From ef65de786e244642bcc1376f85faf30f25b41f11 Mon Sep 17 00:00:00 2001
From: Alan Nelson <labs-anelson56@unl.edu>
Date: Thu, 3 Jul 2014 12:39:31 -0500
Subject: [PATCH] Added error checking / validation for pull request number

---
 .../modules/bulletin/controllers/NewController.php |  2 +-
 .../models/ApprovalActionPullRequestModel.php      | 14 ++++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/application/modules/bulletin/controllers/NewController.php b/application/modules/bulletin/controllers/NewController.php
index 14acc6f7..e1540a99 100644
--- a/application/modules/bulletin/controllers/NewController.php
+++ b/application/modules/bulletin/controllers/NewController.php
@@ -46,7 +46,7 @@ class Bulletin_NewController extends Creq_Controller_Action
             $pullRequestNumber = $request->getPullRequestNumber();
 
             // Make sure we have a number and not NULL
-            if ($pullRequestNumber != 'NULL' && $pullRequestNumber != ''){
+            if (is_int($pullRequestNumber) && intval($pullRequestNumber) > 0){
                 $merged = Bulletin_RepositoryModel::getInstance()->pullRequestHasBeenMerged(intval($pullRequestNumber));
 
                 if ($merged == false) {
diff --git a/application/modules/bulletin/models/ApprovalActionPullRequestModel.php b/application/modules/bulletin/models/ApprovalActionPullRequestModel.php
index 4cb9d160..6357f0a4 100644
--- a/application/modules/bulletin/models/ApprovalActionPullRequestModel.php
+++ b/application/modules/bulletin/models/ApprovalActionPullRequestModel.php
@@ -137,13 +137,15 @@ class Bulletin_ApprovalActionPullRequestModel extends Requests_ApprovalActionMod
         $safeRequestId = intval($requestId);
         $safePullRequestNumber = intval($pullRequestNumber);
 
-        $data = array(
-            'pullRequestNumber' => $safePullRequestNumber
-        );
-        $where = "requestId = '$safeRequestId'";
+        if ($safePullRequestNumber > 0) {
+            $data = array(
+                'pullRequestNumber' => $safePullRequestNumber
+            );
+            $where = "requestId = '$safeRequestId'";
 
-        $db = Zend_Registry::get('db');
-        $db->update('creqRequests', $data, $where);
+            $db = Zend_Registry::get('db');
+            $db->update('creqRequests', $data, $where);
+        }
     }
 
 }
-- 
GitLab