diff options
author | Byron Jones <glob@mozilla.com> | 2015-01-27 04:47:42 +0100 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-01-27 04:47:42 +0100 |
commit | a748745d3eb9110b0c6bcd803d8d86db8951ad43 (patch) | |
tree | ca477a3af19b85db7c546bace4ce9e93186a3b21 /Bugzilla/WebService/Server/JSONRPC.pm | |
parent | cd92366e1a3a89228917140e9c2f8747a17509b3 (diff) | |
download | bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.gz bugzilla-a748745d3eb9110b0c6bcd803d8d86db8951ad43.tar.xz |
Bug 1124437: Backport upstream bug 1090275 to bmo/4.2 to whitelist webservice api methods
Diffstat (limited to 'Bugzilla/WebService/Server/JSONRPC.pm')
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 0df4240e0..b0928960b 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -42,6 +42,7 @@ use Bugzilla::Util; use HTTP::Message; use MIME::Base64 qw(decode_base64 encode_base64); +use List::MoreUtils qw(none); ##################################### # Public JSON::RPC Method Overrides # @@ -415,6 +416,11 @@ sub _argument_type_check { } } + # Only allowed methods to be used from our whitelist + if (none { $_ eq $method} $pkg->PUBLIC_METHODS) { + ThrowCodeError('unknown_method', { method => $self->_bz_method_name }); + } + # This is the best time to do login checks. $self->handle_login(); |