summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorSimon Green <mail@simon.green>2016-10-06 23:29:48 +0200
committerSimon Green <mail@simon.green>2016-10-06 23:29:48 +0200
commit81711939d177924266bf988278f93bed046c9798 (patch)
treed6c53815c9c72446c40e3079448f994bac901b86 /Bugzilla
parent63f79c626077c29a0134a2e3a97d6fe0665e7200 (diff)
downloadbugzilla-81711939d177924266bf988278f93bed046c9798.tar.gz
bugzilla-81711939d177924266bf988278f93bed046c9798.tar.xz
Bug 1290588 - Group Administration via interface should error if regular expression size is greater than column length
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/DB.pm50
-rw-r--r--Bugzilla/Group.pm6
2 files changed, 56 insertions, 0 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 68582305f..51d736f27 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -1189,6 +1189,24 @@ sub bz_table_list_real {
return @{$self->selectcol_arrayref($table_sth, { Columns => [3] })};
}
+sub bz_column_length {
+ my ( $self, $table, $column ) = @_;
+ state %column_length;
+
+ if ( not exists $column_length{$table} ) {
+ my $csr = $self->column_info( undef, undef, $table, undef );
+ my $cols =
+ $csr->fetchall_arrayref( { COLUMN_NAME => 1, COLUMN_SIZE => 1 } );
+
+ foreach my $col (@$cols) {
+ $column_length{$table}{ $col->{COLUMN_NAME} } = $col->{COLUMN_SIZE}
+ // MAX_INT_32;
+ }
+ }
+
+ return $column_length{$table}{$column} // 0;
+}
+
#####################################################################
# Transaction Methods
#####################################################################
@@ -2339,6 +2357,38 @@ Last inserted ID (scalar)
=back
+=over
+
+=item C<bz_column_length>
+
+=over
+
+=item B<Description>
+
+Returns the length of the specified column as specified by the database
+
+only really useful for text based strings.
+This implementation uses DBI's
+L<column_info|https://metacpan.org/pod/DBI#column_info>.
+
+=item B<Params>
+
+=over
+
+=item C<$table> - name of table (scalar)
+
+=item C<$column> - name of column type (scalar)
+
+=back
+
+=item B<Returns>
+
+The length of the field, 0 if it does not exist.
+
+=back
+
+=back
+
=head2 Database Setup Methods
These methods are used by the Bugzilla installation programs to set up
diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index 61c085c0e..481987488 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -482,6 +482,12 @@ sub _check_description {
sub _check_user_regexp {
my ($invocant, $regex) = @_;
$regex = trim($regex) || '';
+
+ my $max_length = Bugzilla->dbh->bz_column_length( 'groups', 'userregexp' );
+ ThrowUserError( "group_regexp_too_long",
+ { text => $regex, max_length => $max_length } )
+ if length($regex) > $max_length;
+
ThrowUserError("invalid_regexp") unless (eval {qr/$regex/});
return $regex;
}