summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-01-05 00:15:28 +0100
committerlpsolit%gmail.com <>2009-01-05 00:15:28 +0100
commita8cc91bfe25645ff5d83d1732109533688872196 (patch)
tree830e43739ada756f5b43192a2af3ad50a6835271 /Bugzilla
parent19d1f1c324a35bd44689cde98752275f518082e2 (diff)
downloadbugzilla-a8cc91bfe25645ff5d83d1732109533688872196.tar.gz
bugzilla-a8cc91bfe25645ff5d83d1732109533688872196.tar.xz
Bug 471866: Classification name length and sortkey max value not validated - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Classification.pm11
-rw-r--r--Bugzilla/Constants.pm4
2 files changed, 12 insertions, 3 deletions
diff --git a/Bugzilla/Classification.pm b/Bugzilla/Classification.pm
index 7c362bc45..a7f59b4bb 100644
--- a/Bugzilla/Classification.pm
+++ b/Bugzilla/Classification.pm
@@ -19,6 +19,7 @@ use strict;
package Bugzilla::Classification;
+use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Product;
@@ -85,6 +86,10 @@ sub _check_name {
$name = trim($name);
$name || ThrowUserError('classification_not_specified');
+ if (length($name) > MAX_CLASSIFICATION_SIZE) {
+ ThrowUserError('classification_name_too_long', {'name' => $name});
+ }
+
my $classification = new Bugzilla::Classification({name => $name});
if ($classification && (!ref $invocant || $classification->id != $invocant->id)) {
ThrowUserError("classification_already_exists", { name => $classification->name });
@@ -104,9 +109,9 @@ sub _check_sortkey {
$sortkey ||= 0;
my $stored_sortkey = $sortkey;
- detaint_natural($sortkey)
- || ThrowUserError('classification_invalid_sortkey', { 'sortkey' => $stored_sortkey });
-
+ if (!detaint_natural($sortkey) || $sortkey > MAX_SMALLINT) {
+ ThrowUserError('classification_invalid_sortkey', { 'sortkey' => $stored_sortkey });
+ }
return $sortkey;
}
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index f191f70d4..608e3a9d2 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -149,6 +149,7 @@ use File::Basename;
MAX_SMALLINT
MAX_LEN_QUERY_NAME
+ MAX_CLASSIFICATION_SIZE
MAX_PRODUCT_SIZE
MAX_MILESTONE_SIZE
MAX_COMPONENT_SIZE
@@ -425,6 +426,9 @@ use constant MAX_SMALLINT => 32767;
# The longest that a saved search name can be.
use constant MAX_LEN_QUERY_NAME => 64;
+# The longest classification name allowed.
+use constant MAX_CLASSIFICATION_SIZE => 64;
+
# The longest product name allowed.
use constant MAX_PRODUCT_SIZE => 64;