From: Koosha Khajeh Moogahi Date: Fri, 12 Oct 2012 17:50:00 +0000 (+0200) Subject: Bug 793826: Prevent private web service methods from being called X-Git-Tag: bugzilla-4.4rc1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c6eb76fcb34ea8305dd906d49f28792ae7a5b7a;p=thirdparty%2Fbugzilla.git Bug 793826: Prevent private web service methods from being called r=dkl a=LpSolit --- diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index a43ed204c9..15bc4bcca3 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -15,7 +15,9 @@ use Scalar::Util qw(blessed); sub handle_login { my ($self, $class, $method, $full_method) = @_; - ThrowCodeError('unknown_method', {method => $full_method}) if !$class; + # Throw error if the supplied class does not exist or the method is private + ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/); + eval "require $class"; ThrowCodeError('unknown_method', {method => $full_method}) if $@; return if ($class->login_exempt($method)