From 0cac98dfb514063de4201cd0037c465922cbef48 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sat, 19 Mar 2016 17:32:30 +0100
Subject: Bug 1230932: Providing a condition as an ID to the webservice results
 in a taint error r=dkl

---
 Bugzilla/API/1_0/Resource/Bug.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Bugzilla/API/1_0/Resource/Bug.pm')

diff --git a/Bugzilla/API/1_0/Resource/Bug.pm b/Bugzilla/API/1_0/Resource/Bug.pm
index dcc73086f..5dc61e8d1 100644
--- a/Bugzilla/API/1_0/Resource/Bug.pm
+++ b/Bugzilla/API/1_0/Resource/Bug.pm
@@ -1337,6 +1337,10 @@ sub update_comment_tags {
                           { function => 'Bug.update_comment_tags',
                             param    => 'comment_id' });
 
+    ThrowCodeError('param_integer_required', { function => 'Bug.update_comment_tags',
+                                               param => 'comment_id' })
+      unless $comment_id =~ /^\d+$/a;
+
     my $comment = Bugzilla::Comment->new($comment_id)
         || return [];
     $comment->bug->check_is_visible();
-- 
cgit v1.2.3-24-g4f1b