diff options
| author | Dylan Hardison <dylan@mozilla.com> | 2015-12-22 12:08:32 -0500 |
|---|---|---|
| committer | Dylan Hardison <dylan@mozilla.com> | 2015-12-22 12:08:32 -0500 |
| commit | 396ae88235ef68ed45978dfb36774c5fe9a2d699 (patch) | |
| tree | f885c04bd3923a15075e342923dd87f56950b9f1 | |
| parent | 6a2413842f48246f017be14610b697d1ac542e71 (diff) | |
| download | bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.gz bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.bz2 bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.xz bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.zip | |
Bug 1230932 - Providing a condition as an ID to the webservice results in a taint error
r=dkl,a=dkl
| -rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/WebService/Constants.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/WebService/Util.pm | 9 | ||||
| -rw-r--r-- | template/en/default/global/code-error.html.tmpl | 7 |
4 files changed, 21 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index c99651201..92c81e5fd 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1133,6 +1133,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^[0-9]+$/; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 0bdd3517e..e32b9ad0f 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -67,6 +67,8 @@ use constant WS_ERROR_CODE => { number_too_large => 54, number_too_small => 55, illegal_date => 56, + param_integer_required => 57, + param_integer_array_required => 58, # Bug errors usually occupy the 100-200 range. improper_bug_id_field_value => 100, bug_id_does_not_exist => 101, diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index a0a51a8de..27b2b36fa 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -219,7 +219,8 @@ sub validate { # sent any parameters at all, and we're getting @keys where # $params should be. return ($self, undef) if (defined $params and !ref $params); - + + my @id_params = qw( ids comment_ids ); # If @keys is not empty then we convert any named # parameters that have scalar values to arrayrefs # that match. @@ -228,6 +229,12 @@ sub validate { $params->{$key} = ref $params->{$key} ? $params->{$key} : [ $params->{$key} ]; + + if (any { $key eq $_ } @id_params) { + my $ids = $params->{$key}; + ThrowCodeError('param_integer_array_required', { param => $key }) + unless ref($ids) eq 'ARRAY' && all { /^[0-9]+$/ } @$ids; + } } } diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index d73d75e13..6dc49c6f1 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -290,6 +290,13 @@ a <code>[% param FILTER html %]</code> argument, and that argument was not set. + [% ELSIF error == "param_integer_required" %] + The function <code>[% function FILTER html %]</code> requires + that <code>[% param FILTER html %]</code> be an integer. + + [% ELSIF error == "param_integer_array_required" %] + The <code>[% param FILTER html %]</code> parameter must be an array of integers. + [% ELSIF error == "params_required" %] [% title = "Missing Parameter" %] The function <code>[% function FILTER html %]</code> requires |