GetVersionTable();
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
my $product = trim($cgi->param('product') || '');
######################################################################
my @components;
-SendSQL("SELECT name, initialowner, initialqacontact, description FROM " .
- "components WHERE product_id = $product_id ORDER BY name");
-while (MoreSQLData()) {
- my ($name, $initialowner, $initialqacontact, $description) =
- FetchSQLData();
-
+my $comps = $dbh->selectall_arrayref(
+ q{SELECT name, initialowner, initialqacontact, description
+ FROM components
+ WHERE product_id = ?
+ ORDER BY name}, undef, $product_id);
+foreach my $comp (@$comps) {
+ my ($name, $initialowner, $initialqacontact, $description) = @$comp;
my %component;
$component{'name'} = $name;
my $template = Bugzilla->template;
my $vars = {};
-SendSQL("SELECT keyworddefs.name, keyworddefs.description,
- COUNT(keywords.bug_id)
- FROM keyworddefs LEFT JOIN keywords
- ON keyworddefs.id = keywords.keywordid " .
+my $keywords = $dbh->selectall_arrayref(
+ q{SELECT keyworddefs.name, keyworddefs.description,
+ COUNT(keywords.bug_id) AS bugcount
+ FROM keyworddefs
+ LEFT JOIN keywords
+ ON keyworddefs.id = keywords.keywordid } .
$dbh->sql_group_by('keyworddefs.id',
- 'keyworddefs.name, keyworddefs.description') . "
- ORDER BY keyworddefs.name");
-
-my @keywords;
-
-while (MoreSQLData()) {
- my ($name, $description, $bugs) = FetchSQLData();
-
- push (@keywords, { name => $name,
- description => $description,
- bugcount => $bugs });
-}
-
-$vars->{'keywords'} = \@keywords;
+ 'keyworddefs.name, keyworddefs.description') .
+ " ORDER BY keyworddefs.name", {'Slice' => {}});
+
+$vars->{'keywords'} = $keywords;
$vars->{'caneditkeywords'} = UserInGroup("editkeywords");
print Bugzilla->cgi->header();
use Bugzilla::Constants;
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
# Go directly to the XUL version of the duplicates report (duplicates.xul)
# if the user specified ctype=xul. Adds params if they exist, and directs
'params' => $params,
);
- SendSQL($query->getSQL());
+ my $results = $dbh->selectall_arrayref($query->getSQL());
- while (MoreSQLData()) {
+ foreach my $result (@$results) {
# Note: maximum row count is dealt with in the template.
my ($id, $component, $bug_severity, $op_sys, $target_milestone,
- $short_desc, $bug_status, $resolution) = FetchSQLData();
+ $short_desc, $bug_status, $resolution) = @$result;
push (@bugs, { id => $id,
count => $count{$id},
Bugzilla->login(LOGIN_REQUIRED);
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
if ($action eq "show") {
# Read in the entire quip list
- SendSQL("SELECT quipid, userid, quip, approved FROM quips");
+ my $quipsref = $dbh->selectall_arrayref(
+ "SELECT quipid, userid, quip, approved FROM quips");
my $quips;
my @quipids;
- while (MoreSQLData()) {
- my ($quipid, $userid, $quip, $approved) = FetchSQLData();
+ foreach my $quipref (@$quipsref) {
+ my ($quipid, $userid, $quip, $approved) = @$quipref;
$quips->{$quipid} = {'userid' => $userid, 'quip' => $quip,
'approved' => $approved};
push(@quipids, $quipid);
}
my $users;
+ my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?");
foreach my $quipid (@quipids) {
my $userid = $quips->{$quipid}{'userid'};
if ($userid && not defined $users->{$userid}) {
- SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
- $users->{$userid} = FetchOneColumn();
+ ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid);
}
}
$vars->{'quipids'} = \@quipids;
(Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
my $comment = $cgi->param("quip");
$comment || ThrowUserError("need_quip");
+ trick_taint($comment); # Used in a placeholder below
- SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
- '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
+ $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
+ undef, ($userid, $comment, $approved));
$vars->{'added_quip'} = $comment;
}
if ($action eq 'approve') {
# Read in the entire quip list
- SendSQL("SELECT quipid, approved FROM quips");
-
+ my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
+
my %quips;
- while (MoreSQLData()) {
- my ($quipid, $approved) = FetchSQLData();
+ foreach my $quipref (@$quipsref) {
+ my ($quipid, $approved) = @$quipref;
$quips{$quipid} = $approved;
}
else { push(@unapproved, $quipid); }
}
}
- SendSQL("UPDATE quips SET approved = 1 WHERE quipid IN (" .
