Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
396ae882
Commit
396ae882
authored
Dec 22, 2015
by
Dylan Hardison
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 1230932 - Providing a condition as an ID to the webservice results in a taint error
r=dkl,a=dkl
parent
6a241384
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
21 additions
and
1 deletion
+21
-1
Bug.pm
Bugzilla/WebService/Bug.pm
+4
-0
Constants.pm
Bugzilla/WebService/Constants.pm
+2
-0
Util.pm
Bugzilla/WebService/Util.pm
+8
-1
code-error.html.tmpl
template/en/default/global/code-error.html.tmpl
+7
-0
No files found.
Bugzilla/WebService/Bug.pm
View file @
396ae882
...
...
@@ -1133,6 +1133,10 @@ sub update_comment_tags {
{
function
=>
'Bug.update_comment_tags'
,
param
=>
'comment_id'
});
ThrowCodeError
(
"param_integer_required"
,
{
function
=>
'Bug.update_comment_tags'
,
param
=>
'comment_id'
})
unless
$comment_id
=~
/^[0-9]+$/
;
my
$comment
=
Bugzilla::
Comment
->
new
(
$comment_id
)
||
return
[]
;
$comment
->
bug
->
check_is_visible
();
...
...
Bugzilla/WebService/Constants.pm
View file @
396ae882
...
...
@@ -67,6 +67,8 @@ use constant WS_ERROR_CODE => {
number_too_large
=>
54
,
number_too_small
=>
55
,
illegal_date
=>
56
,
param_integer_required
=>
57
,
param_integer_array_required
=>
58
,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value
=>
100
,
bug_id_does_not_exist
=>
101
,
...
...
Bugzilla/WebService/Util.pm
View file @
396ae882
...
...
@@ -219,7 +219,8 @@ sub validate {
# sent any parameters at all, and we're getting @keys where
# $params should be.
return
(
$self
,
undef
)
if
(
defined
$params
and
!
ref
$params
);
my
@id_params
=
qw( ids comment_ids )
;
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
...
...
@@ -228,6 +229,12 @@ sub validate {
$params
->
{
$key
}
=
ref
$params
->
{
$key
}
?
$params
->
{
$key
}
:
[
$params
->
{
$key
}
];
if
(
any
{
$key
eq
$_
}
@id_params
)
{
my
$ids
=
$params
->
{
$key
};
ThrowCodeError
(
'param_integer_array_required'
,
{
param
=>
$key
})
unless
ref
(
$ids
)
eq
'ARRAY'
&&
all
{
/^[0-9]+$/
}
@$ids
;
}
}
}
...
...
template/en/default/global/code-error.html.tmpl
View file @
396ae882
...
...
@@ -290,6 +290,13 @@
a <code>[% param FILTER html %]</code> argument, and that
argument was not set.
[% ELSIF error == "param_integer_required" %]
The function <code>[% function FILTER html %]</code> requires
that <code>[% param FILTER html %]</code> be an integer.
[% ELSIF error == "param_integer_array_required" %]
The <code>[% param FILTER html %]</code> parameter must be an array of integers.
[% ELSIF error == "params_required" %]
[% title = "Missing Parameter" %]
The function <code>[% function FILTER html %]</code> requires
...
...
Дмитрий Никулин
@TheOwl
mentioned in commit
87a607ef
·
Oct 20, 2017
mentioned in commit
87a607ef
mentioned in commit 87a607ef80f41e9b00bebb95800fec753f996456
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment