Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and…

Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the "id" parameter is invalid - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave

Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and…
c7bb724e · lpsolit%gmail.com · 71c304a8 · c7bb724e
Commit c7bb724e authored Dec 12, 2005 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 6 deletions

editkeywords.cgi editkeywords.cgi +11 -6

No files found.
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -53,6 +53,14 @@ sub Validate {
    $_[1] = $description;
 }
+sub ValidateKeyID {
+    my $id = shift;
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
 #
 # Preliminary checks:
@@ -165,8 +173,7 @@ if ($action eq 'new') {
 #
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
-    detaint_natural($id);
    # get data of keyword
    my ($name, $description) =
@@ -201,8 +208,7 @@ if ($action eq 'edit') {
 #
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
-    detaint_natural($id);
    my $name  = trim($cgi->param('name') || '');
    my $description  = trim($cgi->param('description')  || '');
@@ -234,8 +240,7 @@ if ($action eq 'update') {
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
-    detaint_natural($id);
    my $name = $dbh->selectrow_array('SELECT name FROM keyworddefs
                                      WHERE id= ?', undef, $id);