Commit a75a42fd authored by Dave Lawrence's avatar Dave Lawrence

Bug 859118 - Bug.search called with no arguments returns all visible bugs,…

Bug 859118 - Bug.search called with no arguments returns all visible bugs, ignoring max_search_results and search_allow_no_criteria r/a=LpSolit
parent fa38ba1b
......@@ -412,6 +412,17 @@ sub search {
{ param => 'limit', function => 'Bug.search()' });
}
my $max_results = Bugzilla->params->{max_search_results};
unless (defined $params->{limit} && $params->{limit} == 0) {
if (!defined $params->{limit} || $params->{limit} > $max_results) {
$params->{limit} = $max_results;
}
}
else {
delete $params->{limit};
delete $params->{offset};
}
$params = Bugzilla::Bug::map_fields($params);
delete $params->{WHERE};
......@@ -439,6 +450,16 @@ sub search {
$params->{WHERE}->{"($clause)"} = [map { "\%$_\%" } @strings];
}
# If no other parameters have been passed other than limit and offset
# and a WHERE parameter was not created earlier, then we throw error
# if system is configured to do so.
if (!$params->{WHERE}
&& !grep(!/(limit|offset)/i, keys %$params)
&& !Bugzilla->params->{search_allow_no_criteria})
{
ThrowUserError('buglist_parameters_required');
}
# We want include_fields and exclude_fields to be passed to
# _bug_to_hash but not to Bugzilla::Bug->match so we copy the
# params and delete those before passing to Bugzilla::Bug->match.
......@@ -2256,7 +2277,10 @@ May not be an array.
=item C<limit>
C<int> Limit the number of results returned to C<int> records.
C<int> Limit the number of results returned to C<int> records. If the limit
is more than zero and higher than the maximum limit set by the administrator,
then the maximum limit will be used instead. If you set the limit equal to zero,
then all matching results will be returned instead.
=item C<offset>
......@@ -2348,10 +2372,16 @@ log in and I<then> call this method.
=item B<Errors>
Currently, this function doesn't throw any special errors (other than
the ones that all webservice functions can throw). If you specify
an invalid value for a particular field, you just won't get any results
for that value.
If you specify an invalid value for a particular field, you just won't
get any results for that value.
=over
=item 1000 (Parameters Required)
You may not search without any search terms.
=back
=item B<History>
......@@ -2364,6 +2394,10 @@ for that value.
=item The C<reporter> input parameter was renamed to C<creator>
in Bugzilla B<4.0>.
=item In B<4.2.6> and newer, added the ability to return all results if
C<limit> is set equal to zero. Otherwise maximum results returned are limited
by system configuration.
=back
=back
......
......@@ -161,6 +161,9 @@ use constant WS_ERROR_CODE => {
# Classification errors are 900-1000
auth_classification_not_enabled => 900,
# Search errors are 1000-1100
buglist_parameters_required => 1000,
# Errors thrown by the WebService itself. The ones that are negative
# conform to http://xmlrpc-epi.sourceforge.net/specs/rfc.fault_codes.php
xmlrpc_invalid_value => -32600,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment