Remove CGI usage in editvalues.cgi

2014-03-24 19:00:44 +04:00 · 2014-03-24 19:00:44 +04:00 · 2c8b8794bd
parent 1cd3cae485
commit 2c8b8794bd
4 changed files with 101 additions and 96 deletions
--- a/editvalues.cgi
+++ b/editvalues.cgi
@ -29,34 +29,18 @@ use Bugzilla::Token;
 use Bugzilla::Field;
 use Bugzilla::Field::Choice;

-###############
-# Subroutines #
-###############
-
-sub display_field_values {
-    my $vars = shift;
-    my $template = Bugzilla->template;
-    $vars->{'values'} = $vars->{'field'}->legal_values('include_disabled');
-    $template->process("admin/fieldvalues/list.html.tmpl", $vars)
-      || ThrowTemplateError($template->error());
-    exit;
-}
-
-######################################################################
-# Main Body Execution
-######################################################################
-
 # require the user to have logged in
 Bugzilla->login(LOGIN_REQUIRED);

 my $dbh      = Bugzilla->dbh;
 my $cgi      = Bugzilla->cgi;
 my $template = Bugzilla->template;
-my $vars = {};
+my $ARGS     = { %{ $cgi->VarHash } };
+my $vars     = {};

 # Replace this entry by separate entries in templates when
 # the documentation about legal values becomes bigger.
-$vars->{'doc_section'} = 'edit-values.html';
+$vars->{doc_section} = 'edit-values.html';

 Bugzilla->user->in_group('editvalues') || ThrowUserError('auth_failure', {
    group  => 'editvalues',
@ -67,8 +51,8 @@ Bugzilla->user->in_group('editvalues') || ThrowUserError('auth_failure', {
 #
 # often-used variables
 #
-my $action = trim($cgi->param('action')  || '');
-my $token  = $cgi->param('token');
+my $action = trim($ARGS->{action} || '');
+my $token  = $ARGS->{token};

 # Fields listed here must not be edited from this interface.
 my @non_editable_fields = qw(product);
@ -77,22 +61,22 @@ my %block_list = map { $_ => 1 } @non_editable_fields;
 #
 # field = '' -> Show nice list of fields
 #
-if (!$cgi->param('field')) {
-    my @field_list = grep { !$block_list{$_->name} }
-                       Bugzilla->get_fields({ is_select => 1 });
-
-    $vars->{'fields'} = \@field_list;
+if (!$ARGS->{field})
+{
+    my @field_list = grep { !$block_list{$_->name} } Bugzilla->get_fields({ is_select => 1 });
+    $vars->{fields} = \@field_list;
    $template->process("admin/fieldvalues/select-field.html.tmpl", $vars)
-      || ThrowTemplateError($template->error());
+        || ThrowTemplateError($template->error());
    exit;
 }

 # At this point, the field must be defined.
-my $field = Bugzilla::Field->check($cgi->param('field'));
-if (!$field->is_select || $block_list{$field->name}) {
+my $field = Bugzilla::Field->check($ARGS->{field});
+if (!$field->is_select || $block_list{$field->name})
+{
    ThrowUserError('fieldname_invalid', { field => $field });
 }
-$vars->{'field'} = $field;
+$vars->{field} = $field;

 #
 # action='' -> Show nice list of values.
@ -103,115 +87,124 @@ display_field_values($vars) unless $action;
 # action='add' -> show form for adding new field value.
 # (next action will be 'new')
 #
-if ($action eq 'add') {
-    $vars->{'token'} = issue_session_token('add_field_value');
+if ($action eq 'add')
+{
+    $vars->{token} = issue_session_token('add_field_value');
    $template->process("admin/fieldvalues/create.html.tmpl", $vars)
-      || ThrowTemplateError($template->error());
+        || ThrowTemplateError($template->error());
    exit;
 }

 #
 # action='new' -> add field value entered in the 'action=add' screen
 #
-if ($action eq 'new') {
+if ($action eq 'new')
+{
    check_token_data($token, 'add_field_value');

    my $type = Bugzilla::Field::Choice->type($field);
    # Some types have additional parameters inside REQUIRED_CREATE_FIELDS
    my $created_value = $type->create({
-        map { $_ => scalar $cgi->param($_) } grep { defined $cgi->param($_) } ($type->DB_COLUMNS, $type->REQUIRED_CREATE_FIELDS)
+        map { $_ => $ARGS->{$_} }
+        grep { defined $ARGS->{$_} } ($type->DB_COLUMNS, $type->REQUIRED_CREATE_FIELDS)
    });
-    $created_value->set_visibility_values([ $cgi->param('visibility_value_id') ]);
+    $created_value->set_visibility_values($ARGS->{visibility_value_id});

    delete_token($token);