+ $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
join(",", @approved) . ")") if($#approved > -1);
- SendSQL("UPDATE quips SET approved = 0 WHERE quipid IN (" .
+ $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" .
join(",", @unapproved) . ")") if($#unapproved > -1);
$vars->{ 'approved' } = \@approved;
$vars->{ 'unapproved' } = \@unapproved;
ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/;
$quipid = $1;
- SendSQL("SELECT quip FROM quips WHERE quipid = $quipid");
- $vars->{'deleted_quip'} = FetchSQLData();
- SendSQL("DELETE FROM quips WHERE quipid = $quipid");
+ ($vars->{'deleted_quip'}) = $dbh->selectrow_array(
+ "SELECT quip FROM quips WHERE quipid = ?",
+ undef, $quipid);
+ $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid);
}
print $cgi->header();
my $template = Bugzilla->template;
my $vars = {};
my $buffer = $cgi->query_string();
+my $dbh = Bugzilla->dbh;
# Go straight back to query.cgi if we are adding a boolean chart.
if (grep(/^cmd-/, $cgi->param())) {
$::SIG{TERM} = 'DEFAULT';
$::SIG{PIPE} = 'DEFAULT';
-SendSQL($query);
+my $results = $dbh->selectall_arrayref($query);
# We have a hash of hashes for the data itself, and a hash to hold the
# row/col/table names.
my $row_isnumeric = 1;
my $tbl_isnumeric = 1;
-while (MoreSQLData()) {
- my ($row, $col, $tbl) = FetchSQLData();
+foreach my $result (@$results) {
+ my ($row, $col, $tbl) = @$result;
# handle empty dimension member names
$row = ' ' if ($row eq '');
# Filter results by exact email address of requester or requestee.
if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
- push(@criteria, $dbh->sql_istrcmp('requesters.login_name',
- SqlQuote($cgi->param('requester'))));
+ my $requester = $dbh->quote($cgi->param('requester'));
+ trick_taint($requester); # Quoted above
+ push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
push(@excluded_columns, 'requester') unless $cgi->param('do_union');
}
if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
if ($cgi->param('requestee') ne "-") {
+ my $requestee = $dbh->quote($cgi->param('requestee'));
+ trick_taint($requestee); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requestees.login_name',
- SqlQuote($cgi->param('requestee'))));
+ $requestee));
}
else { push(@criteria, "flags.requestee_id IS NULL") }
push(@excluded_columns, 'requestee') unless $cgi->param('do_union');
}
}
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
-
- push(@criteria, "flagtypes.name = " . SqlQuote($form_type));
+
+ my $quoted_form_type = $dbh->quote($form_type);
+ trick_taint($quoted_form_type); # Already SQL quoted
+ push(@criteria, "flagtypes.name = " . $quoted_form_type);
push(@excluded_columns, 'type') unless $cgi->param('do_union');
}
$vars->{'query'} = $query;
$vars->{'debug'} = $cgi->param('debug') ? 1 : 0;
- SendSQL($query);
+ my $results = $dbh->selectall_arrayref($query);
my @requests = ();
- while (MoreSQLData()) {
- my @data = FetchSQLData();
+ foreach my $result (@$results) {
+ my @data = @$result;
