summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-05-04 04:41:22 +0200
committerlpsolit%gmail.com <>2005-05-04 04:41:22 +0200
commit91225228cd8b8f132a496c2d078c14ffb8ecbab3 (patch)
tree1db6dbb76ed32bbcce300b087054c733b9378a0b /Bugzilla
parente51425da1f1fe8ee831bfb8d4c091d9e08ae4dce (diff)
downloadbugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.gz
bugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.xz
Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones - Patch by Peter D. Stout <pds@edgedynamics.com> r=LpSolit a=justdave
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Util.pm18
1 files changed, 18 insertions, 0 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 2c45e077f..70b4c6845 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -30,6 +30,7 @@ use strict;
use base qw(Exporter);
@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
+ detaint_signed
html_quote url_quote value_quote xml_quote
css_class_quote
lsearch max min
@@ -69,6 +70,16 @@ sub detaint_natural {
return (defined($_[0]));
}
+sub detaint_signed {
+ $_[0] =~ /^([-+]?\d+)$/;
+ $_[0] = $1;
+ # Remove any leading plus sign.
+ if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) {
+ $_[0] = $1;
+ }
+ return (defined($_[0]));
+}
+
sub html_quote {
my ($var) = (@_);
$var =~ s/\&/\&amp;/g;
@@ -325,6 +336,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
$rv = is_tainted($var);
trick_taint($var);
detaint_natural($var);
+ detaint_signed($var);
# Functions for quoting
html_quote($var);
@@ -393,6 +405,12 @@ This routine detaints a natural number. It returns a true value if the
value passed in was a valid natural number, else it returns false. You
B<MUST> check the result of this routine to avoid security holes.
+=item C<detaint_signed($num)>
+
+This routine detaints a signed integer. It returns a true value if the
+value passed in was a valid signed integer, else it returns false. You
+B<MUST> check the result of this routine to avoid security holes.
+
=back
=head2 Quoting