Closed
Bug 1124437
Opened 9 years ago
Closed 9 years ago
Backport upstream bug 1090275 to bmo/4.2 to whitelist webservice api methods
Categories
(bugzilla.mozilla.org :: API, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dkl, Assigned: glob)
References
Details
Attachments
(1 file, 1 obsolete file)
10.95 KB,
patch
|
dylan
:
review+
|
Details | Diff | Splinter Review |
SSIA
taking because we need this asap, and dkl is likely to be busy with another upstream release.
Assignee: dkl → glob
Attachment #8552920 -
Flags: review?(dylan)
Comment 2•9 years ago
|
||
Comment on attachment 8552920 [details] [diff] [review] 1124437_1.patch Review of attachment 8552920 [details] [diff] [review]: ----------------------------------------------------------------- r- Tests pass and disallowed methods are forbidden from running. However, what I missed before is that there is no method bz_method_name() -- it is spelled _bz_method_name() so this fails for the entirely wrong reason. And then there's ThrowCoreError instead of ThrowCodeError. ::: Bugzilla/WebService/Server/JSONRPC.pm @@ +417,5 @@ > } > > + # Only allowed methods to be used from our whitelist > + if (none { $_ eq $method} $pkg->PUBLIC_METHODS) { > + ThrowCoreError('unknown_method', { method => $self->bz_method_name }); Interesting typo here.
Attachment #8552920 -
Flags: review?(dylan) → review-
Reporter | ||
Comment 3•9 years ago
|
||
Sorry bout this. I had actually done the work last night but I had to stop before I had finished testing everything. Thanks for taking it up.
oops :)
Attachment #8552920 -
Attachment is obsolete: true
Attachment #8553559 -
Flags: review?(dylan)
Comment 5•9 years ago
|
||
Comment on attachment 8553559 [details] [diff] [review] 1124437_2.patch Review of attachment 8553559 [details] [diff] [review]: ----------------------------------------------------------------- r=dylan with the note that I haven't exhaustively called every method. I did spot check and compare the public methods to the apparent public methods of the classes (especially in the case of extensions)
Attachment #8553559 -
Flags: review?(dylan) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git cd92366..a748745 master -> master
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•