summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2007-06-20 20:46:12 +0200
committerlpsolit%gmail.com <>2007-06-20 20:46:12 +0200
commit275a10ab18b0e6c713a74ac37532022ff5ecd2ff (patch)
tree6bef73ef79f63fb30d96a608edeef88c08c88ad1
parent9de3481eb1733f20b1ceac522fcc94ea0d4f27c2 (diff)
downloadbugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.gz
bugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.xz
Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi appear editable by users with no privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
-rwxr-xr-xprocess_bug.cgi22
-rw-r--r--template/en/default/bug/edit.html.tmpl6
2 files changed, 15 insertions, 13 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index e3143ac98..98b799670 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -671,17 +671,17 @@ if (defined $cgi->param('id')) {
q{SELECT group_id FROM bug_group_map WHERE bug_id = ?},
undef, $cgi->param('id'));
if ( $havegroup ) {
- DoComma();
- $cgi->param('reporter_accessible',
- $cgi->param('reporter_accessible') ? '1' : '0');
- $::query .= "reporter_accessible = ?";
- push(@values, $cgi->param('reporter_accessible'));
-
- DoComma();
- $cgi->param('cclist_accessible',
- $cgi->param('cclist_accessible') ? '1' : '0');
- $::query .= "cclist_accessible = ?";
- push(@values, $cgi->param('cclist_accessible'));
+ foreach my $field ('reporter_accessible', 'cclist_accessible') {
+ if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) {
+ DoComma();
+ $cgi->param($field, $cgi->param($field) ? '1' : '0');
+ $::query .= " $field = ?";
+ push(@values, $cgi->param($field));
+ }
+ else {
+ $cgi->delete($field);
+ }
+ }
}
}
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index fe3adbbe9..db2915d99 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -518,11 +518,13 @@
<p>
<input type="checkbox" value="1"
name="reporter_accessible" id="reporter_accessible"
- [% " checked" IF bug.reporter_accessible %]>
+ [% " checked" IF bug.reporter_accessible %]
+ [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("reporter_accessible", 0, 1) %]>
<label for="reporter_accessible">Reporter</label>
<input type="checkbox" value="1"
name="cclist_accessible" id="cclist_accessible"
- [% " checked" IF bug.cclist_accessible %]>
+ [% " checked" IF bug.cclist_accessible %]
+ [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("cclist_accessible", 0, 1) %]>
<label for="cclist_accessible">CC List</label>
</p>
[% END %]