diff options
| author | Koosha Khajeh Moogahi <koosha.khajeh@gmail.com> | 2012-10-12 19:51:50 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-10-12 19:51:50 +0200 |
| commit | 938692bf09df0bce9dae7be72925bf2f1eb75dfe (patch) | |
| tree | bfcf1120f664c940cfc6f33a1d43c75048bb690b /Bugzilla | |
| parent | b7656f0a5deec13cd706c5fa364ec52e21b749b1 (diff) | |
| download | bugzilla-938692bf09df0bce9dae7be72925bf2f1eb75dfe.tar.gz bugzilla-938692bf09df0bce9dae7be72925bf2f1eb75dfe.tar.xz | |
Bug 793826: Prevent private web service methods from being called
r=dkl a=LpSolit
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/WebService/Server.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index feb80e9d0..206f0c657 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -25,7 +25,9 @@ use Scalar::Util qw(blessed); sub handle_login { my ($self, $class, $method, $full_method) = @_; - ThrowCodeError('unknown_method', {method => $full_method}) if !$class; + # Throw error if the supplied class does not exist or the method is private + ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/); + eval "require $class"; ThrowCodeError('unknown_method', {method => $full_method}) if $@; return if ($class->login_exempt($method) |