Security patch in 3.0.9 breaks some WebService Bug.create parameters

RESOLVED FIXED in Bugzilla 3.0

Status

()

defect
--
critical
RESOLVED FIXED
10 years ago
9 years ago

People

(Reporter: mkanat, Assigned: mkanat)

Tracking

({regression})

Dependency tree / graph
Bug Flags:
approval3.0 +
blocking3.0.10 +

Details

Attachments

(1 attachment)

We did:

        my $field_name = FIELD_MAP->{$field} || $field;
        # Prevent SQL Injection via key names.
        _check_valid_field($field);

But we should have been passing $field_name to _check_valid_field, instead, because it validates against the *values* of FIELD_MAP, not the *keys*.
Flags: blocking3.0.10+
Depends on: 515191
Keywords: regression
Posted patch v1Splinter Review
Assignee: webservice → mkanat
Status: NEW → ASSIGNED
Attachment #401473 - Flags: review?(LpSolit)
Comment on attachment 401473 [details] [diff] [review]
v1

Looks good and fixes the problem. r=LpSolit
Attachment #401473 - Flags: review?(LpSolit) → review+
Flags: approval3.0+
Checking in Bugzilla/WebService/Bug.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/WebService/Bug.pm,v  <--  Bug.pm
new revision: 1.4.2.6; previous revision: 1.4.2.5
done
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.