diff options
author | mkanat%bugzilla.org <> | 2009-10-24 07:26:35 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-10-24 07:26:35 +0200 |
commit | 0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9 (patch) | |
tree | c930d99f072e893e6dd6e91e6b1ae555c09632e9 /Bugzilla | |
parent | ad9d2eb59d635d1d7a4fb8b2bf110c9aca495ae1 (diff) | |
download | bugzilla-0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9.tar.gz bugzilla-0ddb000b0c5280b9a13d9b930ea21ecf546bd5c9.tar.xz |
Bug 523977: Make Bugzilla::Object->check send the trimmed value to new(), and also be more accurate about what's "empty". This also makes detaint_natural and detaint_signed call int() on their return values.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Object.pm | 13 | ||||
-rw-r--r-- | Bugzilla/Util.pm | 9 |
2 files changed, 13 insertions, 9 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 456888b38..b04593f89 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -117,10 +117,17 @@ sub check { if (!ref $param) { $param = { name => $param }; } + # Don't allow empty names or ids. - my $check_param = exists $param->{id} ? $param->{id} : $param->{name}; - $check_param = trim($check_param); - $check_param || ThrowUserError('object_not_specified', { class => $class }); + my $check_param = exists $param->{id} ? 'id' : 'name'; + $param->{$check_param} = trim($param->{$check_param}); + # If somebody passes us "0", we want to throw an error like + # "there is no X with the name 0". This is true even for ids. So here, + # we only check if the parameter is undefined or empty. + if (!defined $param->{$check_param} or $param->{$check_param} eq '') { + ThrowUserError('object_not_specified', { class => $class }); + } + my $obj = $class->new($param); if (!$obj) { # We don't want to override the normal template "user" object if diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 513e02857..21588417c 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -68,17 +68,14 @@ sub trick_taint { sub detaint_natural { my $match = $_[0] =~ /^(\d+)$/; - $_[0] = $match ? $1 : undef; + $_[0] = $match ? int($1) : undef; return (defined($_[0])); } sub detaint_signed { my $match = $_[0] =~ /^([-+]?\d+)$/; - $_[0] = $match ? $1 : undef; - # Remove any leading plus sign. - if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) { - $_[0] = $1; - } + # The "int()" call removes any leading plus sign. + $_[0] = $match ? int($1) : undef; return (defined($_[0])); } |