diff options
author | Koosha Khajeh Moogahi <koosha.khajeh@gmail.com> | 2012-10-12 19:46:07 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-10-12 19:46:07 +0200 |
commit | 73958ee239e7c28d394bdbd37081cfaa7c1bc7ed (patch) | |
tree | 1e675a29fb724e7c6d07b1d4b41720e1da72b7cc | |
parent | d642d81c9c3438b3778e8d03d00804bc4f7732b0 (diff) | |
download | bugs-73958ee239e7c28d394bdbd37081cfaa7c1bc7ed.tar bugs-73958ee239e7c28d394bdbd37081cfaa7c1bc7ed.tar.gz bugs-73958ee239e7c28d394bdbd37081cfaa7c1bc7ed.tar.bz2 bugs-73958ee239e7c28d394bdbd37081cfaa7c1bc7ed.tar.xz bugs-73958ee239e7c28d394bdbd37081cfaa7c1bc7ed.zip |
Bug 793826: Prevent private web service methods from being called
r=dkl a=LpSolit
-rw-r--r-- | Bugzilla/WebService/Server.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index 5f1795178..5634aa0fe 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -17,7 +17,9 @@ use Scalar::Util qw(blessed); sub handle_login { my ($self, $class, $method, $full_method) = @_; - ThrowCodeError('unknown_method', {method => $full_method}) if !$class; + # Throw error if the supplied class does not exist or the method is private + ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/); + eval "require $class"; ThrowCodeError('unknown_method', {method => $full_method}) if $@; return if ($class->login_exempt($method) |