-    $vars->{'message'} = 'field_value_created';
-    $vars->{'value'} = $created_value;
+    $vars->{message} = 'field_value_created';
+    $vars->{value} = $created_value;
    display_field_values($vars);
 }

-if ($action eq 'control_list') {
+#
+# action='control_list' -> enable/disable values controlled by this one
+#
+if ($action eq 'control_list')
+{
    die('This field has no value field') unless $field->custom && $field->value_field;

-    my $step = $cgi->param('step') || 0;
-    my $visibility_value_id = $cgi->param('visibility_value_id');
-    my $values = [ $cgi->param('values') ];
-    my $default_value_ids = [ $cgi->param('default_value_ids') ];
+    my $step = $ARGS->{step} || 0;
+    my $visibility_value_id = $ARGS->{visibility_value_id};
+    my $values = $ARGS->{values};
+    my $default_value_id = $ARGS->{default_value_id};
    my $need_token = 0;

-    $vars->{'visibility_value_id'} = -1;
-    if ($visibility_value_id) {
-        $vars->{'visibility_value_id'} = $visibility_value_id;
-        my %values = map { $_->{'id'} => $_ } @{$field->{'value_field'}->legal_values()};
-        $vars->{'field_value'} = $values{$visibility_value_id};
+    $vars->{visibility_value_id} = -1;
+    if ($visibility_value_id)
+    {
+        $vars->{visibility_value_id} = $visibility_value_id;
+        my %values = map { $_->{id} => $_ } @{$field->{value_field}->legal_values()};
+        $vars->{field_value} = $values{$visibility_value_id};
        $step++ unless $token;
        $need_token = 1;
-        if ($token) {
+        if ($token)
+        {
            check_token_data($token, "edit_control_list");
-            $field->update_controlled_values($values, $visibility_value_id, $default_value_ids);
+            $field->update_controlled_values($values, $visibility_value_id, $default_value_id);
            $step++;
            $need_token = 0;
            delete_token($token);
        }
    }

-    $vars->{'step'} = $step;
-    $vars->{'token'} = issue_session_token("edit_control_list") if $need_token;
+    $vars->{step} = $step;
+    $vars->{token} = issue_session_token("edit_control_list") if $need_token;

-    $template->process("admin/fieldvalues/control-list.html.tmpl",
-        $vars) || ThrowTemplateError($template->error());
+    $template->process("admin/fieldvalues/control-list.html.tmpl", $vars)
+        || ThrowTemplateError($template->error());

    exit;
 }

 # After this, we always have a value
-my $value = Bugzilla::Field::Choice->type($field)->check($cgi->param('value'));
-$vars->{'value'} = $value;
+my $value = Bugzilla::Field::Choice->type($field)->check($ARGS->{value});
+$vars->{value} = $value;

 #
 # action='del' -> ask if user really wants to delete
 # (next action would be 'delete')
 #
-if ($action eq 'del') {
+if ($action eq 'del')
+{
    # If the value cannot be deleted, throw an error.
-    if ($value->is_static) {
+    if ($value->is_static)
+    {
        ThrowUserError('fieldvalue_not_deletable', $vars);
    }
-    $vars->{'token'} = issue_session_token('delete_field_value');
+    $vars->{token} = issue_session_token('delete_field_value');

    $template->process("admin/fieldvalues/confirm-delete.html.tmpl", $vars)
-      || ThrowTemplateError($template->error());
+        || ThrowTemplateError($template->error());

    exit;
 }

-
 #
 # action='delete' -> really delete the field value
 #
-if ($action eq 'delete') {
+if ($action eq 'delete')
+{
    check_token_data($token, 'delete_field_value');
    $value->remove_from_db();
    delete_token($token);
-    $vars->{'message'} = 'field_value_deleted';
-    $vars->{'no_edit_link'} = 1;
+    $vars->{message} = 'field_value_deleted';
+    $vars->{no_edit_link} = 1;
    display_field_values($vars);
 }

