summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-10-28 19:33:18 +0200
committerlpsolit%gmail.com <>2005-10-28 19:33:18 +0200
commitcf3aa532ea51a41b02c8ea73db254d01c03280ba (patch)
tree52f60354f60ea59baf6a244edea719b32ef50e17
parente942748a69920c86a7eaba517c9a74223da52edb (diff)
downloadbugzilla-cf3aa532ea51a41b02c8ea73db254d01c03280ba.tar.gz
bugzilla-cf3aa532ea51a41b02c8ea73db254d01c03280ba.tar.xz
Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid ID as a param - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave
-rw-r--r--Bugzilla/Classification.pm5
-rw-r--r--Bugzilla/Component.pm5
-rw-r--r--Bugzilla/Group.pm5
-rw-r--r--Bugzilla/Product.pm5
-rw-r--r--template/en/default/global/code-error.html.tmpl5
5 files changed, 21 insertions, 4 deletions
diff --git a/Bugzilla/Classification.pm b/Bugzilla/Classification.pm
index e87852ba2..63a826dc3 100644
--- a/Bugzilla/Classification.pm
+++ b/Bugzilla/Classification.pm
@@ -55,7 +55,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH');
my $classification;
- if (defined $id && detaint_natural($id)) {
+ if (defined $id) {
+ detaint_natural($id)
+ || ThrowCodeError('param_must_be_numeric',
+ {function => 'Bugzilla::Classification::_init'});
$classification = $dbh->selectrow_hashref(qq{
SELECT $columns FROM classifications
diff --git a/Bugzilla/Component.pm b/Bugzilla/Component.pm
index 74ea60d1b..20df65550 100644
--- a/Bugzilla/Component.pm
+++ b/Bugzilla/Component.pm
@@ -58,7 +58,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH');
my $component;
- if (defined $id && detaint_natural($id)) {
+ if (defined $id) {
+ detaint_natural($id)
+ || ThrowCodeError('param_must_be_numeric',
+ {function => 'Bugzilla::Component::_init'});
$component = $dbh->selectrow_hashref(qq{
SELECT $columns FROM components
diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index cc57fca69..32c4696db 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -61,7 +61,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH');
my $group;
- if (defined $id && detaint_natural($id)) {
+ if (defined $id) {
+ detaint_natural($id)
+ || ThrowCodeError('param_must_be_numeric',
+ {function => 'Bugzilla::Group::_init'});
$group = $dbh->selectrow_hashref(qq{
SELECT $columns FROM groups
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 2bc9da52d..5405b1651 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -63,7 +63,10 @@ sub _init {
my $id = $param unless (ref $param eq 'HASH');
my $product;
- if (defined $id && detaint_natural($id)) {
+ if (defined $id) {
+ detaint_natural($id)
+ || ThrowCodeError('param_must_be_numeric',
+ {function => 'Bugzilla::Product::_init'});
$product = $dbh->selectrow_hashref(qq{
SELECT $columns FROM products
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 440cc19bf..0fe946cb5 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -243,6 +243,11 @@
[% ELSIF error == "need_quipid" %]
A valid quipid is needed.
+ [% ELSIF error == "param_must_be_numeric" %]
+ [% title = "Invalid Parameter" %]
+ Invalid parameter passed to [% function FILTER html %].
+ It must be numeric.
+
[% ELSIF error == "unknown_comparison_type" %]
Specified comparison type is not supported.