diff options
| author | endico%mozilla.org <> | 2001-03-13 07:35:50 +0100 |
|---|---|---|
| committer | endico%mozilla.org <> | 2001-03-13 07:35:50 +0100 |
| commit | f9ad36979ee316009fe69972da97702ec14110ce (patch) | |
| tree | db3b7d3ae96630345dc9f738b7c48433dddbc1e8 | |
| parent | 771e38ec238c4814bfbe756d80e991eda60f294b (diff) | |
| download | bugzilla-f9ad36979ee316009fe69972da97702ec14110ce.tar.gz bugzilla-f9ad36979ee316009fe69972da97702ec14110ce.tar.xz | |
Checking in Jake's <jake@acutex.net> interim patches from bug 30694. Bugzilla was showing bug summaries to everyone, even if they didn't have permission to view the bug. Jake's quick solution is to not display the bug at all if it is in a group no matter who is viewing it. The correct solution would be display the summary if the viewer had the proper permissions.
| -rwxr-xr-x | duplicates.cgi | 7 | ||||
| -rw-r--r-- | globals.pl | 7 | ||||
| -rwxr-xr-x | show_bug.cgi | 6 |
3 files changed, 11 insertions, 9 deletions
diff --git a/duplicates.cgi b/duplicates.cgi index c9c692ca3..6bb4e20ab 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -139,9 +139,10 @@ my $i = 0; foreach (@sortedcount) { my $id = $_; - SendSQL("SELECT component, bug_severity, op_sys, target_milestone, short_desc FROM " . - "bugs WHERE bug_id = $id"); - my ($component, $severity, $op_sys, $milestone, $summary) = FetchSQLData(); + SendSQL("SELECT component, bug_severity, op_sys, target_milestone, short_desc, groupset " . + " FROM bugs WHERE bug_id = $id"); + my ($component, $severity, $op_sys, $milestone, $summary, $groupset) = FetchSQLData(); + next unless $groupset == 0; $summary = html_quote($summary); print "<tr>"; print '<td><center><A HREF="show_bug.cgi?id=' . $id . '">'; diff --git a/globals.pl b/globals.pl index 4ba85ed90..d112b0c8f 100644 --- a/globals.pl +++ b/globals.pl @@ -775,9 +775,9 @@ sub GetBugLink { PushGlobalSQLState(); # Get this bug's info from the SQL Database - SendSQL("select bugs.bug_status, resolution, short_desc + SendSQL("select bugs.bug_status, resolution, short_desc, groupset from bugs where bugs.bug_id = $bug_num"); - my ($bug_stat, $bug_res, $bug_desc) = (FetchSQLData()); + my ($bug_stat, $bug_res, $bug_desc, $bug_grp) = (FetchSQLData()); # Format the retrieved information into a link if ($bug_stat eq "UNCONFIRMED") { $link_return .= "<i>" } @@ -786,7 +786,8 @@ sub GetBugLink { $link_text = value_quote($link_text); $link_return .= qq{<a href="show_bug.cgi?id=$bug_num" title="$bug_stat}; if ($bug_res ne "") {$link_return .= " $bug_res"} - $link_return .= qq{ - $bug_desc">$link_text</a>}; + if ($bug_grp == 0) { $link_return .= " - $bug_desc" } + $link_return .= qq{">$link_text</a>}; if ($bug_res ne "") { $link_return .= "</strike>" } if ($bug_stat eq "UNCONFIRMED") { $link_return .= "</i>"} diff --git a/show_bug.cgi b/show_bug.cgi index 1dd1f8820..83baa42b5 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -47,9 +47,9 @@ if (!defined $::FORM{'id'} || $::FORM{'id'} !~ /^\s*\d+\s*$/) { GetVersionTable(); -SendSQL("select short_desc from bugs where bug_id = $::FORM{'id'}"); -my $summary = FetchOneColumn(); -if( $summary ) { +SendSQL("select short_desc, groupset from bugs where bug_id = $::FORM{'id'}"); +my ($summary, $groupset) = FetchSQLData(); +if( $summary && $groupset == 0) { $summary = html_quote($summary); PutHeader("Bug $::FORM{'id'} - $summary", "Bugzilla Bug $::FORM{'id'}", $summary ); }else { |