-
 #
 # action='edit' -> present the edit-value form
 # (next action would be 'update')
 #
-if ($action eq 'edit') {
-    $vars->{'token'} = issue_session_token('edit_field_value');
+if ($action eq 'edit')
+{
+    $vars->{token} = issue_session_token('edit_field_value');
    $template->process("admin/fieldvalues/edit.html.tmpl", $vars)
-      || ThrowTemplateError($template->error());
-
+        || ThrowTemplateError($template->error());
    exit;
 }

-
 #
 # action='update' -> update the field value
 #
@ -221,16 +214,16 @@ if ($action eq 'update')
    $vars->{value_old} = $value->name;
    if ($value->can('set_timetracking'))
    {
-        $value->set_timetracking($cgi->param('timetracking') ? 1 : 0);
+        $value->set_timetracking($ARGS->{timetracking} ? 1 : 0);
    }
-    $value->set_sortkey($cgi->param('sortkey'));
+    $value->set_sortkey($ARGS->{sortkey});
    if (!($value->is_static || $value->is_default))
    {
-        $value->set_is_active($cgi->param('is_active'));
-        $value->set_name($cgi->param('value_new'));
+        $value->set_is_active($ARGS->{is_active});
+        $value->set_name($ARGS->{value_new});
        if ($value->field->value_field)
        {
-            $vars->{changes}->{visibility_values} = $value->set_visibility_values([ $cgi->param('visibility_value_id') ]);
+            $vars->{changes}->{visibility_values} = $value->set_visibility_values($ARGS->{visibility_value_id});
        }
    }
    delete_token($token);
@ -239,10 +232,19 @@ if ($action eq 'update')
    display_field_values($vars);
 }

-
 #
 # No valid action found
 #
 # We can't get here without $field being defined --
 # See the unless($field) block at the top.
 ThrowUserError('no_valid_action', { field => $field } );
+
+sub display_field_values
+{
+    my $vars = shift;
+    my $template = Bugzilla->template;
+    $vars->{values} = $vars->{field}->legal_values('include_disabled');
+    $template->process("admin/fieldvalues/list.html.tmpl", $vars)
+        || ThrowTemplateError($template->error());
+    exit;
+}
--- a/template/en/custom/admin/fieldvalues/control-list.html.tmpl
+++ b/template/en/custom/admin/fieldvalues/control-list.html.tmpl
@ -55,13 +55,15 @@
            </td>
            <td align="center">
              [% IF value.visible_for_all() %]
-              <input type="checkbox" id="val_[% value.id %]" value="[% value.id %]" name="values" onchange="changeDefaultEnabling(this);" checked="checked" disabled="disabled"/>
+              <input type="checkbox" id="val_[% value.id %]" value="[% value.id %]" name="values[]" onchange="changeDefaultEnabling(this);" checked="checked" disabled="disabled"/>
              [% ELSE %]
-              <input type="checkbox" id="val_[% value.id %]" value="[% value.id %]" name="values" onchange="changeDefaultEnabling(this);"[% ' checked="checked"' IF value.has_visibility_value(field_value.id, 0) %]/>
+              <input type="checkbox" id="val_[% value.id %]" value="[% value.id %]" name="values[]" onchange="changeDefaultEnabling(this);"[% ' checked="checked"' IF value.has_visibility_value(field_value.id, 0) %]/>
              [% END %]
            </td>
            <td align="center">
-              <input type="[% (field.type == constants.FIELD_TYPE_MULTI_SELECT ? 'checkbox' : 'radio') %]" id="def_val_[% value.id %]" value="[% value.id %]" name="default_value_ids"[% ' checked="checked"' IF value.is_default_controlled_value(field_value.id, 0) %]/>
+              <input type="[% (field.type == constants.FIELD_TYPE_MULTI_SELECT ? 'checkbox' : 'radio') %]"
+                id="def_val_[% value.id %]" value="[% value.id %]"
+                name="default_value_id[]"[% ' checked="checked"' IF value.is_default_controlled_value(field_value.id, 0) %]/>
            </td>
            <td>
              [% IF value.visible_for_all() %]
@ -81,14 +83,14 @@
  [% ELSIF step == 2 %]
    <p>Значения <strong>[% field.description FILTER html %]</strong> для <strong>[% field_value.name FILTER html %]</strong> сохранены.</p>
    <a href="editvalues.cgi?action=control_list&field=
-            [%- field.name FILTER url_quote %]&visibility_value_id=[% visibility_value_id %]">К выбору значений <strong>[% field.description FILTER html %]</strong> для <strong>[% field_value.name FILTER html %]</strong></a>
+      [%- field.name FILTER url_quote %]&visibility_value_id=[% visibility_value_id %]">К выбору значений <strong>[% field.description FILTER html %]</strong> для <strong>[% field_value.name FILTER html %]</strong></a>
    |
    <a href="editvalues.cgi?action=control_list&field=
-            [%- field.name FILTER url_quote %]">К выбору <strong>[% field.value_field.description FILTER html %]</strong></a>
+      [%- field.name FILTER url_quote %]">К выбору <strong>[% field.value_field.description FILTER html %]</strong></a>
    |
  [% END; %]
  <a href="editvalues.cgi?field=
-            [%- field.name FILTER url_quote %]">К списку значений <strong>[% field.description FILTER html %]</strong></a>
+    [%- field.name FILTER url_quote %]">К списку значений <strong>[% field.description FILTER html %]</strong></a>
 </form>
 <script type="text/javascript">
 function clearDefault()
@ -112,7 +114,7 @@ function changeDefaultEnabling(self)
    }
 }

