summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2014-04-02 20:59:52 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-04-02 20:59:52 +0200
commit453810967e6ef61ab036332b09be0a6576a56d84 (patch)
treec287c39c69bb9c7c1401940d72c60544628dc2fa
parentb4aecfefc218d425c7c2b05d0878d4b062613a18 (diff)
downloadbugzilla-453810967e6ef61ab036332b09be0a6576a56d84.tar.gz
bugzilla-453810967e6ef61ab036332b09be0a6576a56d84.tar.xz
Bug 990252 - Using the webservices API, passing in certain keys as parameters containing . and - characters are silently dropped
r=glob,a=justdave
-rw-r--r--Bugzilla/WebService/Util.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 7f6d14b59..bb27a0a33 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -171,8 +171,9 @@ sub _delete_bad_keys {
# Making something a hash key always untaints it, in Perl.
# However, we need to validate our argument names in some way.
# We know that all hash keys passed in to the WebService will
- # match \w+, so we delete any key that doesn't match that.
- if ($key !~ /^\w+$/) {
+ # match \w+, contain '.' or '-', so we delete any key that
+ # doesn't match that.
+ if ($key !~ /^[\w\.\-]+$/) {
delete $item->{$key};
}
}