From: jocuri%softhome.net <>
Date: Sat, 11 Dec 2004 21:33:27 +0000 (+0000)
Subject: Patch for bug 271474: Fix SQL syntax error when updating max votes per bug in editpro... 
X-Git-Tag: bugzilla-2.19.2~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1986e290b8d554f9e2c12f44dd7e119792378139;p=thirdparty%2Fbugzilla.git
Patch for bug 271474: Fix SQL syntax error when updating max votes per bug in editproducts.cgi and questionable activity log entries when an admin changes the votes-to-confirm setting to a lower value and bugs get confirmed by popular vote; patch by Nick.Barnes@pobox.com, r=vladd, a=justdave.
---
diff --git a/editproducts.cgi b/editproducts.cgi
index 4098274d0f..1437e82f4e 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -1384,8 +1384,9 @@ if ($action eq 'update') {
     SendSQL("UNLOCK TABLES");
 
     if ($checkvotes) {
-        print "Checking existing votes in this product for anybody who now has too many votes.";
+        # 1. too many votes for a single user on a single bug.
         if ($maxvotesperbug < $votesperuser) {
+            print "
Checking existing votes in this product for anybody who now has too many votes for a single bug.";
             SendSQL("SELECT votes.who, votes.bug_id " .
                     "FROM votes, bugs " .
                     "WHERE bugs.bug_id = votes.bug_id " .
@@ -1403,6 +1404,12 @@ if ($action eq 'update') {
                 print qq{
Removed votes for bug $id from $name\n};
             }
         }
+
+        # 2. too many total votes for a single user.
+        # This part doesn't work in the general case because RemoveVotes
+        # doesn't enforce votesperuser (except per-bug when it's less
+        # than maxvotesperbug).  See RemoveVotes in globals.pl.
+        print "
Checking existing votes in this product for anybody who now has too many total votes.";
         SendSQL("SELECT votes.who, votes.vote_count FROM votes, bugs " .
                 "WHERE bugs.bug_id = votes.bug_id " .
                 " AND bugs.product_id = $product_id");
@@ -1422,7 +1429,7 @@ if ($action eq 'update') {
                         " AND bugs.product_id = $product_id " .
                         " AND votes.who = $who");
                 while (MoreSQLData()) {
-                    my $id = FetchSQLData();
+                    my ($id) = FetchSQLData();
                     RemoveVotes($id, $who,
                                 "The rules for voting on this product has changed; you had too many\ntotal votes, so all votes have been removed.");
                     my $name = DBID_to_name($who);
@@ -1430,20 +1437,18 @@ if ($action eq 'update') {
                 }
             }
         }
+        # 3. enough votes to confirm
         SendSQL("SELECT bug_id FROM bugs " .
                 "WHERE product_id = $product_id " .
                 "  AND bug_status = '$::unconfirmedstate' " .
                 "  AND votes >= $votestoconfirm");
-        my @list;
-        while (MoreSQLData()) {
-            push(@list, FetchOneColumn());
+        if (MoreSQLData()) {
+            print "
Checking unconfirmed bugs in this product for any which now have sufficient votes.";
         }
-        foreach my $id (@list) {
-            SendSQL("SELECT who FROM votes WHERE bug_id = $id");
-            my $who = FetchOneColumn();
-            CheckIfVotedConfirmed($id, $who);
+        while (MoreSQLData()) {
+            # The user id below is used for activity log purposes
+            CheckIfVotedConfirmed(FetchOneColumn(), Bugzilla->user->id);
         }
-
     }
 
     PutTrailer($localtrailer);