From: lpsolit%gmail.com <>
Date: Mon, 12 Dec 2005 10:42:50 +0000 (+0000)
Subject: Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the... 
X-Git-Tag: bugzilla-2.20.1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b96ba6470574d1bff409f49c0592e148996bbce8;p=thirdparty%2Fbugzilla.git

Bug 319089: editkeywords.cgi throws an error when action="edit" or "delete" and the "id" parameter is invalid - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
---

diff --git a/editkeywords.cgi b/editkeywords.cgi
index a614e73146..0d2eb691e6 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -48,6 +48,14 @@ sub Validate ($$) {
     }
 }
 
+sub ValidateKeyID {
+    my $id = shift;
+
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
+
 
 #
 # Preliminary checks:
@@ -172,8 +180,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     # get data of keyword
     SendSQL("SELECT name,description
@@ -211,8 +218,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name  = trim($cgi->param('name') || '');
     my $description  = trim($cgi->param('description')  || '');
@@ -247,8 +253,7 @@ if ($action eq 'update') {
 
 
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     SendSQL("SELECT name FROM keyworddefs WHERE id=$id");
     my $name = FetchOneColumn();