$_user = $new_user;
$_sudoer = $new_sudoer;
- $::userid = $new_user->id;
# NOTE: If you want to log the start of an sudo session, do it here.
{
$_user = $sudo_target;
$_sudoer = $authenticated_user;
- $::userid = $sudo_target->id;
# NOTE: If you want to do any special logging, do it here.
}
sub logout_request {
undef $_user;
undef $_sudoer;
- # XXX clean this up eventually
- $::userid = 0;
# We can't delete from $cgi->cookie, so logincookie data will remain
# there. Don't rely on it: use Bugzilla->user->login instead!
}
if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
Bugzilla->cgi->require_https(Param('sslbase'));
}
-
$user->set_flags('can_logout' => $class->can_logout);
-
- # Compat stuff
- $::userid = $userid;
} else {
Bugzilla->logout_request();
}
sub update_activity {
my ($bug_id, $attach_id, $timestamp, $old_summaries, $new_summaries) = @_;
my $dbh = Bugzilla->dbh;
+ my $user_id = Bugzilla->user->id;
$attach_id ||= 'NULL';
$old_summaries = join(", ", @$old_summaries);
my $field_id = get_field_id('flagtypes.name');
$dbh->do("INSERT INTO bugs_activity
(bug_id, attach_id, who, bug_when, fieldid, removed, added)
- VALUES ($bug_id, $attach_id, $::userid, $timestamp,
+ VALUES ($bug_id, $attach_id, $user_id, $timestamp,
$field_id, $sql_removed, $sql_added)");
$dbh->do("UPDATE bugs SET delta_ts = $timestamp WHERE bug_id = ?",
sub modify {
my ($cgi, $timestamp) = @_;
+ my $setter = Bugzilla->user;
# Use the date/time we were given if possible (allowing calling code
# to synchronize the comment's timestamp with those of other records).
my $status = $cgi->param("flag-$id");
-
# If the user entered more than one name into the requestee field
# (i.e. they want more than one person to set the flag) we can reuse
# the existing flag for the first person (who may well be the existing
foreach my $login (@requestees) {
create({ type => $flag->{type} ,
target => $flag->{target} ,
- setter => new Bugzilla::User($::userid),
+ setter => $setter,
status => "?",
requestee => new Bugzilla::User(login_to_id($login)) },
$timestamp);
if ($status eq '+' || $status eq '-') {
&::SendSQL("UPDATE flags
- SET setter_id = $::userid ,
+ SET setter_id = " . $setter->id . ",
requestee_id = NULL ,
status = '$status' ,
modification_date = $sql_timestamp ,
# Update the database with the changes.
&::SendSQL("UPDATE flags
- SET setter_id = $::userid ,
+ SET setter_id = " . $setter->id . ",
requestee_id = $requestee_id ,
status = '$status' ,
modification_date = $sql_timestamp ,
sub FormToNewFlags {
my ($target, $cgi) = @_;
-
my $dbh = Bugzilla->dbh;
+ my $setter = Bugzilla->user;
# Extract a list of flag type IDs from field names.
my @type_ids = map(/^flag_type-(\d+)$/ ? $1 : (), $cgi->param());
return () unless scalar(@type_ids);
- # Get information about the setter to add to each flag.
- my $setter = new Bugzilla::User($::userid);
-
# Get a list of active flag types available for this target.
my $flag_types = Bugzilla::FlagType::match(
{ 'target_type' => $target->{'type'},
use strict;
-# The caller MUST require globals.pl before using this module.
