diff options
-rw-r--r-- | Bugzilla/WebService/Constants.pm | 1 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 788f8bcc4..266ec3828 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -135,6 +135,7 @@ use constant WS_ERROR_CODE => { xmlrpc_invalid_value => -32600, unknown_method => -32601, json_rpc_post_only => 32610, + json_rpc_invalid_callback => 32611, }; # These are the fallback defaults for errors not in ERROR_CODE. diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index b55194fda..49520505a 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -381,7 +381,7 @@ sub _bz_callback { if (defined $value) { $value = trim($value); # We don't use \w because we don't want to allow Unicode here. - if ($value !~ /^[A-Za-z0-1_\.\[\]]+$/) { + if ($value !~ /^[A-Za-z0-9_\.\[\]]+$/) { ThrowUserError('json_rpc_invalid_callback', { callback => $value }); } $self->{_bz_callback} = $value; |