Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a…

Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid ID as a param - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave

Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a…
cf3aa532 · lpsolit%gmail.com · e942748a · cf3aa532 · cf3aa532 · cf3aa532
Commit cf3aa532 authored Oct 28, 2005 by lpsolit%gmail.com
5 changed files
--- a/Bugzilla/Classification.pm
+++ b/Bugzilla/Classification.pm
@@ -55,7 +55,10 @@ sub _init {
    my $id = $param unless (ref $param eq 'HASH');
    my $classification;

-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Classification::_init'});

        $classification = $dbh->selectrow_hashref(qq{
            SELECT $columns FROM classifications

--- a/Bugzilla/Component.pm
+++ b/Bugzilla/Component.pm
@@ -58,7 +58,10 @@ sub _init {
    my $id = $param unless (ref $param eq 'HASH');
    my $component;

-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Component::_init'});

        $component = $dbh->selectrow_hashref(qq{
            SELECT $columns FROM components

--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -61,7 +61,10 @@ sub _init {
    my $id = $param unless (ref $param eq 'HASH');
    my $group;

-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Group::_init'});

        $group = $dbh->selectrow_hashref(qq{
            SELECT $columns FROM groups

--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -63,7 +63,10 @@ sub _init {
    my $id = $param unless (ref $param eq 'HASH');
    my $product;

-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Product::_init'});

        $product = $dbh->selectrow_hashref(qq{
            SELECT $columns FROM products

--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -243,6 +243,11 @@
  [% ELSIF error == "need_quipid" %]
    A valid quipid is needed.

+  [% ELSIF error == "param_must_be_numeric" %]
+    [% title = "Invalid Parameter" %]
+    Invalid parameter passed to [% function FILTER html %].
+    It must be numeric.
+
  [% ELSIF error == "unknown_comparison_type" %]
    Specified comparison type is not supported.