Fix for bug 252159: centralize time validation. Adds a ValidateTime

function to Bugzilla::Bug and uses it in relevant callsites. Patch by
Alexandre Michetti Manduca <michetti@grad.icmc.usp.br>. r=kiko, a=justdave.

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index f1a1cf34175bb150ce0784cda1ec05a13c91476b..a09e7a9066bb42cacb64ecba48be26aaf080913f 100755 (executable)
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -42,6 +42,7 @@ use Bugzilla::Flag;
 use Bugzilla::FlagType;
 use Bugzilla::User;
 use Bugzilla::Util;
+use Bugzilla::Error;
 
 sub fields {
     # Keep this ordering in sync with bugzilla.dtd
@@ -489,6 +490,13 @@ sub EmitDependList {
   return @list;
 }
 
+sub ValidateTime{
+  my ($time, $field) = @_;
+    if ($time > 99999.99 || $time < 0 || !($time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/)){
+      ThrowUserError("need_positive_number", {field => "$field"}, 1);
+    }
+ }
+
 sub AUTOLOAD {
   use vars qw($AUTOLOAD);
   my $attr = $AUTOLOAD;

diff --git a/post_bug.cgi b/post_bug.cgi
index a751a66a6512d5680b7141894d2aba46f4e4123f..94533e38d079c3f82d197856ed0e3ef93112488b 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -342,12 +342,8 @@ if (UserInGroup(Param("timetrackinggroup")) &&
     defined $::FORM{'estimated_time'}) {
 
     my $est_time = $::FORM{'estimated_time'};
-    if ($est_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) {
-        $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time);
-    } else {
-        ThrowUserError("need_positive_number",
-                       { field => 'estimated_time' });
-    }
+    Bugzilla::Bug::ValidateTime($est_time, 'estimated_time');
+    $sql .= SqlQuote($est_time) . "," . SqlQuote($est_time);
 } else {
     $sql .= "0, 0";
 }

diff --git a/process_bug.cgi b/process_bug.cgi
index 6ed12ba5cba17d0fb45fd9ee6267b829177d5397..40a1764ea73b44b0239306cfcb5e56111829c94a 100755 (executable)
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -766,16 +766,9 @@ if (UserInGroup(Param('timetrackinggroup'))) {
         if (defined $::FORM{$field}) {
             my $er_time = trim($::FORM{$field});
             if ($er_time ne $::FORM{'dontchange'}) {
-                if ($er_time > 99999.99) {
-                    ThrowUserError("value_out_of_range", {field => $field});
-                }
-                if ($er_time =~ /^(?:\d+(?:\.\d*)?|\.\d+)$/) {
-                    DoComma();
-                    $::query .= "$field = " . SqlQuote($er_time);
-                } else {
-                    ThrowUserError("need_positive_number",
-                                   {field => $field});
-                }
+                Bugzilla::Bug::ValidateTime($er_time, $field);
+                DoComma();
+                $::query .= "$field = " . SqlQuote($er_time);
             }
         }
     }
@@ -1274,9 +1267,7 @@ foreach my $id (@idlist) {
 
     delete $::FORM{'work_time'} unless UserInGroup(Param('timetrackinggroup'));
 
-    if ($::FORM{'work_time'} && $::FORM{'work_time'} > 99999.99) {
-        ThrowUserError("value_out_of_range", {field => 'work_time'});
-    }
+    Bugzilla::Bug::ValidateTime($::FORM{'work_time'}, 'work_time');
     if ($::FORM{'comment'} || $::FORM{'work_time'}) {
         if ($::FORM{'work_time'} && 
             (!defined $::FORM{'comment'} || $::FORM{'comment'} =~ /^\s*$/)) {