Bug 1124437: Backport upstream bug 1090275 to bmo/4.2 to whitelist webservice api methods

author: Byron Jones <glob@mozilla.com> 2015-01-27 04:47:42 +0100
committer: Byron Jones <glob@mozilla.com> 2015-01-27 04:47:42 +0100
commit: a748745d3eb9110b0c6bcd803d8d86db8951ad43 (patch)
tree: ca477a3af19b85db7c546bace4ce9e93186a3b21 /Bugzilla/WebService/Server/JSONRPC.pm
parent: cd92366e1a3a89228917140e9c2f8747a17509b3 (diff)
download: bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.gz
bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index 0df4240e0..b0928960b 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -42,6 +42,7 @@ use Bugzilla::Util;
 
 use HTTP::Message;
 use MIME::Base64 qw(decode_base64 encode_base64);
+use List::MoreUtils qw(none);
 
 #####################################
 # Public JSON::RPC Method Overrides #
@@ -415,6 +416,11 @@ sub _argument_type_check {
         }
     }
 
+    # Only allowed methods to be used from our whitelist
+    if (none { $_ eq $method} $pkg->PUBLIC_METHODS) {
+        ThrowCodeError('unknown_method', { method => $self->_bz_method_name });
+    }
+
     # This is the best time to do login checks.
     $self->handle_login();
author	Byron Jones <glob@mozilla.com>	2015-01-27 04:47:42 +0100
committer	Byron Jones <glob@mozilla.com>	2015-01-27 04:47:42 +0100
commit	a748745d3eb9110b0c6bcd803d8d86db8951ad43 (patch)
tree	ca477a3af19b85db7c546bace4ce9e93186a3b21 /Bugzilla/WebService/Server/JSONRPC.pm
parent	cd92366e1a3a89228917140e9c2f8747a17509b3 (diff)
download	bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.gz bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.xz