Bug 793826: Prevent private web service methods from being called

author Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>

Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)

committer Frédéric Buclin <LpSolit@gmail.com>

Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)
author Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)
committer Frédéric Buclin <LpSolit@gmail.com>
Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm

index 5f179517812639753667350e919857c69edf4ba1..5634aa0fe6a4e30f4a7d6e089e3727f025179b7b 100644 (file)
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -17,7 +17,9 @@ use Scalar::Util qw(blessed);
  
  sub handle_login {
      my ($self, $class, $method, $full_method) = @_;
-    ThrowCodeError('unknown_method', {method => $full_method}) if !$class;
+    # Throw error if the supplied class does not exist or the method is private
+    ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/);
+
      eval "require $class";
      ThrowCodeError('unknown_method', {method => $full_method}) if $@;
      return if ($class->login_exempt($method)
author	Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
	Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Fri, 12 Oct 2012 17:46:07 +0000 (19:46 +0200)