Bug 471866: Classification name length and sortkey max value not validated -…

Bugzilla/Classification.pm

@@ -19,6 +19,7 @@ use strict;
 
 package Bugzilla::Classification;
 
+use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Product;
@@ -85,6 +86,10 @@ sub _check_name {
     $name = trim($name);
     $name || ThrowUserError('classification_not_specified');
 
+    if (length($name) > MAX_CLASSIFICATION_SIZE) {
+        ThrowUserError('classification_name_too_long', {'name' => $name});
+    }
+
     my $classification = new Bugzilla::Classification({name => $name});
     if ($classification && (!ref $invocant || $classification->id != $invocant->id)) {
         ThrowUserError("classification_already_exists", { name => $classification->name });
@@ -104,9 +109,9 @@ sub _check_sortkey {
 
     $sortkey ||= 0;
     my $stored_sortkey = $sortkey;
-    detaint_natural($sortkey)
-      || ThrowUserError('classification_invalid_sortkey', { 'sortkey' => $stored_sortkey });
-
+    if (!detaint_natural($sortkey) || $sortkey > MAX_SMALLINT) {
+        ThrowUserError('classification_invalid_sortkey', { 'sortkey' => $stored_sortkey });
+    }
     return $sortkey;
 }
 

Bugzilla/Constants.pm

@@ -149,6 +149,7 @@ use File::Basename;
     MAX_SMALLINT
 
     MAX_LEN_QUERY_NAME
+    MAX_CLASSIFICATION_SIZE
     MAX_PRODUCT_SIZE
     MAX_MILESTONE_SIZE
     MAX_COMPONENT_SIZE
@@ -425,6 +426,9 @@ use constant MAX_SMALLINT => 32767;
 # The longest that a saved search name can be.
 use constant MAX_LEN_QUERY_NAME => 64;
 
+# The longest classification name allowed.
+use constant MAX_CLASSIFICATION_SIZE => 64;
+
 # The longest product name allowed.
 use constant MAX_PRODUCT_SIZE => 64;
 

template/en/default/global/user-error.html.tmpl

@@ -263,7 +263,12 @@
     [% title = "Classification Not Enabled" %]
     Sorry, classification is not enabled.
 
-  [% ELSIF error == "classification_not_specified" %]
+  [% ELSIF error == "classification_name_too_long" %]
+    [% title = "Classification Name Too Long" %]
+    The name of a classification is limited to [% constants.MAX_CLASSIFICATION_SIZE FILTER html %]
+    characters. '[% name FILTER html %]' is too long ([% name.length %] characters).
+
+[% ELSIF error == "classification_not_specified" %]
     [% title = "You Must Supply A Classification Name" %]
     You must enter a classification name.
 
@@ -273,8 +278,8 @@
 
   [% ELSIF error == "classification_invalid_sortkey" %]
     [% title = "Invalid Sortkey for Classification" %]
-    The sortkey <em>[% sortkey FILTER html %]</em> is invalid.
-    It must be a positive integer.
+    The sortkey '[% sortkey FILTER html %]' is invalid. It must be an
+    integer between 0 and [% constants.MAX_SMALLINT FILTER html %].
 
   [% ELSIF error == "classification_not_deletable" %]
     [% title = "Default Classification Can Not Be Deleted" %]