diff options
author | lpsolit%gmail.com <> | 2007-06-20 20:46:12 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2007-06-20 20:46:12 +0200 |
commit | 275a10ab18b0e6c713a74ac37532022ff5ecd2ff (patch) | |
tree | 6bef73ef79f63fb30d96a608edeef88c08c88ad1 | |
parent | 9de3481eb1733f20b1ceac522fcc94ea0d4f27c2 (diff) | |
download | bugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.gz bugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.xz |
Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi appear editable by users with no privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
-rwxr-xr-x | process_bug.cgi | 22 | ||||
-rw-r--r-- | template/en/default/bug/edit.html.tmpl | 6 |
2 files changed, 15 insertions, 13 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index e3143ac98..98b799670 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -671,17 +671,17 @@ if (defined $cgi->param('id')) { q{SELECT group_id FROM bug_group_map WHERE bug_id = ?}, undef, $cgi->param('id')); if ( $havegroup ) { - DoComma(); - $cgi->param('reporter_accessible', - $cgi->param('reporter_accessible') ? '1' : '0'); - $::query .= "reporter_accessible = ?"; - push(@values, $cgi->param('reporter_accessible')); - - DoComma(); - $cgi->param('cclist_accessible', - $cgi->param('cclist_accessible') ? '1' : '0'); - $::query .= "cclist_accessible = ?"; - push(@values, $cgi->param('cclist_accessible')); + foreach my $field ('reporter_accessible', 'cclist_accessible') { + if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) { + DoComma(); + $cgi->param($field, $cgi->param($field) ? '1' : '0'); + $::query .= " $field = ?"; + push(@values, $cgi->param($field)); + } + else { + $cgi->delete($field); + } + } } } diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index fe3adbbe9..db2915d99 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -518,11 +518,13 @@ <p> <input type="checkbox" value="1" name="reporter_accessible" id="reporter_accessible" - [% " checked" IF bug.reporter_accessible %]> + [% " checked" IF bug.reporter_accessible %] + [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("reporter_accessible", 0, 1) %]> <label for="reporter_accessible">Reporter</label> <input type="checkbox" value="1" name="cclist_accessible" id="cclist_accessible" - [% " checked" IF bug.cclist_accessible %]> + [% " checked" IF bug.cclist_accessible %] + [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("cclist_accessible", 0, 1) %]> <label for="cclist_accessible">CC List</label> </p> [% END %] |