diff options
author | Simon Green <mail@simon.green> | 2016-10-06 23:29:48 +0200 |
---|---|---|
committer | Simon Green <mail@simon.green> | 2016-10-06 23:29:48 +0200 |
commit | 81711939d177924266bf988278f93bed046c9798 (patch) | |
tree | d6c53815c9c72446c40e3079448f994bac901b86 /Bugzilla | |
parent | 63f79c626077c29a0134a2e3a97d6fe0665e7200 (diff) | |
download | bugzilla-81711939d177924266bf988278f93bed046c9798.tar.gz bugzilla-81711939d177924266bf988278f93bed046c9798.tar.xz |
Bug 1290588 - Group Administration via interface should error if regular expression size is greater than column length
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/DB.pm | 50 | ||||
-rw-r--r-- | Bugzilla/Group.pm | 6 |
2 files changed, 56 insertions, 0 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 68582305f..51d736f27 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -1189,6 +1189,24 @@ sub bz_table_list_real { return @{$self->selectcol_arrayref($table_sth, { Columns => [3] })}; } +sub bz_column_length { + my ( $self, $table, $column ) = @_; + state %column_length; + + if ( not exists $column_length{$table} ) { + my $csr = $self->column_info( undef, undef, $table, undef ); + my $cols = + $csr->fetchall_arrayref( { COLUMN_NAME => 1, COLUMN_SIZE => 1 } ); + + foreach my $col (@$cols) { + $column_length{$table}{ $col->{COLUMN_NAME} } = $col->{COLUMN_SIZE} + // MAX_INT_32; + } + } + + return $column_length{$table}{$column} // 0; +} + ##################################################################### # Transaction Methods ##################################################################### @@ -2339,6 +2357,38 @@ Last inserted ID (scalar) =back +=over + +=item C<bz_column_length> + +=over + +=item B<Description> + +Returns the length of the specified column as specified by the database + +only really useful for text based strings. +This implementation uses DBI's +L<column_info|https://metacpan.org/pod/DBI#column_info>. + +=item B<Params> + +=over + +=item C<$table> - name of table (scalar) + +=item C<$column> - name of column type (scalar) + +=back + +=item B<Returns> + +The length of the field, 0 if it does not exist. + +=back + +=back + =head2 Database Setup Methods These methods are used by the Bugzilla installation programs to set up diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm index 61c085c0e..481987488 100644 --- a/Bugzilla/Group.pm +++ b/Bugzilla/Group.pm @@ -482,6 +482,12 @@ sub _check_description { sub _check_user_regexp { my ($invocant, $regex) = @_; $regex = trim($regex) || ''; + + my $max_length = Bugzilla->dbh->bz_column_length( 'groups', 'userregexp' ); + ThrowUserError( "group_regexp_too_long", + { text => $regex, max_length => $max_length } ) + if length($regex) > $max_length; + ThrowUserError("invalid_regexp") unless (eval {qr/$regex/}); return $regex; } |