From: lpsolit%gmail.com <>
Date: Fri, 28 Oct 2005 17:33:18 +0000 (+0000)
Subject: Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid... 
X-Git-Tag: bugzilla-2.22rc1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf3aa532ea51a41b02c8ea73db254d01c03280ba;p=thirdparty%2Fbugzilla.git

Bug 314088: Several Bugzilla::Foo->new crash when passing a string instead of a valid ID as a param - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kiko a=justdave
---

diff --git a/Bugzilla/Classification.pm b/Bugzilla/Classification.pm
index e87852ba24..63a826dc32 100644
--- a/Bugzilla/Classification.pm
+++ b/Bugzilla/Classification.pm
@@ -55,7 +55,10 @@ sub _init {
     my $id = $param unless (ref $param eq 'HASH');
     my $classification;
 
-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Classification::_init'});
 
         $classification = $dbh->selectrow_hashref(qq{
             SELECT $columns FROM classifications
diff --git a/Bugzilla/Component.pm b/Bugzilla/Component.pm
index 74ea60d1b1..20df65550a 100644
--- a/Bugzilla/Component.pm
+++ b/Bugzilla/Component.pm
@@ -58,7 +58,10 @@ sub _init {
     my $id = $param unless (ref $param eq 'HASH');
     my $component;
 
-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Component::_init'});
 
         $component = $dbh->selectrow_hashref(qq{
             SELECT $columns FROM components
diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm
index cc57fca69a..32c4696db8 100644
--- a/Bugzilla/Group.pm
+++ b/Bugzilla/Group.pm
@@ -61,7 +61,10 @@ sub _init {
     my $id = $param unless (ref $param eq 'HASH');
     my $group;
 
-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Group::_init'});
 
         $group = $dbh->selectrow_hashref(qq{
             SELECT $columns FROM groups
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 2bc9da52d9..5405b1651a 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -63,7 +63,10 @@ sub _init {
     my $id = $param unless (ref $param eq 'HASH');
     my $product;
 
-    if (defined $id && detaint_natural($id)) {
+    if (defined $id) {
+        detaint_natural($id)
+          || ThrowCodeError('param_must_be_numeric',
+                            {function => 'Bugzilla::Product::_init'});
 
         $product = $dbh->selectrow_hashref(qq{
             SELECT $columns FROM products
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 440cc19bf4..0fe946cb53 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -243,6 +243,11 @@
   [% ELSIF error == "need_quipid" %]
     A valid quipid is needed.
 
+  [% ELSIF error == "param_must_be_numeric" %]
+    [% title = "Invalid Parameter" %]
+    Invalid parameter passed to [% function FILTER html %].
+    It must be numeric.
+
   [% ELSIF error == "unknown_comparison_type" %]
     Specified comparison type is not supported.