summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjake%bugzilla.org <>2002-11-18 13:27:34 +0100
committerjake%bugzilla.org <>2002-11-18 13:27:34 +0100
commitf45790a70fbe66f2354e230591fe07f0b7ee9626 (patch)
treecfdafc29dc0ea6f4d33cbeae4102136bc9209c45
parentf1b4d836b3e40e86799ab8aaa6f61e6c6d9d9d82 (diff)
downloadbugzilla-f45790a70fbe66f2354e230591fe07f0b7ee9626.tar.gz
bugzilla-f45790a70fbe66f2354e230591fe07f0b7ee9626.tar.xz
Bug 180545 - It was possible to change the product/component of a bug without having the editbugs permission.
r=bbaetz a=justdave
-rwxr-xr-xprocess_bug.cgi29
1 files changed, 26 insertions, 3 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index a0ed799c3..531706582 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -204,6 +204,14 @@ if ((($::FORM{'id'} && $::FORM{'product'} ne $::oldproduct)
|| (!$::FORM{'id'} && $::FORM{'product'} ne $::FORM{'dontchange'}))
&& CheckonComment( "reassignbycomponent" ))
{
+ # Check to make sure they actually have the right to change the product
+ if (!CheckCanChangeField('product', $::FORM{'id'}, $::oldproduct, $::FORM{'product'})) {
+ $vars->{'oldvalue'} = $::oldproduct;
+ $vars->{'newvalue'} = $::FORM{'product'};
+ $vars->{'field'} = 'product';
+ ThrowUserError("illegal_change", undef, "abort");
+ }
+
CheckFormField(\%::FORM, 'product', \@::legal_product);
my $prod = $::FORM{'product'};
@@ -1062,6 +1070,13 @@ foreach my $id (@idlist) {
"keyworddefs READ, groups READ, attachments READ");
my @oldvalues = SnapShotBug($id);
my %oldhash;
+ # Fun hack. @::log_columns only contains the component_id,
+ # not the name (since bug 43600 got fixed). So, we need to have
+ # this id ready for the loop below, otherwise anybody can
+ # change the component of a bug (we checked product above).
+ # http://bugzilla.mozilla.org/show_bug.cgi?id=180545
+ my $product_id = get_product_id($::FORM{'product'});
+ $::FORM{'component_id'} = get_component_id($product_id, $::FORM{'component'});
my $i = 0;
foreach my $col (@::log_columns) {
# Consider NULL db entries to be equivalent to the empty string
@@ -1069,9 +1084,17 @@ foreach my $id (@idlist) {
$oldhash{$col} = $oldvalues[$i];
if (exists $::FORM{$col}) {
if (!CheckCanChangeField($col, $id, $oldvalues[$i], $::FORM{$col})) {
- $vars->{'oldvalue'} = $oldvalues[$i];
- $vars->{'newvalue'} = $::FORM{$col};
- $vars->{'field'} = $col;
+ # More fun hacking... don't display component_id
+ if ($col eq 'component_id') {
+ $vars->{'oldvalue'} = get_component_name($product_id, $oldhash{'component_id'});
+ $vars->{'newvalue'} = $::FORM{'component'};
+ $vars->{'field'} = 'component';
+ }
+ else {
+ $vars->{'oldvalue'} = $oldvalues[$i];
+ $vars->{'newvalue'} = $::FORM{$col};
+ $vars->{'field'} = $col;
+ }
ThrowUserError("illegal_change", undef, "abort");
}
}