From 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Fri, 11 Sep 2009 16:10:13 +0000
Subject: Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125)
 and Bug.create (CVE-2009-3165) Patch by Max Kanat-Alexander
 <mkanat@bugzilla.org> r=LpSolit, a=mkanat

---
 Bugzilla/WebService/Bug.pm       | 1 +
 Bugzilla/WebService/Constants.pm | 2 ++
 2 files changed, 3 insertions(+)

(limited to 'Bugzilla/WebService')

diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index c6d620976..44382e79f 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -258,6 +258,7 @@ sub search {
     }
     
     $params = _map_fields($params);
+    delete $params->{WHERE};
     
     # Do special search types for certain fields.
     if ( my $bug_when = delete $params->{delta_ts} ) {
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index bdfe24f0a..7fd7e2ae8 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -53,7 +53,9 @@ use constant WS_ERROR_CODE => {
     param_required              => 50,
     params_required             => 50,
     object_does_not_exist       => 51,
+    param_must_be_numeric       => 52,
     xmlrpc_invalid_value        => 52,
+    param_invalid               => 53,
     # Bug errors usually occupy the 100-200 range.
     improper_bug_id_field_value => 100,
     bug_id_does_not_exist       => 101,
-- 
cgit v1.2.3-24-g4f1b