-
-use vars qw($userid);
-
package Bugzilla::Search;
use base qw(Exporter);
@Bugzilla::Search::EXPORT = qw(IsValidQueryType);
# Include the Bugzilla CGI and general utility library.
require "globals.pl";
-use vars qw($db_name
- @components
+use vars qw(@components
@legal_keywords
@legal_platform
@legal_priority
@legal_severity
@settable_resolution
@target_milestone
- $userid
@versions);
my $cgi = Bugzilla->cgi;
sub LookupNamedQuery {
my ($name) = @_;
- Bugzilla->login(LOGIN_REQUIRED);
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
my $dbh = Bugzilla->dbh;
# $name is safe -- we only use it below in a SELECT placeholder and then
# in error messages (which are always HTML-filtered).
trick_taint($name);
my $result = $dbh->selectrow_array("SELECT query FROM namedqueries"
. " WHERE userid = ? AND name = ?"
- , undef, (Bugzilla->user->id, $name));
+ , undef, ($user->id, $name));
defined($result) || ThrowUserError("missing_query", {'queryname' => $name});
$result
sub GetGroups {
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
# Create an array where each item is a hash. The hash contains
# as keys the name of the columns, which point to the value of
# the columns for that row.
- my $grouplist = Bugzilla->user->groups_as_string;
+ my $grouplist = $user->groups_as_string;
my $groups = $dbh->selectall_arrayref(
"SELECT id, name, description, isactive
FROM groups
$order = $params->param('order') || $order;
}
elsif ($cgi->param('remaction') eq "forget") {
- Bugzilla->login(LOGIN_REQUIRED);
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
# Copy the name into a variable, so that we can trick_taint it for
# the DB. We know it's safe, because we're using placeholders in
# the SQL, and the SQL is only a DELETE.
= ?
AND whine_queries.query_name
= ?
- ', undef, Bugzilla->user->id, $qname);
+ ', undef, $user->id, $qname);
if (scalar(@$whines_in_use)) {
ThrowUserError('saved_search_used_by_whines',
{ subjects => join(',', @$whines_in_use),
# If we are here, then we can safely remove the saved search
$dbh->do("DELETE FROM namedqueries"
. " WHERE userid = ? AND name = ?"
- , undef, ($userid, $qname));
+ , undef, ($user->id, $qname));
# Now reset the cached queries
- Bugzilla->user->flush_queries_cache();
+ $user->flush_queries_cache();
print $cgi->header();
# Generate and return the UI (HTML page) from the appropriate template.
}
elsif (($cgi->param('cmdtype') eq "doit") && defined $cgi->param('remtype')) {
if ($cgi->param('remtype') eq "asdefault") {
- Bugzilla->login(LOGIN_REQUIRED);
- InsertNamedQuery(Bugzilla->user->id, DEFAULT_QUERY_NAME, $buffer);
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
+ InsertNamedQuery($user->id, DEFAULT_QUERY_NAME, $buffer);
$vars->{'message'} = "buglist_new_default_query";
}
elsif ($cgi->param('remtype') eq "asnamed") {
- Bugzilla->login(LOGIN_REQUIRED);
- my $userid = Bugzilla->user->id;
+ my $user = Bugzilla->login(LOGIN_REQUIRED);
my $query_name = $cgi->param('newqueryname');
my $new_query = $cgi->param('newquery');
my $query_type = QUERY_LIST;
$query_type = LIST_OF_BUGS;
}
my $tofooter = 1;
- my $existed_before = InsertNamedQuery($userid, $query_name, $new_query,
+ my $existed_before = InsertNamedQuery($user->id, $query_name, $new_query,
$tofooter, $query_type);
if ($existed_before) {
$vars->{'message'} = "buglist_updated_named_query";
# Make sure to invalidate any cached query data, so that the footer is
# correctly displayed
- Bugzilla->user->flush_queries_cache();
+ $user->flush_queries_cache();
$vars->{'queryname'} = $query_name;
exit;
}
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
UserInGroup(Param("chartgroup"))
|| ThrowUserError("auth_failure", {group => Param("chartgroup"),
if ($action =~ /^subscribe|unsubscribe$/) {
detaint_natural($series_id) || ThrowCodeError("invalid_series_id");
my $series = new Bugzilla::Series($series_id);
- $series->$action($::userid);
+ $series->$action($user->id);
}
my $chart = new Bugzilla::Chart($cgi);
# Check if the user is the owner of series_id or is an admin.
sub assertCanEdit {
my ($series_id) = @_;
-
- return if UserInGroup("admin");
+ my $user = Bugzilla->user;
+
+ return if $user->in_group('admin');
my $dbh = Bugzilla->dbh;
my $iscreator = $dbh->selectrow_array("SELECT CASE WHEN creator = ? " .
