diff options
author | David Lawrence <dkl@mozilla.com> | 2014-04-02 20:59:52 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-04-02 20:59:52 +0200 |
commit | 453810967e6ef61ab036332b09be0a6576a56d84 (patch) | |
tree | c287c39c69bb9c7c1401940d72c60544628dc2fa | |
parent | b4aecfefc218d425c7c2b05d0878d4b062613a18 (diff) | |
download | bugzilla-453810967e6ef61ab036332b09be0a6576a56d84.tar.gz bugzilla-453810967e6ef61ab036332b09be0a6576a56d84.tar.xz |
Bug 990252 - Using the webservices API, passing in certain keys as parameters containing . and - characters are silently dropped
r=glob,a=justdave
-rw-r--r-- | Bugzilla/WebService/Util.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 7f6d14b59..bb27a0a33 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -171,8 +171,9 @@ sub _delete_bad_keys { # Making something a hash key always untaints it, in Perl. # However, we need to validate our argument names in some way. # We know that all hash keys passed in to the WebService will - # match \w+, so we delete any key that doesn't match that. - if ($key !~ /^\w+$/) { + # match \w+, contain '.' or '-', so we delete any key that + # doesn't match that. + if ($key !~ /^[\w\.\-]+$/) { delete $item->{$key}; } } |