-var checkboxes = document.forms['setValuesForm'].elements['values'];
+var checkboxes = document.forms['setValuesForm'].elements['values[]'];
 for (var i in checkboxes)
 {
    if (!checkboxes[i].tagName) continue;
--- a/template/en/default/admin/fieldvalues/create.html.tmpl
+++ b/template/en/default/admin/fieldvalues/create.html.tmpl
@ -17,7 +17,7 @@
 [%# INTERFACE:
  # field: object; the field the value is being created for
  #%]
-  
+
 [% title = BLOCK %]
  Add Value for the '[% field.description FILTER html %]' ([% field.name FILTER html %]) field
 [% END %]
@ -26,7 +26,7 @@
 %]

 <p>
-  This page allows you to add a new value for the 
+  This page allows you to add a new value for the
  '[% field.description FILTER html %]' field.
 </p>

@ -78,7 +78,7 @@
      </tr>
      <tr>
        <td></td><td>
-          <select name="visibility_value_id" id="visibility_value_id" multiple="multiple" size="15">
+          <select name="visibility_value_id[]" id="visibility_value_id" multiple="multiple" size="15">
            <option></option>
            [% FOREACH field_value = field.value_field.legal_values %]
              [% NEXT IF field_value.name == '' %]
--- a/template/en/default/admin/fieldvalues/edit.html.tmpl
+++ b/template/en/default/admin/fieldvalues/edit.html.tmpl
@ -67,7 +67,7 @@
      </tr>
      <tr>
        <td></td><td>
-          <select name="visibility_value_id" id="visibility_value_id" multiple="multiple" size="15">
+          <select name="visibility_value_id[]" id="visibility_value_id" multiple="multiple" size="15">
            [% FOREACH field_value = field.value_field.legal_values %]
              [% NEXT IF field_value.name == '' %]
              <option value="[% field_value.id FILTER none %]" [% ' selected="selected"' IF value.has_visibility_value(field_value.id, 0) %]>
@ -80,15 +80,16 @@
    [% END %]
    <tr>
      <th align="right"><label for="is_active">Enabled for [% terms.bugs %]:</label></th>
-      <td><input id="is_active" name="is_active" type="checkbox" value="1" 
-           [%+ 'checked="checked"' IF value.is_active %]
-           [%+ 'disabled="disabled"' IF value.is_default OR value.is_static %] />
-           [% IF value.is_default %]
-             This value is selected as default in the parameters for this field. It cannot be disabled.
-           [% ELSIF value.is_static %]
-             This value is non-deletable and cannot be disabled.
-           [% END %]
-           </td>
+      <td>
+        <input id="is_active" name="is_active" type="checkbox" value="1"
+          [%+ 'checked="checked"' IF value.is_active %]
+          [%+ 'disabled="disabled"' IF value.is_default OR value.is_static %] />
+        [% IF value.is_default %]
+          This value is selected as default in the parameters for this field. It cannot be disabled.
+        [% ELSIF value.is_static %]
+          This value is non-deletable and cannot be disabled.
+        [% END %]
+      </td>
    </tr>
    [% Hook.process('fields') %]
  </table>