summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-12-12 11:38:40 +0100
committerlpsolit%gmail.com <>2005-12-12 11:38:40 +0100
commitc7bb724eb31f848e3d6f78fdcee5ee70ab0516ac (patch)
tree344405cce173c555833450f4a37e2ad027fe3524
parent71c304a89ea2016a79f1cc28172aa524223dd97c (diff)
downloadbugzilla-c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac.tar.gz
bugzilla-c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac.tar.xz
Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the "id" parameter is invalid - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
-rwxr-xr-xeditkeywords.cgi17
1 files changed, 11 insertions, 6 deletions
diff --git a/editkeywords.cgi b/editkeywords.cgi
index da412bfdc..5397f0aa5 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -53,6 +53,14 @@ sub Validate {
$_[1] = $description;
}
+sub ValidateKeyID {
+ my $id = shift;
+
+ $id = trim($id || 0);
+ detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+ return $id;
+}
+
#
# Preliminary checks:
@@ -165,8 +173,7 @@ if ($action eq 'new') {
#
if ($action eq 'edit') {
- my $id = trim($cgi->param('id'));
- detaint_natural($id);
+ my $id = ValidateKeyID(scalar $cgi->param('id'));
# get data of keyword
my ($name, $description) =
@@ -201,8 +208,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
- my $id = $cgi->param('id');
- detaint_natural($id);
+ my $id = ValidateKeyID(scalar $cgi->param('id'));
my $name = trim($cgi->param('name') || '');
my $description = trim($cgi->param('description') || '');
@@ -234,8 +240,7 @@ if ($action eq 'update') {
if ($action eq 'delete') {
- my $id = $cgi->param('id');
- detaint_natural($id);
+ my $id = ValidateKeyID(scalar $cgi->param('id'));
my $name = $dbh->selectrow_array('SELECT name FROM keyworddefs
WHERE id= ?', undef, $id);