summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-12-19 04:13:00 +0100
committerlpsolit%gmail.com <>2005-12-19 04:13:00 +0100
commita224dfe5f7c3d54d9d0ad8e521f799414b7386b8 (patch)
tree5afaac93feffd6972487e7b607e4d6c361fb32d7
parentd80d8848eb000cbbaf771feff60631ffb2688c5a (diff)
downloadbugzilla-a224dfe5f7c3d54d9d0ad8e521f799414b7386b8.tar.gz
bugzilla-a224dfe5f7c3d54d9d0ad8e521f799414b7386b8.tar.xz
Bug 319082: "new Bugzilla::User($uid)" allows you to pass invalid $uid - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave
-rw-r--r--Bugzilla/User.pm18
1 files changed, 15 insertions, 3 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 9f6c415ef..fe46dc292 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -69,10 +69,20 @@ use constant MATCH_SKIP_CONFIRM => 1;
sub new {
my $invocant = shift;
- if (scalar @_ == 0) {
+ my $user_id = shift;
+
+ if ($user_id) {
+ my $uid = $user_id;
+ detaint_natural($user_id)
+ || ThrowCodeError('invalid_numeric_argument',
+ {argument => 'userID',
+ value => $uid,
+ function => 'Bugzilla::User::new'});
+ return $invocant->_create("userid=?", $user_id);
+ }
+ else {
return $invocant->_create;
}
- return $invocant->_create("userid=?", @_);
}
# This routine is sort of evil. Nothing except the login stuff should
@@ -85,8 +95,10 @@ sub new {
# in the id its already had to validate (or the User.pm object, of course)
sub new_from_login {
my $invocant = shift;
+ my $login = shift;
+
my $dbh = Bugzilla->dbh;
- return $invocant->_create($dbh->sql_istrcmp('login_name', '?'), @_);
+ return $invocant->_create($dbh->sql_istrcmp('login_name', '?'), $login);
}
# Internal helper for the above |new| methods