Bug 1230932: Providing a condition as an ID to the webservice results in a taint error

r/a=dkl
author: Frédéric Buclin <LpSolit@gmail.com> 2016-03-19 17:33:48 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2016-03-19 17:33:48 +0100
commit: 6e0182e55396213869186764abb1620dcbf307f0 (patch)
tree: 9f5157d8ace42ea7d8650e8879e05fab3e40eee7 /Bugzilla/WebService/Bug.pm
parent: 1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (diff)
download: bugs-6e0182e55396213869186764abb1620dcbf307f0.tar
bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.gz
bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.bz2
bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.xz
bugs-6e0182e55396213869186764abb1620dcbf307f0.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index c99651201..b07d3cb01 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1133,6 +1133,10 @@ sub update_comment_tags {
                           { function => 'Bug.update_comment_tags',
                             param    => 'comment_id' });
 
+    ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags',
+                                               param => 'comment_id' })
+      unless $comment_id =~ /^[0-9]+$/;
+
     my $comment = Bugzilla::Comment->new($comment_id)
         || return [];
     $comment->bug->check_is_visible();
author	Frédéric Buclin <LpSolit@gmail.com>	2016-03-19 17:33:48 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2016-03-19 17:33:48 +0100
commit	6e0182e55396213869186764abb1620dcbf307f0 (patch)
tree	9f5157d8ace42ea7d8650e8879e05fab3e40eee7 /Bugzilla/WebService/Bug.pm
parent	1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (diff)
download	bugs-6e0182e55396213869186764abb1620dcbf307f0.tar bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.gz bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.bz2 bugs-6e0182e55396213869186764abb1620dcbf307f0.tar.xz bugs-6e0182e55396213869186764abb1620dcbf307f0.zip