"THEN 1 ELSE 0 END FROM series " .
"WHERE series_id = ?", undef,
- $::userid, $series_id);
+ $user->id, $series_id);
$iscreator || ThrowUserError("illegal_series_edit");
}
my $all_name = "-All-";
my $open_name = "All Open";
- # We can't give the Series we create a meaningful owner; that's not a big
- # problem. But we do need to set this global, otherwise Series.pm objects.
- $::userid = 0;
-
my $products = $dbh->selectall_arrayref("SELECT name FROM products");
foreach my $product ((map { $_->[0] } @$products), "-All-") {
$queries{$_} = ($query_prod . "resolution=$_") foreach (@resolutions);
foreach my $field (@fields) {
- # Create a Series for each field in this product
+ # Create a Series for each field in this product.
+ # user ID = 0 is used.
my $series = new Bugzilla::Series(undef, $product, $all_name,
- $field, $::userid, 1,
+ $field, 0, 1,
$queries{$field}, 1);
$series->writeToDatabase();
$seriesids{$field} = $series->{'series_id'};
my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED");
my $query = join("&", map { "bug_status=$_" } @openedstatuses);
my $series = new Bugzilla::Series(undef, $product, $all_name,
- $open_name, $::userid, 1,
+ $open_name, 0, 1,
$query_prod . $query, 1);
$series->writeToDatabase();
$seriesids{$open_name} = $series->{'series_id'};
Bugzilla->switch_to_shadow_db();
-use vars qw ($userid @legal_product);
+use vars qw (@legal_product);
my %dbmcount;
my %count;
foreach my $sdata (@series) {
my $series = new Bugzilla::Series(undef, $product->name,
$comp_name, $sdata->[0],
- $::userid, 1, $sdata->[1], 1);
+ $whoid, 1, $sdata->[1], 1);
$series->writeToDatabase();
}
foreach my $sdata (@series) {
my $series = new Bugzilla::Series(undef, $product->name,
scalar $cgi->param('subcategory'),
- $sdata->[0], $::userid, 1,
+ $sdata->[0], $whoid, 1,
$sdata->[1] . "&product=" .
url_quote($product->name), 1);
$series->writeToDatabase();
$dbh->selectrow_array($sth_Select2, undef, $groupid);
LogActivityEntry($bugid, "bug_group", $removed, "",
- $::userid, $timestamp);
+ $whoid, $timestamp);
if ($mailiscurrent) {
$sth_Update2->execute($timestamp, $timestamp, $bugid);
$dbh->selectrow_array($sth_Select2, undef, $groupid);
LogActivityEntry($bugid, "bug_group", "", $added,
- $::userid, $timestamp);
+ $whoid, $timestamp);
if ($mailiscurrent) {
$sth_Update2->execute($timestamp, $timestamp, $bugid);
@legal_priority
@legal_severity
@legal_keywords
- $userid
%versions
%target_milestone
$proddesc
if ($cloned_bug_id) {
ValidateBugID($cloned_bug_id);
- $cloned_bug = new Bugzilla::Bug($cloned_bug_id, $userid);
+ $cloned_bug = new Bugzilla::Bug($cloned_bug_id, Bugzilla->user->id);
}
# We need to check and make sure
sub globals_pl_sillyness {
my $zz;
- $zz = @main::default_column_list;
$zz = @main::enterable_products;
$zz = %main::keywordsbyname;
$zz = @main::legal_bug_status;
$zz = @main::milestoneurl;
$zz = %main::proddesc;
$zz = @main::prodmaxvotes;
- $zz = $main::userid;
}
#
use lib ".";
require "globals.pl";
-# Check whether or not the user is logged in and, if so, set the $::userid
+# Check whether or not the user is logged in
use Bugzilla::Constants;
Bugzilla->login(LOGIN_OPTIONAL);
