diff options
| author | David Lawrence <dkl@mozilla.com> | 2014-04-04 19:31:48 +0200 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2014-04-04 19:31:48 +0200 |
| commit | 818b908a18de4862f060c64ad12f779ac8480f01 (patch) | |
| tree | d5fc89dcdeb5c5faa315d51cae5b967347e27430 /extensions | |
| parent | 0ac842d2f0b996a9bcf4524fdc02b4237281a891 (diff) | |
| download | bugzilla-818b908a18de4862f060c64ad12f779ac8480f01.tar.gz bugzilla-818b908a18de4862f060c64ad12f779ac8480f01.tar.xz | |
Bug 987521 - flag activity api needs to prohibit requests which return the entire table
r=glob
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/Review/lib/WebService.pm | 5 | ||||
| -rw-r--r-- | extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/extensions/Review/lib/WebService.pm b/extensions/Review/lib/WebService.pm index c39cadd2c..f5530dd49 100644 --- a/extensions/Review/lib/WebService.pm +++ b/extensions/Review/lib/WebService.pm @@ -112,6 +112,11 @@ sub flag_activity { $match_criteria{LIMIT} = $limit; $match_criteria{OFFSET} = $offset if defined $offset; + # Throw error if no other parameters have been passed other than limit and offset + if (!grep(!/^(LIMIT|OFFSET)$/, keys %match_criteria)) { + ThrowUserError('flag_activity_parameters_required'); + } + my $matches = Bugzilla::Extension::Review::FlagStateActivity->match(\%match_criteria); my @results = map { $self->_flag_state_activity_to_hash($_, $params) } @$matches; return \@results; diff --git a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl index 788852aa8..ca143cca3 100644 --- a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl +++ b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl @@ -19,4 +19,8 @@ [% title = "Invalid Flag Type ID" %] The flag type id [% type_id FILTER html %] is invalid. +[% ELSIF error == "flag_activity_parameters_required" %] + [% title = "Parameters Required" %] + You may not search flag state activity without any search terms. + [% END %] |