diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-19 17:33:48 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-19 17:33:48 +0100 |
commit | 6e0182e55396213869186764abb1620dcbf307f0 (patch) | |
tree | 9f5157d8ace42ea7d8650e8879e05fab3e40eee7 /Bugzilla/WebService/Bug.pm | |
parent | 1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (diff) | |
download | bugs-6e0182e55396213869186764abb1620dcbf307f0.tar bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.gz bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.bz2 bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.xz bugs-6e0182e55396213869186764abb1620dcbf307f0.zip |
Bug 1230932: Providing a condition as an ID to the webservice results in a taint error
r/a=dkl
Diffstat (limited to 'Bugzilla/WebService/Bug.pm')
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index c99651201..b07d3cb01 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1133,6 +1133,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^[0-9]+$/; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); |