From b8b2a943056adbb112474df7bdf766970a56b2dc Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 18 Sep 2018 18:19:03 -0400 Subject: Bug 1455495 - Replace apache with Mojolicious --- Bugzilla/WebService/Util.pm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Bugzilla/WebService/Util.pm') diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 29ff05448..d462c884a 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -23,7 +23,7 @@ use base qw(Exporter); # We have to "require", not "use" this, because otherwise it tries to # use features of Test::More during import(). -require Test::Taint; +require Test::Taint if ${^TAINT}; our @EXPORT_OK = qw( extract_flags @@ -193,8 +193,10 @@ sub taint_data { # Though this is a private function, it hasn't changed since 2004 and # should be safe to use, and prevents us from having to write it ourselves # or require another module to do it. - Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params); - Test::Taint::taint_deeply(\@params); + if (${^TAINT}) { + Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params); + Test::Taint::taint_deeply(\@params); + } } sub _delete_bad_keys { -- cgit v1.2.3-24-g4f1b From 37d767c50d5ae69b13c47b71ba16b93c6b450730 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 9 Oct 2018 17:06:18 -0400 Subject: Bug 1497343 - Add some rudimentary type checking to Bugzilla::WebServe::Util::validate() --- Bugzilla/WebService/Util.pm | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'Bugzilla/WebService/Util.pm') diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index d462c884a..ce5586911 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -11,6 +11,7 @@ use 5.10.1; use strict; use warnings; +use Bugzilla::Logging; use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::Error; @@ -18,6 +19,8 @@ use Bugzilla::WebService::Constants; use Storable qw(dclone); use URI::Escape qw(uri_unescape); +use Type::Params qw( compile ); +use Types::Standard -all; use base qw(Exporter); @@ -217,6 +220,17 @@ sub _delete_bad_keys { sub validate { my ($self, $params, @keys) = @_; + my $cache_key = join('|', (caller(1))[3], sort @keys); + # Type->of() is the same as Type[], used here because it is easier + # to chain with plus_coercions. + state $array_of_nonrefs = ArrayRef->of(Maybe[Value])->plus_coercions( + Maybe[Value], q{ [ $_ ] }, + ); + state $type_cache = {}; + my $params_type = $type_cache->{$cache_key} //= do { + my %fields = map { $_ => Optional[$array_of_nonrefs] } @keys; + Maybe[ Dict[%fields, slurpy Any] ]; + }; # If $params is defined but not a reference, then we weren't # sent any parameters at all, and we're getting @keys where @@ -226,12 +240,10 @@ sub validate { # If @keys is not empty then we convert any named # parameters that have scalar values to arrayrefs # that match. - foreach my $key (@keys) { - if (exists $params->{$key}) { - $params->{$key} = ref $params->{$key} - ? $params->{$key} - : [ $params->{$key} ]; - } + $params = $params_type->coerce($params); + if (my $type_error = $params_type->validate($params)) { + FATAL("validate() found type error: $type_error"); + ThrowUserError('invalid_params', { type_error => $type_error } ) if $type_error; } return ($self, $params); -- cgit v1.2.3-24-g4f1b