diff options
| author |   lpsolit%gmail.com <> | 2005-10-26 23:15:48 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-10-26 23:15:48 +0000 |
| commit | f4915acec3dc0f746d068ba5c8019ed58df8bdfe (patch) | |
| tree | 8914f41d7e2040beb5c962d2b9cfcff6bf7fdb55 /request.cgi | |
| parent | Bug 313732: fix typo in name of error message variable. Patch by bugzilla.moz... (diff) | |
| download | bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.gz bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.tar.bz2 bugzilla-f4915acec3dc0f746d068ba5c8019ed58df8bdfe.zip | |
Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi, duplicates.cgi, quips.cgi, report.cgi, request.cgi and showdependency*.cgi - Patch by Teemu Mannermaa <wicked@etlicon.fi> r=LpSolit a=myk
Diffstat (limited to 'request.cgi')
| -rwxr-xr-x | request.cgi | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/request.cgi b/request.cgi index 5506f79ce..689615b32 100755 --- a/request.cgi +++ b/request.cgi @@ -157,14 +157,17 @@ sub queue { # Filter results by exact email address of requester or requestee. if (defined $cgi->param('requester') && $cgi->param('requester') ne "") { - push(@criteria, $dbh->sql_istrcmp('requesters.login_name', - SqlQuote($cgi->param('requester')))); + my $requester = $dbh->quote($cgi->param('requester')); + trick_taint($requester); # Quoted above + push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester)); push(@excluded_columns, 'requester') unless $cgi->param('do_union'); } if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") { if ($cgi->param('requestee') ne "-") { + my $requestee = $dbh->quote($cgi->param('requestee')); + trick_taint($requestee); # Quoted above push(@criteria, $dbh->sql_istrcmp('requestees.login_name', - SqlQuote($cgi->param('requestee')))); + $requestee)); } else { push(@criteria, "flags.requestee_id IS NULL") } push(@excluded_columns, 'requestee') unless $cgi->param('do_union'); @@ -203,8 +206,10 @@ sub queue { } } if (!$has_attachment_type) { push(@excluded_columns, 'attachment') } - - push(@criteria, "flagtypes.name = " . SqlQuote($form_type)); + + my $quoted_form_type = $dbh->quote($form_type); + trick_taint($quoted_form_type); # Already SQL quoted + push(@criteria, "flagtypes.name = " . $quoted_form_type); push(@excluded_columns, 'type') unless $cgi->param('do_union'); } @@ -252,10 +257,10 @@ sub queue { $vars->{'query'} = $query; $vars->{'debug'} = $cgi->param('debug') ? 1 : 0; - SendSQL($query); + my $results = $dbh->selectall_arrayref($query); my @requests = (); - while (MoreSQLData()) { - my @data = FetchSQLData(); + foreach my $result (@$results) { + my @data = @$result; my $request = { 'id' => $data[0] , 'type' => $data[1] , @@ -274,8 +279,9 @@ sub queue { # Get a list of request type names to use in the filter form. my @types = ("all"); - SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name"); - push(@types, FetchOneColumn()) while MoreSQLData(); + my $flagtypes = $dbh->selectcol_arrayref( + "SELECT DISTINCT(name) FROM flagtypes ORDER BY name"); + push(@types, @$flagtypes); $vars->{'products'} = $user->get_selectable_products; $vars->{'excluded_columns'} = \@excluded_columns; |