# OK except for the fact that it causes e-mail to be suppressed.
$comment = $comment ? $comment : " ";
-$sql .= "$::userid, $sql_timestamp, ";
+$sql .= $user->id . ", $sql_timestamp, ";
# Time Tracking
if (UserInGroup(Param("timetrackinggroup")) &&
$dbh->bz_unlock_tables();
# Email everyone the details of the new bug
-$vars->{'mailrecipients'} = {'changer' => Bugzilla->user->login};
+$vars->{'mailrecipients'} = {'changer' => $user->login};
$vars->{'id'} = $id;
-my $bug = new Bugzilla::Bug($id, $::userid);
+my $bug = new Bugzilla::Bug($id, $user->id);
$vars->{'bug'} = $bug;
ThrowCodeError("bug_error", { bug => $bug }) if $bug->error;
use strict;
-use vars qw($userid);
-
use lib qw(.);
require "globals.pl";
use Bugzilla::Constants;
-Bugzilla->login(LOGIN_REQUIRED);
+my $user = Bugzilla->login(LOGIN_REQUIRED);
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
trick_taint($comment); # Used in a placeholder below
$dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
- undef, ($userid, $comment, $approved));
+ undef, ($user->id, $comment, $approved));
$vars->{'added_quip'} = $comment;
}
require "globals.pl";
-use vars qw($userid);
-
use Bugzilla::Bug;
my $cgi = Bugzilla->cgi;
# Its a bit silly to do the validation twice - that functionality should
# probably move into Bug.pm at some point
ValidateBugID($id);
- push @bugs, new Bugzilla::Bug($id, $userid);
+ push @bugs, new Bugzilla::Bug($id, Bugzilla->user->id);
if (defined $cgi->param('mark')) {
foreach my $range (split ',', $cgi->param('mark')) {
if ($range =~ /^(\d+)-(\d+)$/) {
}
} else {
foreach my $id ($cgi->param('id')) {
- my $bug = new Bugzilla::Bug($id, $userid);
+ my $bug = new Bugzilla::Bug($id, Bugzilla->user->id);
push @bugs, $bug;
}
}
# performance.
Bugzilla->switch_to_shadow_db();
-use vars qw($userid);
-
my %seen;
my %edgesdone;
my %bugtitles; # html title attributes for imagemap areas
# performance.
Bugzilla->switch_to_shadow_db();
-# More warning suppression silliness.
-$::userid = $::userid;
-
################################################################################
# Data/Security Validation #
################################################################################
require "globals.pl";
-# Use global template variables.
-use vars qw($userid);
-
my $template = Bugzilla->template;
my $vars = {};
###############################################################################
sub DoAccount {
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
+
($vars->{'realname'}) = $dbh->selectrow_array(
- "SELECT realname FROM profiles WHERE userid = ?", undef, $userid);
+ "SELECT realname FROM profiles WHERE userid = ?", undef, $user->id);
if(Param('allowemailchange')) {
my @token = $dbh->selectrow_array(
FROM tokens
WHERE userid = ?
AND tokentype LIKE 'email%'
- ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $userid);
+ ORDER BY tokentype ASC " . $dbh->sql_limit(1), undef, $user->id);
if (scalar(@token) > 0) {
my ($tokentype, $change_date, $eventdata) = @token;
$vars->{'login_change_date'} = $change_date;
sub SaveAccount {
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2');
{
my ($oldcryptedpwd) = $dbh->selectrow_array(
q{SELECT cryptpassword FROM profiles WHERE userid = ?},
- undef, $userid);
+ undef, $user->id);
$oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne
$dbh->do(q{UPDATE profiles
SET cryptpassword = ?
