diff options
author | David Lawrence <dkl@mozilla.com> | 2015-12-21 23:27:52 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-12-21 23:27:52 +0100 |
commit | 1e7b4002794930fad702718714b5d1c291bf816c (patch) | |
tree | 9a62f822dc148df80bbc3199ef0ef9f6bb1c222c | |
parent | 4049782d5f01e12231c1d4c27006d5f56dd54294 (diff) | |
download | bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.gz bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.xz |
Bug 1234325 - Backport upstream bug 1230932 to bmo/4.2 to fix providing a condition as an ID to the webservice results in a taint error
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 | ||||
-rw-r--r-- | Bugzilla/WebService/Constants.pm | 2 | ||||
-rw-r--r-- | Bugzilla/WebService/Util.pm | 10 | ||||
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 7 |
4 files changed, 22 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index d7a1d8f9b..1437700ac 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1273,6 +1273,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^[0-9]+$/; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 758fdebde..0aa803cc8 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -76,6 +76,8 @@ use constant WS_ERROR_CODE => { number_too_large => 54, number_too_small => 55, illegal_date => 56, + param_integer_required => 57, + param_integer_array_required => 58, # Bug errors usually occupy the 100-200 range. improper_bug_id_field_value => 100, bug_id_does_not_exist => 101, diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 4280f28e6..e4c3eda44 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -29,6 +29,7 @@ use Bugzilla::WebService::Constants; use Storable qw(dclone); use URI::Escape qw(uri_unescape); +use List::MoreUtils qw(all any); use base qw(Exporter); @@ -231,7 +232,8 @@ sub validate { # sent any parameters at all, and we're getting @keys where # $params should be. return ($self, undef) if (defined $params and !ref $params); - + + my @id_params = qw( ids comment_ids ); # If @keys is not empty then we convert any named # parameters that have scalar values to arrayrefs # that match. @@ -240,6 +242,12 @@ sub validate { $params->{$key} = ref $params->{$key} ? $params->{$key} : [ $params->{$key} ]; + + if (any { $key eq $_ } @id_params) { + my $ids = $params->{$key}; + ThrowCodeError('param_integer_array_required', { param => $key }) + unless ref($ids) eq 'ARRAY' && all { /^[0-9]+$/ } @$ids; + } } } diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index c4ff7e73a..9a0d84866 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -375,6 +375,13 @@ a <code>[% param FILTER html %]</code> argument, and that argument was not set. + [% ELSIF error == "param_integer_required" %] + The function <code>[% function FILTER html %]</code> requires + that <code>[% param FILTER html %]</code> be an integer. + + [% ELSIF error == "param_integer_array_required" %] + The <code>[% param FILTER html %]</code> parameter must be an array of integers. + [% ELSIF error == "params_required" %] [% title = "Missing Parameter" %] The function <code>[% function FILTER html %]</code> requires |