Closed
Bug 319082
Opened 20 years ago
Closed 20 years ago
"new Bugzilla::User($uid)" allows you to pass invalid $uid
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.34 KB,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
new() in User.pm doesn't make sure that its parameter is a valid integer. This allows me to edit a user with ID = "1k"! Well, PostgreSQL complains, but MySQL is happy with that:
mysql> select bug_id from bugs where bug_id="1k";
+--------+
| bug_id |
+--------+
| 1 |
+--------+
|
Assignee | |
Comment 1•20 years ago
|
||
|
||
Comment 2•20 years ago
|
||
Does this fix bug 319090, too?
|
|
Assignee | |
Updated•20 years ago
|
Attachment #204989 -
Flags: review?(mkanat)
|
||
Comment 3•20 years ago
|
||
Comment on attachment 204989 [details] [diff] [review]
patch, v1
I like the codce, it looks fine. But I preferred the old error message, because it gave more information.
Attachment #204989 -
Flags: review?(mkanat) → review-
|
|
Assignee | |
Comment 4•20 years ago
|
||
I'm now leaving the actual error message as is.
Attachment #204989 -
Attachment is obsolete: true
Attachment #205554 -
Flags: review?(mkanat)
Attachment #204989 -
Flags: review?(bugreport)
|
|
Assignee | |
Comment 5•20 years ago
|
||
FYI, an easy way to test my patch is to go to editusers.cgi?action=edit&userid=ddd.
|
|
Assignee | |
Updated•20 years ago
|
Attachment #205554 -
Flags: review?(wurblzap)
|
|
||
Comment 6•20 years ago
|
||
Comment on attachment 205554 [details] [diff] [review]
patch, v2
Yes, looks fine to me.
Attachment #205554 -
Flags: review?(mkanat) → review+
|
|
Assignee | |
Updated•20 years ago
|
Flags: approval?
Flags: approval2.20?
|
|
Assignee | |
Updated•20 years ago
|
Attachment #205554 -
Flags: review?(wurblzap)
|
||
Updated•20 years ago
|
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+
|
|
Assignee | |
Comment 7•20 years ago
|
||
tip:
Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm
new revision: 1.98; previous revision: 1.97
done
2.20:
Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm
new revision: 1.61.2.14; previous revision: 1.61.2.13
done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•