summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-10-24 07:26:35 +0200
committermkanat%bugzilla.org <>2009-10-24 07:26:35 +0200
commit0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9 (patch)
treec930d99f072e893e6dd6e91e6b1ae555c09632e9 /Bugzilla
parentad9d2eb59d635d1d7a4fb8b2bf110c9aca495ae1 (diff)
downloadbugzilla-0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9.tar.gz
bugzilla-0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9.tar.xz
Bug 523977: Make Bugzilla::Object->check send the trimmed value to new(), and also be more accurate about what's "empty". This also makes detaint_natural and detaint_signed call int() on their return values.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Object.pm13
-rw-r--r--Bugzilla/Util.pm9
2 files changed, 13 insertions, 9 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 456888b38..b04593f89 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -117,10 +117,17 @@ sub check {
if (!ref $param) {
$param = { name => $param };
}
+
# Don't allow empty names or ids.
- my $check_param = exists $param->{id} ? $param->{id} : $param->{name};
- $check_param = trim($check_param);
- $check_param || ThrowUserError('object_not_specified', { class => $class });
+ my $check_param = exists $param->{id} ? 'id' : 'name';
+ $param->{$check_param} = trim($param->{$check_param});
+ # If somebody passes us "0", we want to throw an error like
+ # "there is no X with the name 0". This is true even for ids. So here,
+ # we only check if the parameter is undefined or empty.
+ if (!defined $param->{$check_param} or $param->{$check_param} eq '') {
+ ThrowUserError('object_not_specified', { class => $class });
+ }
+
my $obj = $class->new($param);
if (!$obj) {
# We don't want to override the normal template "user" object if
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 513e02857..21588417c 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -68,17 +68,14 @@ sub trick_taint {
sub detaint_natural {
my $match = $_[0] =~ /^(\d+)$/;
- $_[0] = $match ? $1 : undef;
+ $_[0] = $match ? int($1) : undef;
return (defined($_[0]));
}
sub detaint_signed {
my $match = $_[0] =~ /^([-+]?\d+)$/;
- $_[0] = $match ? $1 : undef;
- # Remove any leading plus sign.
- if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) {
- $_[0] = $1;
- }
+ # The "int()" call removes any leading plus sign.
+ $_[0] = $match ? int($1) : undef;
return (defined($_[0]));
}