Bug 1234325 - Backport upstream bug 1230932 to bmo/4.2 to fix providing a condition as an ID to the webservice results in a taint error

author: David Lawrence <dkl@mozilla.com> 2015-12-21 23:27:52 +0100
committer: David Lawrence <dkl@mozilla.com> 2015-12-21 23:27:52 +0100
commit: 1e7b4002794930fad702718714b5d1c291bf816c (patch)
tree: 9a62f822dc148df80bbc3199ef0ef9f6bb1c222c /Bugzilla/WebService/Bug.pm
parent: 4049782d5f01e12231c1d4c27006d5f56dd54294 (diff)
download: bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.gz
bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index d7a1d8f9b..1437700ac 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1273,6 +1273,10 @@ sub update_comment_tags {
                           { function => 'Bug.update_comment_tags',
                             param    => 'comment_id' });
 
+    ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags',
+                                               param => 'comment_id' })
+      unless $comment_id =~ /^[0-9]+$/;
+
     my $comment = Bugzilla::Comment->new($comment_id)
         || return [];
     $comment->bug->check_is_visible();
author	David Lawrence <dkl@mozilla.com>	2015-12-21 23:27:52 +0100
committer	David Lawrence <dkl@mozilla.com>	2015-12-21 23:27:52 +0100
commit	1e7b4002794930fad702718714b5d1c291bf816c (patch)
tree	9a62f822dc148df80bbc3199ef0ef9f6bb1c222c /Bugzilla/WebService/Bug.pm
parent	4049782d5f01e12231c1d4c27006d5f56dd54294 (diff)
download	bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.gz bugzilla-1e7b4002794930fad702718714b5d1c291bf816c.tar.xz