/editfields.cgi index d9f611a96..67b72e98d 100644 --- a/editfields.cgi +++ b/editfields.cgi @@ -41,26 +41,25 @@ print $cgi->header(); # List all existing custom fields if no action is given. if (!$action) { - $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})]; - $template->process('admin/custom_fields/list.html.tmpl', $vars) || ThrowTemplateError($template->error()); } # Interface to add a new custom field. elsif ($action eq 'add') { - $template->process('admin/custom_fields/create.html.tmpl') + $template->process('admin/custom_fields/create.html.tmpl', $vars) || ThrowTemplateError($template->error()); } elsif ($action eq 'new') { my $name = clean_text($cgi->param('name') || ''); my $desc = clean_text($cgi->param('desc') || ''); - # For now, there is only one type available for custom fields. - # In the future, we will have to look at $cgi->param('type'). - my $type = FIELD_TYPE_FREETEXT; + my $type = trim($cgi->param('type') || FIELD_TYPE_FREETEXT); my $sortkey = $cgi->param('sortkey') || 0; # Validate these fields. $name || ThrowUserError('customfield_missing_name'); + # Don't want to allow a name that might mess up SQL. + $name =~ /^\w+$/ || ThrowUserError('customfield_invalid_name', + { name => $name }); # Prepend cf_ to the custom field name to distinguish it from standard fields. if ($name !~ /^cf_/) { $name = 'cf_' . $name; @@ -70,6 +69,11 @@ elsif ($action eq 'new') { $desc || ThrowUserError('customfield_missing_description', {'name' => $name}); + # We hardcode valid values for $type. This doesn't matter. + my $typ = $type; + (detaint_natural($type) && $type < 3) + || ThrowCodeError('invalid_customfield_type', {'type' => $typ}); + my $skey = $sortkey; detaint_natural($sortkey) || ThrowUserError('customfield_invalid_sortkey', {'name' => $name, @@ -90,7 +94,6 @@ elsif ($action eq 'new') { Bugzilla::Field::create_or_update($vars); - $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})]; $vars->{'message'} = 'custom_field_created'; $template->process('admin/custom_fields/list.html.tmpl', $vars) @@ -142,7 +145,6 @@ elsif ($action eq 'update') { Bugzilla::Field::create_or_update($vars); - $vars->{'custom_fields'} = [Bugzilla->get_fields({'custom' => 1})]; $vars->{'message'} = 'custom_field_updated'; $template->process('admin/custom_fields/list.html.tmpl', $vars) |