diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-05-22 19:23:42 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-05-22 19:23:42 +0200 |
commit | 9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27 (patch) | |
tree | e9d1541acc6f582e690bb5748e35b3a087280e0c /Bugzilla/FlagType.pm | |
parent | d01cbdbf9fec43da85227cff54126d83b0e9e4ca (diff) | |
parent | fc9858fed697d00fb921dd86448dad0ef70552a6 (diff) | |
download | bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.gz bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.xz |
merged with bugzilla/4.2
Diffstat (limited to 'Bugzilla/FlagType.pm')
-rw-r--r-- | Bugzilla/FlagType.pm | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 9541d9340..5fc00e137 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -686,7 +686,10 @@ sub sqlify_criteria { } if ($criteria->{product_id}) { my $product_id = $criteria->{product_id}; - + detaint_natural($product_id) + || ThrowCodeError('bad_arg', { argument => 'product_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + # Add inclusions to the query, which simply involves joining the table # by flag type ID and target product/component. push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id"); @@ -703,6 +706,10 @@ sub sqlify_criteria { my $addl_join_clause = ""; if ($criteria->{component_id}) { my $component_id = $criteria->{component_id}; + detaint_natural($component_id) + || ThrowCodeError('bad_arg', { argument => 'component_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)"); $join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) "; } @@ -716,7 +723,10 @@ sub sqlify_criteria { } if ($criteria->{group}) { my $gid = $criteria->{group}; - detaint_natural($gid); + detaint_natural($gid) + || ThrowCodeError('bad_arg', { argument => 'group', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(flagtypes.grant_group_id = $gid " . " OR flagtypes.request_group_id = $gid)"); } |