summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Util.pm18
1 files changed, 18 insertions, 0 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 2c45e077f..70b4c6845 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -30,6 +30,7 @@ use strict;
use base qw(Exporter);
@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
+ detaint_signed
html_quote url_quote value_quote xml_quote
css_class_quote
lsearch max min
@@ -69,6 +70,16 @@ sub detaint_natural {
return (defined($_[0]));
}
+sub detaint_signed {
+ $_[0] =~ /^([-+]?\d+)$/;
+ $_[0] = $1;
+ # Remove any leading plus sign.
+ if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) {
+ $_[0] = $1;
+ }
+ return (defined($_[0]));
+}
+
sub html_quote {
my ($var) = (@_);
$var =~ s/\&/\&/g;
@@ -325,6 +336,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
$rv = is_tainted($var);
trick_taint($var);
detaint_natural($var);
+ detaint_signed($var);
# Functions for quoting
html_quote($var);
@@ -393,6 +405,12 @@ This routine detaints a natural number. It returns a true value if the
value passed in was a valid natural number, else it returns false. You
B<MUST> check the result of this routine to avoid security holes.
+=item C<detaint_signed($num)>
+
+This routine detaints a signed integer. It returns a true value if the
+value passed in was a valid signed integer, else it returns false. You
+B<MUST> check the result of this routine to avoid security holes.
+
=back
=head2 Quoting