diff options
author | David Lawrence <dkl@mozilla.com> | 2015-01-21 21:37:49 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 21:37:49 +0100 |
commit | 16122921b2f68b490a61cd80ae9ea5ee661ae11b (patch) | |
tree | a92202fcfc92df21b3e8218926203042aecaf918 /Bugzilla/WebService.pm | |
parent | 4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (diff) | |
download | bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.gz bugzilla-16122921b2f68b490a61cd80ae9ea5ee661ae11b.tar.xz |
Bug 1090275: WebServices modules should maintain a whitelist of methods that are allowed instead of allowing access to any function imported into its namespace
r=dylan,a=glob
Diffstat (limited to 'Bugzilla/WebService.pm')
-rw-r--r-- | Bugzilla/WebService.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 1bdeb49d1..f80813744 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -27,6 +27,10 @@ use constant LOGIN_EXEMPT => { }; # Methods that can modify data MUST not be listed here. use constant READ_ONLY => (); +# Whitelist of methods that a client is allowed to access when making +# an API call. +use constant PUBLIC_METHODS => (); + sub login_exempt { my ($class, $method) = @_; return $class->LOGIN_EXEMPT->{$method}; |