diff options
-rw-r--r-- | Bugzilla/User.pm | 8 | ||||
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 6 |
2 files changed, 14 insertions, 0 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index bd7c8123b..f1803ac79 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -892,6 +892,14 @@ sub visible_bugs { if (@check_ids) { my $dbh = Bugzilla->dbh; my $user_id = $self->id; + + foreach my $id (@check_ids) { + my $orig_id = $id; + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', { param => $orig_id, + function => 'Bugzilla::User->visible_bugs'}); + } + my $sth; # Speed up the can_see_bug case. if (scalar(@check_ids) == 1) { diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index df9084210..34c16f99f 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -330,6 +330,12 @@ sub get { my @bugs; my @faults; + + # Cache permissions for bugs. This highly reduces the number of calls to the DB. + # visible_bugs() is only able to handle bug IDs, so we have to skip aliases. + my @int = grep { $_ =~ /^\d+$/ } @$ids; + Bugzilla->user->visible_bugs(\@int); + foreach my $bug_id (@$ids) { my $bug; if ($params->{permissive}) { |