WHERE userid = ?},
- undef, ($cryptedpassword, $userid));
+ undef, ($cryptedpassword, $user->id));
# Invalidate all logins except for the current one
Bugzilla->logout(LOGOUT_KEEP_CURRENT);
use Bugzilla::Token;
# Block multiple email changes for the same user.
- if (Bugzilla::Token::HasEmailChangeToken($userid)) {
+ if (Bugzilla::Token::HasEmailChangeToken($user->id)) {
ThrowUserError("email_change_in_progress");
}
is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name});
- Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name,
- $new_login_name);
+ Bugzilla::Token::IssueEmailChangeToken($user->id, $old_login_name,
+ $new_login_name);
$vars->{'email_changes_saved'} = 1;
}
my $realname = trim($cgi->param('realname'));
trick_taint($realname); # Only used in a placeholder
$dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?",
- undef, ($realname, $userid));
+ undef, ($realname, $user->id));
}
sub DoSettings {
- my $settings = Bugzilla->user->settings;
+ my $user = Bugzilla->user;
+
+ my $settings = $user->settings;
$vars->{'settings'} = $settings;
my @setting_list = keys %$settings;
sub SaveSettings {
my $cgi = Bugzilla->cgi;
+ my $user = Bugzilla->user;
- my $settings = Bugzilla->user->settings;
- my @setting_list = keys %{Bugzilla->user->settings};
+ my $settings = $user->settings;
+ my @setting_list = keys %$settings;
foreach my $name (@setting_list) {
next if ! ($settings->{$name}->{'is_enabled'});
$settings->{$name}->set($value);
}
}
- $vars->{'settings'} = Bugzilla->user->settings(1);
+ $vars->{'settings'} = $user->settings(1);
}
sub DoEmail {
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
###########################################################################
# User watching
"SELECT profiles.login_name FROM watch INNER JOIN profiles" .
" ON watch.watched = profiles.userid" .
" WHERE watcher = ?",
- undef, $userid);
+ undef, $user->id);
$vars->{'watchedusers'} = join(',', @$watched_ref);
my $watcher_ids = $dbh->selectcol_arrayref(
"SELECT watcher FROM watch WHERE watched = ?",
- undef, $userid);
+ undef, $user->id);
my @watchers;
foreach my $watcher_id (@$watcher_ids) {
###########################################################################
# Role-based preferences
###########################################################################
- my $sth = Bugzilla->dbh->prepare("SELECT relationship, event " .
- "FROM email_setting " .
- "WHERE user_id = $userid");
- $sth->execute();
+ my $sth = $dbh->prepare("SELECT relationship, event " .
+ "FROM email_setting " .
+ "WHERE user_id = ?");
+ $sth->execute($user->id);
my %mail;
while (my ($relationship, $event) = $sth->fetchrow_array()) {
sub SaveEmail {
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
+ my $user = Bugzilla->user;
###########################################################################
# Role-based preferences
$dbh->bz_lock_tables("email_setting WRITE");
# Delete all the user's current preferences
- $dbh->do("DELETE FROM email_setting WHERE user_id = $userid");
+ $dbh->do("DELETE FROM email_setting WHERE user_id = ?", undef, $user->id);
# Repopulate the table - first, with normal events in the
# relationship/event matrix.
{
$dbh->do("INSERT INTO email_setting " .
"(user_id, relationship, event) " .
- "VALUES ($userid, $rel, $event)");
+ "VALUES (?, ?, ?)",
+ undef, ($user->id, $rel, $event));
}
}
{
$dbh->do("INSERT INTO email_setting " .
"(user_id, relationship, event) " .
