diff options
author | lpsolit%gmail.com <> | 2005-12-12 11:38:40 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-12-12 11:38:40 +0100 |
commit | c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac (patch) | |
tree | 344405cce173c555833450f4a37e2ad027fe3524 | |
parent | 71c304a89ea2016a79f1cc28172aa524223dd97c (diff) | |
download | bugzilla-c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac.tar.gz bugzilla-c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac.tar.xz |
Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the "id" parameter is invalid - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
-rwxr-xr-x | editkeywords.cgi | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/editkeywords.cgi b/editkeywords.cgi index da412bfdc..5397f0aa5 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -53,6 +53,14 @@ sub Validate { $_[1] = $description; } +sub ValidateKeyID { + my $id = shift; + + $id = trim($id || 0); + detaint_natural($id) || ThrowCodeError('invalid_keyword_id'); + return $id; +} + # # Preliminary checks: @@ -165,8 +173,7 @@ if ($action eq 'new') { # if ($action eq 'edit') { - my $id = trim($cgi->param('id')); - detaint_natural($id); + my $id = ValidateKeyID(scalar $cgi->param('id')); # get data of keyword my ($name, $description) = @@ -201,8 +208,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { - my $id = $cgi->param('id'); - detaint_natural($id); + my $id = ValidateKeyID(scalar $cgi->param('id')); my $name = trim($cgi->param('name') || ''); my $description = trim($cgi->param('description') || ''); @@ -234,8 +240,7 @@ if ($action eq 'update') { if ($action eq 'delete') { - my $id = $cgi->param('id'); - detaint_natural($id); + my $id = ValidateKeyID(scalar $cgi->param('id')); my $name = $dbh->selectrow_array('SELECT name FROM keyworddefs WHERE id= ?', undef, $id); |