summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-19 17:32:30 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-19 17:32:30 +0100
commit0cac98dfb514063de4201cd0037c465922cbef48 (patch)
treef3575344f9683a18f58b97400d43d48c0a7f95eb /Bugzilla
parent6da063a4c255b5d8be892863c2af5bb4d25673c0 (diff)
downloadbugzilla-0cac98dfb514063de4201cd0037c465922cbef48.tar.gz
bugzilla-0cac98dfb514063de4201cd0037c465922cbef48.tar.xz
Bug 1230932: Providing a condition as an ID to the webservice results in a taint error
r=dkl
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/API/1_0/Constants.pm2
-rw-r--r--Bugzilla/API/1_0/Resource/Bug.pm4
-rw-r--r--Bugzilla/API/1_0/Util.pm12
-rw-r--r--Bugzilla/WebService/Bug.pm4
-rw-r--r--Bugzilla/WebService/Constants.pm2
-rw-r--r--Bugzilla/WebService/Util.pm14
6 files changed, 31 insertions, 7 deletions
diff --git a/Bugzilla/API/1_0/Constants.pm b/Bugzilla/API/1_0/Constants.pm
index d372d410d..ea5183bc3 100644
--- a/Bugzilla/API/1_0/Constants.pm
+++ b/Bugzilla/API/1_0/Constants.pm
@@ -68,6 +68,8 @@ use constant WS_ERROR_CODE => {
number_too_large => 54,
number_too_small => 55,
illegal_date => 56,
+ param_integer_required => 57,
+ param_scalar_array_required => 58,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm
index dcc73086f..5dc61e8d1 100644
--- a/Bugzilla/API/1_0/Resource/Bug.pm
+++ b/Bugzilla/API/1_0/Resource/Bug.pm
@@ -1337,6 +1337,10 @@ sub update_comment_tags {
{ function => 'Bug.update_comment_tags',
param => 'comment_id' });
+ ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags',
+ param => 'comment_id' })
+ unless $comment_id =~ /^\d+$/a;
+
my $comment = Bugzilla::Comment->new($comment_id)
|| return [];
$comment->bug->check_is_visible();
diff --git a/Bugzilla/API/1_0/Util.pm b/Bugzilla/API/1_0/Util.pm
index e2c7b1f1f..ce4487c1f 100644
--- a/Bugzilla/API/1_0/Util.pm
+++ b/Bugzilla/API/1_0/Util.pm
@@ -22,6 +22,7 @@ use MIME::Base64 qw(decode_base64 encode_base64);
use Storable qw(dclone);
use Test::Taint ();
use URI::Escape qw(uri_unescape);
+use List::MoreUtils qw(any none);
use parent qw(Exporter);
@@ -248,14 +249,19 @@ sub validate {
# $params should be.
return ($self, undef) if (defined $params and !ref $params);
+ my @id_params = qw(ids comment_ids);
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
foreach my $key (@keys) {
if (exists $params->{$key}) {
- $params->{$key} = ref $params->{$key}
- ? $params->{$key}
- : [ $params->{$key} ];
+ $params->{$key} = [ $params->{$key} ] unless ref $params->{$key};
+
+ if (any { $key eq $_ } @id_params) {
+ my $ids = $params->{$key};
+ ThrowCodeError('param_scalar_array_required', { param => $key })
+ unless ref($ids) eq 'ARRAY' && none { ref $_ } @$ids;
+ }
}
}
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index aaf0d10e0..a1c6b7d99 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -1214,6 +1214,10 @@ sub update_comment_tags {
{ function => 'Bug.update_comment_tags',
param => 'comment_id' });
+ ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags',
+ param => 'comment_id' })
+ unless $comment_id =~ /^\d+$/a;
+
my $comment = Bugzilla::Comment->new($comment_id)
|| return [];
$comment->bug->check_is_visible();
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index e5311d9e5..333166996 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -69,6 +69,8 @@ use constant WS_ERROR_CODE => {
number_too_large => 54,
number_too_small => 55,
illegal_date => 56,
+ param_integer_required => 57,
+ param_scalar_array_required => 58,
# Bug errors usually occupy the 100-200 range.
improper_bug_id_field_value => 100,
bug_id_does_not_exist => 101,
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 752100649..d4da2f575 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -18,6 +18,7 @@ use Bugzilla::WebService::Constants;
use Storable qw(dclone);
use URI::Escape qw(uri_unescape);
+use List::MoreUtils qw(any none);
use parent qw(Exporter);
@@ -220,15 +221,20 @@ sub validate {
# sent any parameters at all, and we're getting @keys where
# $params should be.
return ($self, undef) if (defined $params and !ref $params);
-
+
+ my @id_params = qw(ids comment_ids);
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
foreach my $key (@keys) {
if (exists $params->{$key}) {
- $params->{$key} = ref $params->{$key}
- ? $params->{$key}
- : [ $params->{$key} ];
+ $params->{$key} = [ $params->{$key} ] unless ref $params->{$key};
+
+ if (any { $key eq $_ } @id_params) {
+ my $ids = $params->{$key};
+ ThrowCodeError('param_scalar_array_required', { param => $key })
+ unless ref($ids) eq 'ARRAY' && none { ref $_ } @$ids;
+ }
}
}