From 73958ee239e7c28d394bdbd37081cfaa7c1bc7ed Mon Sep 17 00:00:00 2001
From: Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Date: Fri, 12 Oct 2012 19:46:07 +0200
Subject: Bug 793826: Prevent private web service methods from being called
 r=dkl a=LpSolit

---
 Bugzilla/WebService/Server.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/WebService/Server.pm')

diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm
index 5f1795178..5634aa0fe 100644
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -17,7 +17,9 @@ use Scalar::Util qw(blessed);
 
 sub handle_login {
     my ($self, $class, $method, $full_method) = @_;
-    ThrowCodeError('unknown_method', {method => $full_method}) if !$class;
+    # Throw error if the supplied class does not exist or the method is private
+    ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/);
+
     eval "require $class";
     ThrowCodeError('unknown_method', {method => $full_method}) if $@;
     return if ($class->login_exempt($method) 
-- 
cgit v1.2.3-24-g4f1b