From ef9727cf6d12191a631b63933b4dee11e9661d2e Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <lpsolit%gmail.com>
Date: Mon, 12 Dec 2005 02:38:40 +0000
Subject: [PATCH] =?UTF-8?q?Bug=20319089:=20editkeywords.cgi=20throws=20an?=
 =?UTF-8?q?=20error=20when=20action=3D"edit"=20or=20"delete"=20and=20the?=
 =?UTF-8?q?=20"id"=20parameter=20is=20invalid=20-=20Patch=20by=20Fr?=
 =?UTF-8?q?=EF=BF=BDd=EF=BF=BDric=20Buclin=20<LpSolit@gmail.com>=20r=3Dwic?=
 =?UTF-8?q?ked=20a=3Djustdave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 webtools/bugzilla/editkeywords.cgi | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/webtools/bugzilla/editkeywords.cgi b/webtools/bugzilla/editkeywords.cgi
index da412bfdc68c..5397f0aa57f1 100755
--- a/webtools/bugzilla/editkeywords.cgi
+++ b/webtools/bugzilla/editkeywords.cgi
@@ -53,6 +53,14 @@ sub Validate {
     $_[1] = $description;
 }
 
+sub ValidateKeyID {
+    my $id = shift;
+
+    $id = trim($id || 0);
+    detaint_natural($id) || ThrowCodeError('invalid_keyword_id');
+    return $id;
+}
+
 
 #
 # Preliminary checks:
@@ -165,8 +173,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'edit') {
-    my $id = trim($cgi->param('id'));
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     # get data of keyword
     my ($name, $description) =
@@ -201,8 +208,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name  = trim($cgi->param('name') || '');
     my $description  = trim($cgi->param('description')  || '');
@@ -234,8 +240,7 @@ if ($action eq 'update') {
 
 
 if ($action eq 'delete') {
-    my $id = $cgi->param('id');
-    detaint_natural($id);
+    my $id = ValidateKeyID(scalar $cgi->param('id'));
 
     my $name = $dbh->selectrow_array('SELECT name FROM keyworddefs
                                       WHERE id= ?', undef, $id);