diff options
author | mkanat%bugzilla.org <> | 2009-11-09 19:27:52 +0100 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-11-09 19:27:52 +0100 |
commit | 5dc75560608d63c6ee8e4c918cace9882f8ddf3b (patch) | |
tree | 479634a27e51eb3e1a10a04258dbceca416c91cf /Bugzilla/WebService/Server/JSONRPC.pm | |
parent | 877c8ef605f770b00aeda25588c963ef3d5597af (diff) | |
download | bugzilla-5dc75560608d63c6ee8e4c918cace9882f8ddf3b.tar.gz bugzilla-5dc75560608d63c6ee8e4c918cace9882f8ddf3b.tar.xz |
Bug 513593: Make the WebService taint incoming parameters
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
Diffstat (limited to 'Bugzilla/WebService/Server/JSONRPC.pm')
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index b453c6196..e54387a6d 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -26,6 +26,7 @@ use base qw(JSON::RPC::Server::CGI Bugzilla::WebService::Server); use Bugzilla::Error; use Bugzilla::WebService::Constants; +use Bugzilla::WebService::Util qw(taint_data); use Date::Parse; use DateTime; @@ -123,6 +124,8 @@ sub _argument_type_check { $params = $params->[0]; } + taint_data($params); + # Now, convert dateTime fields on input. $self->_bz_method_name =~ /^(\S+)\.(\S+)$/; my ($class, $method) = ($1, $2); |