aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2015-12-22 12:08:32 -0500
committerDylan Hardison <dylan@mozilla.com>2015-12-22 12:08:32 -0500
commit396ae88235ef68ed45978dfb36774c5fe9a2d699 (patch)
treef885c04bd3923a15075e342923dd87f56950b9f1 /Bugzilla
parent6a2413842f48246f017be14610b697d1ac542e71 (diff)
downloadbugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar
bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.gz
bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.bz2
bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.tar.xz
bugs-396ae88235ef68ed45978dfb36774c5fe9a2d699.zip
Bug 1230932 - Providing a condition as an ID to the webservice results in a taint error
r=dkl,a=dkl
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/WebService/Bug.pm4
-rw-r--r--Bugzilla/WebService/Constants.pm2
-rw-r--r--Bugzilla/WebService/Util.pm9
3 files changed, 14 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index c99651201..92c81e5fd 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1133,6 +1133,10 @@ sub update_comment_tags {
{ function => 'Bug.update_comment_tags',
param => 'comment_id' });
+ ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags',
+ param => 'comment_id' })
+ unless $comment_id =~ /^[0-9]+$/;
+
my $comment = Bugzilla::Comment->new($comment_id)
|| return [];
$comment->bug->check_is_visible();
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 0bdd3517e..e32b9ad0f 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -67,6 +67,8 @@ use constant WS_ERROR_CODE => {
number_too_large => 54,
number_too_small => 55,
illegal_date => 56,
+ param_integer_required => 57,
+ param_integer_array_required => 58,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index a0a51a8de..27b2b36fa 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -219,7 +219,8 @@ sub validate {
# sent any parameters at all, and we're getting @keys where
# $params should be.
return ($self, undef) if (defined $params and !ref $params);
-
+
+ my @id_params = qw( ids comment_ids );
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
@@ -228,6 +229,12 @@ sub validate {
$params->{$key} = ref $params->{$key}
? $params->{$key}
: [ $params->{$key} ];
+
+ if (any { $key eq $_ } @id_params) {
+ my $ids = $params->{$key};
+ ThrowCodeError('param_integer_array_required', { param => $key })
+ unless ref($ids) eq 'ARRAY' && all { /^[0-9]+$/ } @$ids;
+ }
}
}