summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-09-13 01:44:01 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2012-09-13 01:44:01 +0200
commit4d1a1df823cd3690ff14b2579291182d6dbf7934 (patch)
tree39923523091b26830b8eff87a0f2aca8933d8778 /Bugzilla
parent14754acd35e246b1baab0293d711e1a0aeefe6a9 (diff)
downloadbugzilla-4d1a1df823cd3690ff14b2579291182d6dbf7934.tar.gz
bugzilla-4d1a1df823cd3690ff14b2579291182d6dbf7934.tar.xz
Bug 783794: Bugzilla::User->visible_bugs should validate input data
r=glob a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/User.pm8
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 87255b20a..9fa7458e7 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -883,6 +883,14 @@ sub visible_bugs {
if (@check_ids) {
my $dbh = Bugzilla->dbh;
my $user_id = $self->id;
+
+ foreach my $id (@check_ids) {
+ my $orig_id = $id;
+ detaint_natural($id)
+ || ThrowCodeError('param_must_be_numeric', { param => $orig_id,
+ function => 'Bugzilla::User->visible_bugs'});
+ }
+
my $sth;
# Speed up the can_see_bug case.
if (scalar(@check_ids) == 1) {