diff options
author | Dylan Hardison <dylan@mozilla.com> | 2015-12-22 18:11:21 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2015-12-22 18:11:21 +0100 |
commit | eb1357fe03bb47cdd479cf533022e11dd6bd22e0 (patch) | |
tree | 493135e19d0e4fde16f4405e654d762020af7929 /Bugzilla/WebService/Bug.pm | |
parent | 0cd77b4e6e8839782cec49596da33029860d3470 (diff) | |
download | bugzilla-eb1357fe03bb47cdd479cf533022e11dd6bd22e0.tar.gz bugzilla-eb1357fe03bb47cdd479cf533022e11dd6bd22e0.tar.xz |
Bug 1230932 - Providing a condition as an ID to the webservice results in a taint error
r=dkl,a=dkl
Diffstat (limited to 'Bugzilla/WebService/Bug.pm')
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 84f209347..75a0aab0e 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -1200,6 +1200,10 @@ sub update_comment_tags { { function => 'Bug.update_comment_tags', param => 'comment_id' }); + ThrowCodeError("param_integer_required", { function => 'Bug.update_comment_tags', + param => 'comment_id' }) + unless $comment_id =~ /^[0-9]+$/; + my $comment = Bugzilla::Comment->new($comment_id) || return []; $comment->bug->check_is_visible(); |