my $request = {
'id' => $data[0] ,
'type' => $data[1] ,
# Get a list of request type names to use in the filter form.
my @types = ("all");
- SendSQL("SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
- push(@types, FetchOneColumn()) while MoreSQLData();
+ my $flagtypes = $dbh->selectcol_arrayref(
+ "SELECT DISTINCT(name) FROM flagtypes ORDER BY name");
+ push(@types, @$flagtypes);
$vars->{'products'} = $user->get_selectable_products;
$vars->{'excluded_columns'} = \@excluded_columns;
Bugzilla->login();
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
my %baselist;
if ($cgi->param('doall')) {
- SendSQL("SELECT blocked, dependson FROM dependencies");
+ my $dependencies = $dbh->selectall_arrayref(
+ "SELECT blocked, dependson FROM dependencies");
- while (MoreSQLData()) {
- my ($blocked, $dependson) = FetchSQLData();
+ foreach my $dependency (@$dependencies) {
+ my ($blocked, $dependson) = @$dependency;
AddLink($blocked, $dependson, $fh);
}
} else {
}
my @stack = keys(%baselist);
+ my $sth = $dbh->prepare(
+ q{SELECT blocked, dependson
+ FROM dependencies
+ WHERE blocked = ? or dependson = ?});
foreach my $id (@stack) {
- SendSQL("SELECT blocked, dependson
- FROM dependencies
- WHERE blocked = $id or dependson = $id");
- while (MoreSQLData()) {
- my ($blocked, $dependson) = FetchSQLData();
+ my $dependencies = $dbh->selectall_arrayref($sth, undef, ($id, $id));
+ foreach my $dependency (@$dependencies) {
+ my ($blocked, $dependson) = @$dependency;
if ($blocked != $id && !exists $seen{$blocked}) {
push @stack, $blocked;
}
}
}
+my $sth = $dbh->prepare(
+ q{SELECT bug_status, resolution, short_desc
+ FROM bugs
+ WHERE bugs.bug_id = ?});
foreach my $k (keys(%seen)) {
- my $summary = "";
- my $stat;
- my $resolution;
-
# Retrieve bug information from the database
-
- SendSQL("SELECT bug_status, resolution, short_desc FROM bugs " .
- "WHERE bugs.bug_id = $k");
- ($stat, $resolution, $summary) = FetchSQLData();
+ my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
$stat ||= 'NEW';
$resolution ||= '';
$summary ||= '';
Bugzilla->login();
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
# Retrieves the necessary information about a bug, stores it in the bug cache,
# and returns it to the calling code.
my ($id) = @_;
-
+ my $dbh = Bugzilla->dbh;
+
my $bug = {};
if (Bugzilla->user->can_see_bug($id)) {
- SendSQL("SELECT 1,
+ ($bug->{'exists'},
+ $bug->{'status'},
+ $bug->{'summary'},
+ $bug->{'milestone'},
+ $bug->{'assignee_id'},
+ $bug->{'assignee_email'}) = $dbh->selectrow_array(
+ "SELECT 1,
bug_status,
short_desc,
$milestone_column,
assignee.userid,
assignee.login_name
- FROM bugs
+ FROM bugs
INNER JOIN profiles AS assignee
ON bugs.assigned_to = assignee.userid
- WHERE bugs.bug_id = $id");
-
-
- ($bug->{'exists'},
- $bug->{'status'},
- $bug->{'summary'},
- $bug->{'milestone'},
- $bug->{'assignee_id'},
- $bug->{'assignee_email'}) = FetchSQLData();
+ WHERE bugs.bug_id = ?", undef, $id);
}
$bug->{'open'} = $bug->{'exists'} && IsOpenedState($bug->{'status'});
sub GetDependencies {
# Returns a list of dependencies for a given bug.
-
my ($id, $relationship) = @_;
-
+ my $dbh = Bugzilla->dbh;
+
my $bug_type = ($relationship eq "blocked") ? "dependson" : "blocked";
- SendSQL(" SELECT $relationship
+ my $dependencies = $dbh->selectcol_arrayref(
+ "SELECT $relationship
FROM dependencies
- WHERE $bug_type = $id
- ORDER BY $relationship");
-
- my @dependencies = ();
- push(@dependencies, FetchOneColumn()) while MoreSQLData();
+ WHERE $bug_type = ?
+ ORDER BY $relationship", undef, $id);
- return @dependencies;
+ return @$dependencies;
}
projects / thirdparty / bugzilla.git / commitdiff
