Skip to content

bugzilla
bugzilla
Commit cf3aa532 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a…

Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid ID as a param - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave
parent e942748a
Hide whitespace changes
Inline Side-by-side
Showing with 21 additions and 4 deletions
Bugzilla/Classification.pm
View file @ cf3aa532
...@@ -55,7 +55,10 @@ sub _init { ...@@ -55,7 +55,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH'); my $id = $param unless (ref $param eq 'HASH');
my $classification; my $classification;
if (defined $id && detaint_natural($id)) { if (defined $id) {
detaint_natural($id)
|| ThrowCodeError('param_must_be_numeric',
{function => 'Bugzilla::Classification::_init'});
$classification = $dbh->selectrow_hashref(qq{ $classification = $dbh->selectrow_hashref(qq{
SELECT $columns FROM classifications SELECT $columns FROM classifications
......
Bugzilla/Component.pm
View file @ cf3aa532
...@@ -58,7 +58,10 @@ sub _init { ...@@ -58,7 +58,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH'); my $id = $param unless (ref $param eq 'HASH');
my $component; my $component;
if (defined $id && detaint_natural($id)) { if (defined $id) {
detaint_natural($id)
|| ThrowCodeError('param_must_be_numeric',
{function => 'Bugzilla::Component::_init'});
$component = $dbh->selectrow_hashref(qq{ $component = $dbh->selectrow_hashref(qq{
SELECT $columns FROM components SELECT $columns FROM components
......
Bugzilla/Group.pm
View file @ cf3aa532
...@@ -61,7 +61,10 @@ sub _init { ...@@ -61,7 +61,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH'); my $id = $param unless (ref $param eq 'HASH');
my $group; my $group;
if (defined $id && detaint_natural($id)) { if (defined $id) {
detaint_natural($id)
|| ThrowCodeError('param_must_be_numeric',
{function => 'Bugzilla::Group::_init'});
$group = $dbh->selectrow_hashref(qq{ $group = $dbh->selectrow_hashref(qq{
SELECT $columns FROM groups SELECT $columns FROM groups
......
Bugzilla/Product.pm
View file @ cf3aa532
...@@ -63,7 +63,10 @@ sub _init { ...@@ -63,7 +63,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH'); my $id = $param unless (ref $param eq 'HASH');
my $product; my $product;
if (defined $id && detaint_natural($id)) { if (defined $id) {
detaint_natural($id)
|| ThrowCodeError('param_must_be_numeric',
{function => 'Bugzilla::Product::_init'});
$product = $dbh->selectrow_hashref(qq{ $product = $dbh->selectrow_hashref(qq{
SELECT $columns FROM products SELECT $columns FROM products
......
template/en/default/global/code-error.html.tmpl
View file @ cf3aa532
...@@ -243,6 +243,11 @@ ...@@ -243,6 +243,11 @@
[% ELSIF error == "need_quipid" %] [% ELSIF error == "need_quipid" %]
A valid quipid is needed. A valid quipid is needed.
[% ELSIF error == "param_must_be_numeric" %]
[% title = "Invalid Parameter" %]
Invalid parameter passed to [% function FILTER html %].
It must be numeric.
[% ELSIF error == "unknown_comparison_type" %] [% ELSIF error == "unknown_comparison_type" %]
Specified comparison type is not supported. Specified comparison type is not supported.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment