From 24145fb0de74e0c9fa5c3fe5d41d19e12a10186c Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org"
 <mkanat%bugzilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Fri, 12 Oct 2012 18:00:46 +0000
Subject: [PATCH] Bug 793826: Prevent private web service methods from being
 called r=dkl a=LpSolit

git-svn-id: svn://10.0.0.236/trunk@264326 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/bugzilla/.bzrrev                       | 2 +-
 mozilla/webtools/bugzilla/Bugzilla/WebService/Server.pm | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev
index 68ea7c67495..a5a0e7a8f39 100644
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@@ -1 +1 @@
-8421
\ No newline at end of file
+8422
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server.pm b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server.pm
index 5f179517812..5634aa0fe6a 100644
--- a/mozilla/webtools/bugzilla/Bugzilla/WebService/Server.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/WebService/Server.pm
@@ -17,7 +17,9 @@ use Scalar::Util qw(blessed);
 
 sub handle_login {
     my ($self, $class, $method, $full_method) = @_;
-    ThrowCodeError('unknown_method', {method => $full_method}) if !$class;
+    # Throw error if the supplied class does not exist or the method is private
+    ThrowCodeError('unknown_method', {method => $full_method}) if (!$class or $method =~ /^_/);
+
     eval "require $class";
     ThrowCodeError('unknown_method', {method => $full_method}) if $@;
     return if ($class->login_exempt($method)