From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 12 Sep 2012 23:45:39 +0000 (+0200)
Subject: Bug 783794: Bugzilla::User->visible_bugs should validate input data
X-Git-Tag: bugzilla-4.4rc1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b68fc541fa58bd9f417db434732e8fea7c4913c;p=thirdparty%2Fbugzilla.git

Bug 783794: Bugzilla::User->visible_bugs should validate input data
r=glob a=LpSolit
---

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 0bf9450847..6b509226f9 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -888,6 +888,14 @@ sub visible_bugs {
     if (@check_ids) {
         my $dbh = Bugzilla->dbh;
         my $user_id = $self->id;
+
+        foreach my $id (@check_ids) {
+            my $orig_id = $id;
+            detaint_natural($id)
+              || ThrowCodeError('param_must_be_numeric', { param    => $orig_id,
+                                                           function => 'Bugzilla::User->visible_bugs'});
+        }
+
         my $sth;
         # Speed up the can_see_bug case.
         if (scalar(@check_ids) == 1) {