Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones - Patch by Peter D. Stout <pds@edgedynamics.com> r=LpSolit a=justdave

1 files changed, 18 insertions, 0 deletions

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 2c45e077f..70b4c6845 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -30,6 +30,7 @@ use strict;
 
 use base qw(Exporter);
 @Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
+                             detaint_signed
                              html_quote url_quote value_quote xml_quote
                              css_class_quote
                              lsearch max min
@@ -69,6 +70,16 @@ sub detaint_natural {
     return (defined($_[0]));
 }
 
+sub detaint_signed {
+    $_[0] =~ /^([-+]?\d+)$/;
+    $_[0] = $1;
+    # Remove any leading plus sign.
+    if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) {
+        $_[0] = $1;
+    }
+    return (defined($_[0]));
+}
+
 sub html_quote {
     my ($var) = (@_);
     $var =~ s/\&/\&/g;
@@ -325,6 +336,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
   $rv = is_tainted($var);
   trick_taint($var);
   detaint_natural($var);
+  detaint_signed($var);
 
   # Functions for quoting
   html_quote($var);
@@ -393,6 +405,12 @@ This routine detaints a natural number. It returns a true value if the
 value passed in was a valid natural number, else it returns false. You
 B<MUST> check the result of this routine to avoid security holes.
 
+=item C<detaint_signed($num)>
+
+This routine detaints a signed integer. It returns a true value if the
+value passed in was a valid signed integer, else it returns false. You
+B<MUST> check the result of this routine to avoid security holes.
+
 =back
 
 =head2 Quoting