diff options
author | David Lawrence <dkl@mozilla.com> | 2015-12-21 23:27:52 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-12-21 23:27:52 +0100 |
commit | 1e7b4002794930fad702718714b5d1c291bf816c (patch) | |
tree | 9a62f822dc148df80bbc3199ef0ef9f6bb1c222c /Bugzilla/WebService/Bug.pm | |
parent | 4049782d5f01e12231c1d4c27006d5f56dd54294 (diff) | |
download | bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.gz bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.xz |
Bug 1234325 - Backport upstream bug 1230932 to bmo/4.2 to fix providing a condition as an ID to the webservice results in a taint error
Diffstat (limited to 'Bugzilla/WebService/Bug.pm')
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index d7a1d8f9b..1437700ac 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1273,6 +1273,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^[0-9]+$/; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); |