diff options
| -rw-r--r-- | Bugzilla/Object.pm | 13 | ||||
| -rw-r--r-- | Bugzilla/Util.pm | 9 |
2 files changed, 13 insertions, 9 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 456888b38..b04593f89 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -117,10 +117,17 @@ sub check { if (!ref $param) { $param = { name => $param }; } + # Don't allow empty names or ids. - my $check_param = exists $param->{id} ? $param->{id} : $param->{name}; - $check_param = trim($check_param); - $check_param || ThrowUserError('object_not_specified', { class => $class }); + my $check_param = exists $param->{id} ? 'id' : 'name'; + $param->{$check_param} = trim($param->{$check_param}); + # If somebody passes us "0", we want to throw an error like + # "there is no X with the name 0". This is true even for ids. So here, + # we only check if the parameter is undefined or empty. + if (!defined $param->{$check_param} or $param->{$check_param} eq '') { + ThrowUserError('object_not_specified', { class => $class }); + } + my $obj = $class->new($param); if (!$obj) { # We don't want to override the normal template "user" object if diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 513e02857..21588417c 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -68,17 +68,14 @@ sub trick_taint { sub detaint_natural { my $match = $_[0] =~ /^(\d+)$/; - $_[0] = $match ? $1 : undef; + $_[0] = $match ? int($1) : undef; return (defined($_[0])); } sub detaint_signed { my $match = $_[0] =~ /^([-+]?\d+)$/; - $_[0] = $match ? $1 : undef; - # Remove any leading plus sign. - if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) { - $_[0] = $1; - } + # The "int()" call removes any leading plus sign. + $_[0] = $match ? int($1) : undef; return (defined($_[0])); } |