From cf3aa532ea51a41b02c8ea73db254d01c03280ba Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Fri, 28 Oct 2005 17:33:18 +0000 Subject: Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid ID as a param - Patch by Frédéric Buclin r=kiko a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Classification.pm | 5 ++++- Bugzilla/Component.pm | 5 ++++- Bugzilla/Group.pm | 5 ++++- Bugzilla/Product.pm | 5 ++++- template/en/default/global/code-error.html.tmpl | 5 +++++ 5 files changed, 21 insertions(+), 4 deletions(-) diff --git a/Bugzilla/Classification.pm b/Bugzilla/Classification.pm index e87852ba2..63a826dc3 100644 --- a/Bugzilla/Classification.pm +++ b/Bugzilla/Classification.pm @@ -55,7 +55,10 @@ sub _init { my $id = $param unless (ref $param eq 'HASH'); my $classification; - if (defined $id && detaint_natural($id)) { + if (defined $id) { + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', + {function => 'Bugzilla::Classification::_init'}); $classification = $dbh->selectrow_hashref(qq{ SELECT $columns FROM classifications diff --git a/Bugzilla/Component.pm b/Bugzilla/Component.pm index 74ea60d1b..20df65550 100644 --- a/Bugzilla/Component.pm +++ b/Bugzilla/Component.pm @@ -58,7 +58,10 @@ sub _init { my $id = $param unless (ref $param eq 'HASH'); my $component; - if (defined $id && detaint_natural($id)) { + if (defined $id) { + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', + {function => 'Bugzilla::Component::_init'}); $component = $dbh->selectrow_hashref(qq{ SELECT $columns FROM components diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm index cc57fca69..32c4696db 100644 --- a/Bugzilla/Group.pm +++ b/Bugzilla/Group.pm @@ -61,7 +61,10 @@ sub _init { my $id = $param unless (ref $param eq 'HASH'); my $group; - if (defined $id && detaint_natural($id)) { + if (defined $id) { + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', + {function => 'Bugzilla::Group::_init'}); $group = $dbh->selectrow_hashref(qq{ SELECT $columns FROM groups diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm index 2bc9da52d..5405b1651 100644 --- a/Bugzilla/Product.pm +++ b/Bugzilla/Product.pm @@ -63,7 +63,10 @@ sub _init { my $id = $param unless (ref $param eq 'HASH'); my $product; - if (defined $id && detaint_natural($id)) { + if (defined $id) { + detaint_natural($id) + || ThrowCodeError('param_must_be_numeric', + {function => 'Bugzilla::Product::_init'}); $product = $dbh->selectrow_hashref(qq{ SELECT $columns FROM products diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 440cc19bf..0fe946cb5 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -243,6 +243,11 @@ [% ELSIF error == "need_quipid" %] A valid quipid is needed. + [% ELSIF error == "param_must_be_numeric" %] + [% title = "Invalid Parameter" %] + Invalid parameter passed to [% function FILTER html %]. + It must be numeric. + [% ELSIF error == "unknown_comparison_type" %] Specified comparison type is not supported. -- cgit v1.2.3-24-g4f1b