diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-09-13 01:44:01 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-09-13 01:44:01 +0200 |
commit | 4d1a1df823cd3690ff14b2579291182d6dbf7934 (patch) | |
tree | 39923523091b26830b8eff87a0f2aca8933d8778 /Bugzilla | |
parent | 14754acd35e246b1baab0293d711e1a0aeefe6a9 (diff) | |
download | bugzilla-4d1a1df823cd3690ff14b2579291182d6dbf7934.tar.gz bugzilla-4d1a1df823cd3690ff14b2579291182d6dbf7934.tar.xz |
Bug 783794: Bugzilla::User->visible_bugs should validate input data
r=glob a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/User.pm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 87255b20a..9fa7458e7 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -883,6 +883,14 @@ sub visible_bugs { if (@check_ids) { my $dbh = Bugzilla->dbh; my $user_id = $self->id; + + foreach my $id (@check_ids) { + my $orig_id = $id; + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', { param => $orig_id, + function => 'Bugzilla::User->visible_bugs'}); + } + my $sth; # Speed up the can_see_bug case. if (scalar(@check_ids) == 1) { |