diff options
author | jake%bugzilla.org <> | 2002-11-18 13:27:34 +0100 |
---|---|---|
committer | jake%bugzilla.org <> | 2002-11-18 13:27:34 +0100 |
commit | f45790a70fbe66f2354e230591fe07f0b7ee9626 (patch) | |
tree | cfdafc29dc0ea6f4d33cbeae4102136bc9209c45 | |
parent | f1b4d836b3e40e86799ab8aaa6f61e6c6d9d9d82 (diff) | |
download | bugzilla-f45790a70fbe66f2354e230591fe07f0b7ee9626.tar.gz bugzilla-f45790a70fbe66f2354e230591fe07f0b7ee9626.tar.xz |
Bug 180545 - It was possible to change the product/component of a bug without having the editbugs permission.
r=bbaetz
a=justdave
-rwxr-xr-x | process_bug.cgi | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index a0ed799c3..531706582 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -204,6 +204,14 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct) || (!$::FORM{'id'} && $::FORM{'product'} ne $::FORM{'dontchange'})) && CheckonComment( "reassignbycomponent" )) { + # Check to make sure they actually have the right to change the product + if (!CheckCanChangeField('product', $::FORM{'id'}, $::oldproduct, $::FORM{'product'})) { + $vars->{'oldvalue'} = $::oldproduct; + $vars->{'newvalue'} = $::FORM{'product'}; + $vars->{'field'} = 'product'; + ThrowUserError("illegal_change", undef, "abort"); + } + CheckFormField(\%::FORM, 'product', \@::legal_product); my $prod = $::FORM{'product'}; @@ -1062,6 +1070,13 @@ foreach my $id (@idlist) { "keyworddefs READ, groups READ, attachments READ"); my @oldvalues = SnapShotBug($id); my %oldhash; + # Fun hack. @::log_columns only contains the component_id, + # not the name (since bug 43600 got fixed). So, we need to have + # this id ready for the loop below, otherwise anybody can + # change the component of a bug (we checked product above). + # http://bugzilla.mozilla.org/show_bug.cgi?id=180545 + my $product_id = get_product_id($::FORM{'product'}); + $::FORM{'component_id'} = get_component_id($product_id, $::FORM{'component'}); my $i = 0; foreach my $col (@::log_columns) { # Consider NULL db entries to be equivalent to the empty string @@ -1069,9 +1084,17 @@ foreach my $id (@idlist) { $oldhash{$col} = $oldvalues[$i]; if (exists $::FORM{$col}) { if (!CheckCanChangeField($col, $id, $oldvalues[$i], $::FORM{$col})) { - $vars->{'oldvalue'} = $oldvalues[$i]; - $vars->{'newvalue'} = $::FORM{$col}; - $vars->{'field'} = $col; + # More fun hacking... don't display component_id + if ($col eq 'component_id') { + $vars->{'oldvalue'} = get_component_name($product_id, $oldhash{'component_id'}); + $vars->{'newvalue'} = $::FORM{'component'}; + $vars->{'field'} = 'component'; + } + else { + $vars->{'oldvalue'} = $oldvalues[$i]; + $vars->{'newvalue'} = $::FORM{$col}; + $vars->{'field'} = $col; + } ThrowUserError("illegal_change", undef, "abort"); } } |