my (@terms, @values);
foreach my $field (keys %$criteria) {
+ $class->_check_field($field, 'match');
my $value = $criteria->{$field};
if (ref $value eq 'ARRAY') {
# IN () is invalid SQL, and if we have an empty list
return $object;
}
+# Used to validate that a field name is in fact a valid column in the
+# current table before inserting it into SQL.
+sub _check_field {
+ my ($invocant, $field, $function) = @_;
+ my $class = ref($invocant) || $invocant;
+ if (!Bugzilla->dbh->bz_column_info($class->DB_TABLE, $field)) {
+ ThrowCodeError('param_invalid', { param => $field,
+ function => "${class}::$function" });
+ }
+}
+
sub check_required_create_fields {
my ($class, $params) = @_;
my (@field_names, @values);
while (my ($field, $value) = each %$field_values) {
+ $class->_check_field($field, 'create');
push(@field_names, $field);
push(@values, $value);
}
object_name_not_specified => 50,
param_required => 50,
object_does_not_exist => 51,
+ # Error 52 exists only in later releases.
+ param_invalid => 53,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
There is no valid transition from
[%+ get_status("UNCONFIRMED") FILTER html %] to an open state.
+ [% ELSIF error == "param_invalid" %]
+ [% title = "Invalid Parameter" %]
+ <code>[% param FILTER html %]</code> is not a valid parameter
+ for the [% function FILTER html %] function.
+
[% ELSIF error == "param_must_be_numeric" %]
[% title = "Invalid Parameter" %]
Invalid parameter passed to [% function FILTER html %].
projects / thirdparty / bugzilla.git / commitdiff
