-#!/usr/bin/perl -w
+#!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
PutHeader("Change Group");
my $gid = trim($::FORM{group} || '');
+ detaint_natural($gid);
unless ($gid) {
ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again.");
}
SendSQL("SELECT id, name, description, userregexp, isactive, isbuggroup
- FROM groups WHERE id=" . SqlQuote($gid));
+ FROM groups WHERE id=$gid");
my ($group_id, $name, $description, $rexp, $isactive, $isbuggroup)
= FetchSQLData();
# convert an undefined value in the inactive field to zero
# (this occurs when the inactive checkbox is not checked
# and the browser does not send the field to the server)
- my $isactive = $::FORM{isactive} || 0;
+ my $isactive = $::FORM{isactive} ? 1 : 0;
unless ($name) {
ShowError("You must enter a name for the new group.<BR>" .
exit;
}
- if ($isactive != 0 && $isactive != 1) {
- ShowError("The active flag was improperly set. There may be " .
- "a problem with Bugzilla or a bug in your browser.<br>" .
- "Please click the <b>Back</b> button and try again.");
- PutFooter();
- exit;
- }
-
if (!eval {qr/$regexp/}) {
ShowError("The regular expression you entered is invalid. " .
"Please click the <b>Back</b> button and try again.");
if ($action eq 'del') {
PutHeader("Delete group");
my $gid = trim($::FORM{group} || '');
+ detaint_natural($gid);
unless ($gid) {
ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again.");
PutFooter();
exit;
}
- SendSQL("SELECT id FROM groups WHERE id=" . SqlQuote($gid));
+ SendSQL("SELECT id FROM groups WHERE id=$gid");
if (!FetchOneColumn()) {
ShowError("That group doesn't exist.<BR>" .
"Click the <b>Back</b> button and try again.");
}
SendSQL("SELECT name,description " .
"FROM groups " .
- "WHERE id = " . SqlQuote($gid));
+ "WHERE id=$gid");
my ($name, $desc) = FetchSQLData();
print "<table border=1>\n";
if ($action eq 'delete') {
PutHeader("Deleting group");
my $gid = trim($::FORM{group} || '');
+ detaint_natural($gid);
unless ($gid) {
ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again.");
}
SendSQL("SELECT name " .
"FROM groups " .
- "WHERE id = " . SqlQuote($gid));
+ "WHERE id = $gid");
my ($name) = FetchSQLData();
my $cantdelete = 0;
# or all of them period
my $dbh = Bugzilla->dbh;
my $gid = $::FORM{group};
+ detaint_natural($gid);
my $sth = $dbh->prepare("SELECT name, userregexp FROM groups
WHERE id = ?");
$sth->execute($gid);
# Helper sub to handle the making of changes to a group
sub doGroupChanges {
my $gid = trim($::FORM{group} || '');
+ detaint_natural($gid);
unless ($gid) {
ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again.");
projects / thirdparty / bugzilla.git / commitdiff
