MIN_SMALLINT
MAX_SMALLINT
+ MAX_INT_32
MAX_LEN_QUERY_NAME
MAX_CLASSIFICATION_SIZE
use constant MIN_SMALLINT => -32768;
use constant MAX_SMALLINT => 32767;
+use constant MAX_INT_32 => 2147483647;
# The longest that a saved search name can be.
use constant MAX_LEN_QUERY_NAME => 64;
|| ThrowCodeError('param_must_be_numeric',
{function => $class . '::_init'});
+ # Too large integers make PostgreSQL crash.
+ return if $id > MAX_INT_32;
+
$object = $dbh->selectrow_hashref(qq{
SELECT $columns FROM $table
WHERE $id_field = ?}, undef, $id);
detaint_natural($id) ||
ThrowCodeError('param_must_be_numeric',
{function => $class . '::new_from_list'});
+ # Too large integers make PostgreSQL crash.
+ next if $id > MAX_INT_32;
push(@detainted_ids, $id);
}
# We don't do $invocant->match because some classes have
my ($attachid, $link_text) = @_;
my $dbh = Bugzilla->dbh;
- detaint_natural($attachid)
- || die "get_attachment_link() called with non-integer attachment number";
+ my $attachment = new Bugzilla::Attachment($attachid);
- my ($bugid, $isobsolete, $desc, $is_patch) =
- $dbh->selectrow_array('SELECT bug_id, isobsolete, description, ispatch
- FROM attachments WHERE attach_id = ?',
- undef, $attachid);
-
- if ($bugid) {
+ if ($attachment) {
my $title = "";
my $className = "";
- if (Bugzilla->user->can_see_bug($bugid)) {
- $title = $desc;
+ if (Bugzilla->user->can_see_bug($attachment->bug_id)) {
+ $title = $attachment->description;
}
- if ($isobsolete) {
+ if ($attachment->isobsolete) {
$className = "bz_obsolete";
}
# Prevent code injection in the title.
# If the attachment is a patch, try to link to the diff rather
# than the text, by default.
my $patchlink = "";
- if ($is_patch and Bugzilla->feature('patch_viewer')) {
+ if ($attachment->ispatch and Bugzilla->feature('patch_viewer')) {
$patchlink = '&action=diff';
}
projects / thirdparty / bugzilla.git / commitdiff
