Bug 783794: Bugzilla::User->visible_bugs should validate input data

r=glob a=LpSolit

Bug 783794: Bugzilla::User->visible_bugs should validate input data
4d1a1df8 · Frédéric Buclin · 14754acd · 4d1a1df8
Commit 4d1a1df8 authored Sep 13, 2012 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

User.pm Bugzilla/User.pm +8 -0

No files found.
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -883,6 +883,14 @@ sub visible_bugs {
    if (@check_ids) {
        my $dbh = Bugzilla->dbh;
        my $user_id = $self->id;
+
+        foreach my $id (@check_ids) {
+            my $orig_id = $id;
+            detaint_natural($id)
+              || ThrowCodeError('param_must_be_numeric', { param    => $orig_id,
+                                                           function => 'Bugzilla::User->visible_bugs'});
+        }
+
        my $sth;
        # Speed up the can_see_bug case.
        if (scalar(@check_ids) == 1) {