Bug 255606: Do not let buglist.cgi return all bugs by default

r/a=mkanat
author: Frédéric Buclin <LpSolit@gmail.com> 2011-11-26 01:08:58 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2011-11-26 01:08:58 +0100
commit: c9aaffd4541554af069e4ac097c39f567b02f55a (patch)
tree: 13498d0860a3d4616f26d5f56e767f382678c682 /Bugzilla/Search.pm
parent: Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized b... (diff)
download: bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.gz
bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.bz2
bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index d47e0ae99..6bbf4ab42 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1168,6 +1168,11 @@ sub _sql_where {
     if ($clause_sql) {
         $where .= "\n   AND " . $clause_sql;
     }
+    elsif (!Bugzilla->params->{'search_allow_no_criteria'}
+           && !$self->{allow_unlimited})
+    {
+        ThrowUserError('buglist_parameters_required');
+    }
     return $where;
 }
author	Frédéric Buclin <LpSolit@gmail.com>	2011-11-26 01:08:58 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2011-11-26 01:08:58 +0100
commit	c9aaffd4541554af069e4ac097c39f567b02f55a (patch)
tree	13498d0860a3d4616f26d5f56e767f382678c682 /Bugzilla/Search.pm
parent	Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized b... (diff)
download	bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.gz bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.bz2 bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.zip