Bug 153461: describe components shouldn't give an error for a bad product

Patch: LpSolit@netscape.net  r=mkanat  a=justdave

diff --git a/describecomponents.cgi b/describecomponents.cgi
index 6c99a0a633633e0036b396fef48d83fa388221a7..85915b5ded409416ed11bdb1d962648d5cc698f1 100755 (executable)
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -21,27 +21,25 @@
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Bradley Baetz <bbaetz@student.usyd.edu.au>
 
-use vars qw(
-  %legal_product
-);
-
 use strict;
-
 use lib qw(.);
 
 use Bugzilla;
 use Bugzilla::Constants;
-
 require "CGI.pl";
 
+use vars qw($vars @legal_product);
+
 Bugzilla->login();
 
 GetVersionTable();
 
 my $cgi = Bugzilla->cgi;
-my $product = $cgi->param('product');
+my $template = Bugzilla->template;
+my $product = trim($cgi->param('product') || '');
+my $product_id = get_product_id($product);
 
-if (!defined $product) {
+if (!$product_id || !CanEnterProduct($product)) {
     # Reference to a subset of %::proddesc, which the user is allowed to see
     my %products;
 
@@ -55,7 +53,7 @@ if (!defined $product) {
         }
     }
     else {
-          %products = %::proddesc;
+        %products = %::proddesc;
     }
 
     my $prodsize = scalar(keys %products);
@@ -63,43 +61,32 @@ if (!defined $product) {
         ThrowUserError("no_products");
     }
     elsif ($prodsize > 1) {
-        $::vars->{'proddesc'} = \%products;
-        $::vars->{'target'} = "describecomponents.cgi";
+        $vars->{'proddesc'} = \%products;
+        $vars->{'target'} = "describecomponents.cgi";
+        # If an invalid product name is given, or the user is not
+        # allowed to access that product, a message is displayed
+        # with a list of the products the user can choose from.
+        if ($product) {
+            $vars->{'message'} = "product_invalid";
+            $vars->{'product'} = $product;
+        }
 
         print $cgi->header();
-        $::template->process("global/choose-product.html.tmpl", $::vars)
-          || ThrowTemplateError($::template->error());
+        $template->process("global/choose-product.html.tmpl", $vars)
+          || ThrowTemplateError($template->error());
         exit;
     }
 
     $product = (keys %products)[0];
 }
 
-# Make sure the user specified a valid product name.  Note that
-# if the user specifies a valid product name but is not authorized
-# to access that product, they will receive a different error message
-# which could enable people guessing product names to determine
-# whether or not certain products exist in Bugzilla, even if they
-# cannot get any other information about that product.
-my $product_id = get_product_id($product);
-
-if (!$product_id) {
-    ThrowUserError("invalid_product_name",
-                   { product => $product });
-}
-
-# Make sure the user is authorized to access this product.
-CanEnterProduct($product)
-      || ThrowUserError("product_access_denied");
-
 ######################################################################
 # End Data/Security Validation
 ######################################################################
 
 my @components;
 SendSQL("SELECT name, initialowner, initialqacontact, description FROM " .
-        "components WHERE product_id = $product_id ORDER BY " .
-        "name");
+        "components WHERE product_id = $product_id ORDER BY name");
 while (MoreSQLData()) {
     my ($name, $initialowner, $initialqacontact, $description) =
       FetchSQLData();
@@ -116,10 +103,9 @@ while (MoreSQLData()) {
     push @components, \%component;
 }
 
-$::vars->{'product'} = $product;
-$::vars->{'components'} = \@components;
+$vars->{'product'} = $product;
+$vars->{'components'} = \@components;
 
 print $cgi->header();
-$::template->process("reports/components.html.tmpl", $::vars)
-  || ThrowTemplateError($::template->error());
-
+$template->process("reports/components.html.tmpl", $vars)
+  || ThrowTemplateError($template->error());

diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 2dfe74c5f352427ec801ac34a276538e7f82c083..b007af2e189fc3752359ccaeab3213f991d4cbe0 100644 (file)
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -135,6 +135,12 @@
       <a href="editflagtypes.cgi">Back to flag types.</a>
     </p>
     
+  [% ELSIF message_tag == "product_invalid" %]
+    [% title = "$terms.Bugzilla Component Descriptions" %]
+    The product <em>[% product FILTER html %]</em> does not exist
+    or you don't have access to it. The following is a list of the
+    products you can choose from.
+
   [% ELSIF message_tag == "series_created" %]
     [% title = "Series Created" %]
       The series <em>[% series.category FILTER html %] /

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 8e2b0c649edc3050ae6c6c561a1af02a5e0c2873..3d1df2d756a944da3d03ddd0cebc4c3b41a090be 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -600,10 +600,6 @@
     Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
     Try breaking your patch into several pieces.
 
-  [% ELSIF error == "product_access_denied" %]
-    [% title = "Access Denied" %]
-    You do not have the permissions necessary to access that product.
-
   [% ELSIF error == "product_edit_denied" %]
     [% title = "Product Edit Access Denied" %]
     You are not permitted to edit [% terms.bugs %] in product