From 818b908a18de4862f060c64ad12f779ac8480f01 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Fri, 4 Apr 2014 17:31:48 +0000
Subject: Bug 987521 - flag activity api needs to prohibit requests which
 return the entire table r=glob

---
 extensions/Review/lib/WebService.pm                                  | 5 +++++
 .../template/en/default/hook/global/user-error-errors.html.tmpl      | 4 ++++
 2 files changed, 9 insertions(+)

(limited to 'extensions/Review')

diff --git a/extensions/Review/lib/WebService.pm b/extensions/Review/lib/WebService.pm
index c39cadd2c..f5530dd49 100644
--- a/extensions/Review/lib/WebService.pm
+++ b/extensions/Review/lib/WebService.pm
@@ -112,6 +112,11 @@ sub flag_activity {
     $match_criteria{LIMIT} = $limit;
     $match_criteria{OFFSET} = $offset if defined $offset;
 
+    # Throw error if no other parameters have been passed other than limit and offset
+    if (!grep(!/^(LIMIT|OFFSET)$/, keys %match_criteria)) {
+        ThrowUserError('flag_activity_parameters_required');
+    }
+
     my $matches = Bugzilla::Extension::Review::FlagStateActivity->match(\%match_criteria);
     my @results = map { $self->_flag_state_activity_to_hash($_, $params) } @$matches;
     return \@results;
diff --git a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
index 788852aa8..ca143cca3 100644
--- a/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
+++ b/extensions/Review/template/en/default/hook/global/user-error-errors.html.tmpl
@@ -19,4 +19,8 @@
   [% title = "Invalid Flag Type ID" %]
   The flag type id [% type_id FILTER html %] is invalid.
 
+[% ELSIF error == "flag_activity_parameters_required" %]
+  [% title = "Parameters Required" %]
+  You may not search flag state activity without any search terms.
+
 [% END %]
-- 
cgit v1.2.3-24-g4f1b