Bug 1090275: WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace

r=dylan,a=glob
author: David Lawrence <dkl@mozilla.com> 2015-01-21 21:37:49 +0100
committer: David Lawrence <dkl@mozilla.com> 2015-01-21 21:37:49 +0100
commit: 16122921b2f68b490a61cd80ae9ea5ee661ae11b (patch)
tree: a92202fcfc92df21b3e8218926203042aecaf918 /Bugzilla/WebService.pm
parent: 4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (diff)
download: bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.gz
bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm
index 1bdeb49d1..f80813744 100644
--- a/Bugzilla/WebService.pm
+++ b/Bugzilla/WebService.pm
@@ -27,6 +27,10 @@ use constant LOGIN_EXEMPT => { };
 # Methods that can modify data MUST not be listed here.
 use constant READ_ONLY => ();
 
+# Whitelist of methods that a client is allowed to access when making
+# an API call.
+use constant PUBLIC_METHODS => ();
+
 sub login_exempt {
     my ($class, $method) = @_;
     return $class->LOGIN_EXEMPT->{$method};
author	David Lawrence <dkl@mozilla.com>	2015-01-21 21:37:49 +0100
committer	David Lawrence <dkl@mozilla.com>	2015-01-21 21:37:49 +0100
commit	16122921b2f68b490a61cd80ae9ea5ee661ae11b (patch)
tree	a92202fcfc92df21b3e8218926203042aecaf918 /Bugzilla/WebService.pm
parent	4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (diff)
download	bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.gz bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.xz