diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-19 17:32:30 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-19 17:32:30 +0100 |
| commit | 0cac98dfb514063de4201cd0037c465922cbef48 (patch) | |
| tree | f3575344f9683a18f58b97400d43d48c0a7f95eb /Bugzilla/API/1_0/Resource/Bug.pm | |
| parent | 6da063a4c255b5d8be892863c2af5bb4d25673c0 (diff) | |
| download | bugzilla-0cac98dfb514063de4201cd0037c465922cbef48.tar.gz bugzilla-0cac98dfb514063de4201cd0037c465922cbef48.tar.xz | |
Bug 1230932: Providing a condition as an ID to the webservice results in a taint error
r=dkl
Diffstat (limited to 'Bugzilla/API/1_0/Resource/Bug.pm')
| -rw-r--r-- | Bugzilla/API/1_0/Resource/Bug.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm index dcc73086f..5dc61e8d1 100644 --- a/Bugzilla/API/1_0/Resource/Bug.pm +++ b/Bugzilla/API/1_0/Resource/Bug.pm @@ -1337,6 +1337,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^\d+$/a; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); |