merged with bugzilla/4.2

author: Dave Lawrence <dlawrence@mozilla.com> 2012-05-22 19:23:42 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2012-05-22 19:23:42 +0200
commit: 9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27 (patch)
tree: e9d1541acc6f582e690bb5748e35b3a087280e0c /Bugzilla/FlagType.pm
parent: d01cbdbf9fec43da85227cff54126d83b0e9e4ca (diff)
parent: fc9858fed697d00fb921dd86448dad0ef70552a6 (diff)
download: bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.gz
bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.xz
1 files changed, 12 insertions, 2 deletions
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index 9541d9340..5fc00e137 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -686,7 +686,10 @@ sub sqlify_criteria {
     }
     if ($criteria->{product_id}) {
         my $product_id = $criteria->{product_id};
-        
+        detaint_natural($product_id)
+          || ThrowCodeError('bad_arg', { argument => 'product_id',
+                                         function => 'Bugzilla::FlagType::sqlify_criteria' });
+
         # Add inclusions to the query, which simply involves joining the table
         # by flag type ID and target product/component.
         push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id");
@@ -703,6 +706,10 @@ sub sqlify_criteria {
         my $addl_join_clause = "";
         if ($criteria->{component_id}) {
             my $component_id = $criteria->{component_id};
+            detaint_natural($component_id)
+              || ThrowCodeError('bad_arg', { argument => 'component_id',
+                                             function => 'Bugzilla::FlagType::sqlify_criteria' });
+
             push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)");
             $join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) ";
         }
@@ -716,7 +723,10 @@ sub sqlify_criteria {
     }
     if ($criteria->{group}) {
         my $gid = $criteria->{group};
-        detaint_natural($gid);
+        detaint_natural($gid)
+          || ThrowCodeError('bad_arg', { argument => 'group',
+                                         function => 'Bugzilla::FlagType::sqlify_criteria' });
+
         push(@criteria, "(flagtypes.grant_group_id = $gid " .
                         " OR flagtypes.request_group_id = $gid)");
     }
author	Dave Lawrence <dlawrence@mozilla.com>	2012-05-22 19:23:42 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2012-05-22 19:23:42 +0200
commit	9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27 (patch)
tree	e9d1541acc6f582e690bb5748e35b3a087280e0c /Bugzilla/FlagType.pm
parent	d01cbdbf9fec43da85227cff54126d83b0e9e4ca (diff)
parent	fc9858fed697d00fb921dd86448dad0ef70552a6 (diff)
download	bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.gz bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.xz