summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2015-12-21 23:27:52 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-12-21 23:27:52 +0100
commit1e7b4002794930fad702718714b5d1c291bf816c (patch)
tree9a62f822dc148df80bbc3199ef0ef9f6bb1c222c
parent4049782d5f01e12231c1d4c27006d5f56dd54294 (diff)
downloadbugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.gz
bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.xz
Bug 1234325 - Backport upstream bug 1230932 to bmo/4.2 to fix providing a condition as an ID to the webservice results in a taint error
-rw-r--r--Bugzilla/WebService/Bug.pm4
-rw-r--r--Bugzilla/WebService/Constants.pm2
-rw-r--r--Bugzilla/WebService/Util.pm10
-rw-r--r--template/en/default/global/code-error.html.tmpl7
4 files changed, 22 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index d7a1d8f9b..1437700ac 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1273,6 +1273,10 @@ sub update_comment_tags {
{ function => 'Bug.update_comment_tags',
param => 'comment_id' });
+ ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags',
+ param => 'comment_id' })
+ unless $comment_id =~ /^[0-9]+$/;
+
my $comment = Bugzilla::Comment->new($comment_id)
|| return [];
$comment->bug->check_is_visible();
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 758fdebde..0aa803cc8 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -76,6 +76,8 @@ use constant WS_ERROR_CODE => {
number_too_large => 54,
number_too_small => 55,
illegal_date => 56,
+ param_integer_required => 57,
+ param_integer_array_required => 58,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 4280f28e6..e4c3eda44 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -29,6 +29,7 @@ use Bugzilla::WebService::Constants;
use Storable qw(dclone);
use URI::Escape qw(uri_unescape);
+use List::MoreUtils qw(all any);
use base qw(Exporter);
@@ -231,7 +232,8 @@ sub validate {
# sent any parameters at all, and we're getting @keys where
# $params should be.
return ($self, undef) if (defined $params and !ref $params);
-
+
+ my @id_params = qw( ids comment_ids );
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
@@ -240,6 +242,12 @@ sub validate {
$params->{$key} = ref $params->{$key}
? $params->{$key}
: [ $params->{$key} ];
+
+ if (any { $key eq $_ } @id_params) {
+ my $ids = $params->{$key};
+ ThrowCodeError('param_integer_array_required', { param => $key })
+ unless ref($ids) eq 'ARRAY' && all { /^[0-9]+$/ } @$ids;
+ }
}
}
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index c4ff7e73a..9a0d84866 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -375,6 +375,13 @@
a <code>[% param FILTER html %]</code> argument, and that
argument was not set.
+ [% ELSIF error == "param_integer_required" %]
+ The function <code>[% function FILTER html %]</code> requires
+ that <code>[% param FILTER html %]</code> be an integer.
+
+ [% ELSIF error == "param_integer_array_required" %]
+ The <code>[% param FILTER html %]</code> parameter must be an array of integers.
+
[% ELSIF error == "params_required" %]
[% title = "Missing Parameter" %]
The function <code>[% function FILTER html %]</code> requires