}
if ($criteria->{product_id}) {
my $product_id = $criteria->{product_id};
-
+ detaint_natural($product_id)
+ || ThrowCodeError('bad_arg', { argument => 'product_id',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
# Add inclusions to the query, which simply involves joining the table
# by flag type ID and target product/component.
push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id");
my $addl_join_clause = "";
if ($criteria->{component_id}) {
my $component_id = $criteria->{component_id};
+ detaint_natural($component_id)
+ || ThrowCodeError('bad_arg', { argument => 'component_id',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)");
$join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) ";
}
}
if ($criteria->{group}) {
my $gid = $criteria->{group};
- detaint_natural($gid);
+ detaint_natural($gid)
+ || ThrowCodeError('bad_arg', { argument => 'group',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
push(@criteria, "(flagtypes.grant_group_id = $gid " .
" OR flagtypes.request_group_id = $gid)");
}
my $component_id = $component ? $component->id : 0;
my $show_flag_counts = $cgi->param('show_flag_counts') ? 1 : 0;
my $group_id = $cgi->param('group');
+ if ($group_id) {
+ detaint_natural($group_id) || ThrowUserError('invalid_group_ID');
+ }
my $bug_flagtypes;
my $attach_flagtypes;
projects / thirdparty / bugzilla.git / commitdiff