- "VALUES ($userid, $rel, $event)");
+ "VALUES (?, ?, ?)",
+ undef, ($user->id, $rel, $event));
}
}
}
{
$dbh->do("INSERT INTO email_setting " .
"(user_id, relationship, event) " .
- "VALUES ($userid, " . REL_ANY . ", $event)");
+ "VALUES (?, ?, ?)",
+ undef, ($user->id, REL_ANY, $event));
}
}
# what the db looks like now
my $old_watch_ids =
$dbh->selectcol_arrayref("SELECT watched FROM watch"
- . " WHERE watcher = ?", undef, $userid);
+ . " WHERE watcher = ?", undef, $user->id);
# The new information given to us by the user.
my @new_watch_names = split(/[,\s]+/, $cgi->param('watchedusers'));
my $delete_sth = $dbh->prepare('DELETE FROM watch WHERE watched = ?'
. ' AND watcher = ?');
foreach my $remove_me (@$removed) {
- $delete_sth->execute($remove_me, $userid);
+ $delete_sth->execute($remove_me, $user->id);
}
# Add people who were added.
my $insert_sth = $dbh->prepare('INSERT INTO watch (watched, watcher)'
. ' VALUES (?, ?)');
foreach my $add_me (@$added) {
- $insert_sth->execute($add_me, $userid);
+ $insert_sth->execute($add_me, $user->id);
}
$dbh->bz_unlock_tables();
sub DoPermissions {
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
my (@has_bits, @set_bits);
my $groups = $dbh->selectall_arrayref(
"SELECT DISTINCT name, description FROM groups WHERE id IN (" .
- Bugzilla->user->groups_as_string . ") ORDER BY name");
+ $user->groups_as_string . ") ORDER BY name");
foreach my $group (@$groups) {
my ($nam, $desc) = @$group;
push(@has_bits, {"desc" => $desc, "name" => $nam});
"SELECT DISTINCT name, description FROM groups ORDER BY name");
foreach my $group (@$groups) {
my ($nam, $desc) = @$group;
- if (Bugzilla->user->can_bless($nam)) {
+ if ($user->can_bless($nam)) {
push(@set_bits, {"desc" => $desc, "name" => $nam});
}
}
sub DoSavedSearches {
# 2004-12-13 - colin.ogilvie@gmail.com, bug 274397
# Need to work around the possibly missing query_format=advanced
- $vars->{'user'} = Bugzilla->user;
- my @queries = @{Bugzilla->user->queries};
+ my $user = Bugzilla->user;
+
+ my @queries = @{$user->queries};
my @newqueries;
foreach my $q (@queries) {
if ($q->{'query'} =~ /query_format=([^&]*)/) {
sub SaveSavedSearches {
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
- my @queries = @{Bugzilla->user->queries};
+ my $user = Bugzilla->user;
+
+ my @queries = @{$user->queries};
my $sth = $dbh->prepare("UPDATE namedqueries SET linkinfooter = ?
WHERE userid = ?
AND name = ?");
foreach my $q (@queries) {
my $linkinfooter =
defined($cgi->param("linkinfooter_$q->{'name'}")) ? 1 : 0;
- $sth->execute($linkinfooter, $userid, $q->{'name'});
+ $sth->execute($linkinfooter, $user->id, $q->{'name'});
}
- Bugzilla->user->flush_queries_cache;
+ $user->flush_queries_cache;
my $showmybugslink = defined($cgi->param("showmybugslink")) ? 1 : 0;
- $dbh->do("UPDATE profiles SET mybugslink = $showmybugslink " .
- "WHERE userid = " . Bugzilla->user->id);
- Bugzilla->user->{'showmybugslink'} = $showmybugslink;
+ $dbh->do("UPDATE profiles SET mybugslink = ? WHERE userid = ?",
+ undef, ($showmybugslink, $user->id));
+ $user->{'showmybugslink'} = $showmybugslink;
}
projects / thirdparty / bugzilla.git / commitdiff
