Skip to content

bugzilla
bugzilla
Commit 438c4b52 authored by Dave Lawrence's avatar Dave Lawrence
Browse files
Options

Bug 962060 - User.get ignores the "maxusermatches" parameter and allows listing all email addresses

r=LpSolit,a=justdave
parent 079bc035
Show whitespace changes
Inline Side-by-side
Showing with 22 additions and 4 deletions
Bugzilla/WebService/User.pm
View file @ 438c4b52
...@@ -15,9 +15,11 @@ use Bugzilla::Constants; ...@@ -15,9 +15,11 @@ use Bugzilla::Constants;
use Bugzilla::Error; use Bugzilla::Error;
use Bugzilla::Group; use Bugzilla::Group;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::Util qw(trim); use Bugzilla::Util qw(trim detaint_natural);
use Bugzilla::WebService::Util qw(filter validate translate params_to_objects); use Bugzilla::WebService::Util qw(filter validate translate params_to_objects);
use List::Util qw(min);
# Don't need auth to login # Don't need auth to login
use constant LOGIN_EXEMPT => { use constant LOGIN_EXEMPT => {
login => 1, login => 1,
...@@ -186,10 +188,15 @@ sub get { ...@@ -186,10 +188,15 @@ sub get {
} }
# User Matching # User Matching
my $limit; my $limit = Bugzilla->params->{maxusermatches};
if ($params->{'maxusermatches'}) { if ($params->{limit}) {
$limit = $params->{'maxusermatches'} + 1; detaint_natural($params->{limit})
|| ThrowCodeError('param_must_be_numeric',
{ function => 'Bugzilla::WebService::User::match',
param => 'limit' });
$limit = $limit ? min($params->{limit}, $limit) : $params->{limit};
} }
my $exclude_disabled = $params->{'include_disabled'} ? 0 : 1; my $exclude_disabled = $params->{'include_disabled'} ? 0 : 1;
foreach my $match_string (@{ $params->{'match'} || [] }) { foreach my $match_string (@{ $params->{'match'} || [] }) {
my $matched = Bugzilla::User::match($match_string, $limit, $exclude_disabled); my $matched = Bugzilla::User::match($match_string, $limit, $exclude_disabled);
...@@ -741,6 +748,13 @@ if they try. (This is to make it harder for spammers to harvest email ...@@ -741,6 +748,13 @@ if they try. (This is to make it harder for spammers to harvest email
addresses from Bugzilla, and also to enforce the user visibility addresses from Bugzilla, and also to enforce the user visibility
restrictions that are implemented on some Bugzillas.) restrictions that are implemented on some Bugzillas.)
=item C<limit> (int)
Limit the number of users matched by the C<match> parameter. If value
is greater than the system limit, the system limit will be used. This
parameter is only used when user matching using the C<match> parameter
is being performed.
=item C<group_ids> (array) =item C<group_ids> (array)
=item C<groups> (array) =item C<groups> (array)
...@@ -885,6 +899,10 @@ querying your own account, even if you are in the editusers group. ...@@ -885,6 +899,10 @@ querying your own account, even if you are in the editusers group.
You passed an invalid login name in the "names" array or a bad You passed an invalid login name in the "names" array or a bad
group ID in the C<group_ids> argument. group ID in the C<group_ids> argument.
=item 52 (Invalid Parameter)
The value used must be an integer greater then zero.
=item 304 (Authorization Required) =item 304 (Authorization Required)
You are logged in, but you are not authorized to see one of the users you You are logged in, but you are not authorized to see one of the users you
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment