summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2004-07-10 16:39:56 +0200
committerbugreport%peshkin.net <>2004-07-10 16:39:56 +0200
commit0066e681a05fb471d9468119e755a00e40dd19f5 (patch)
treea2d1a8c005100cef4fb9ce7f06e294c58b969387
parentdbce51e838e74f1ad31e3d8076db93df64f56592 (diff)
downloadbugzilla-0066e681a05fb471d9468119e755a00e40dd19f5.tar.gz
bugzilla-0066e681a05fb471d9468119e755a00e40dd19f5.tar.xz
Bug 233486: Only process groups user is supposed to be able to bless in editgroups.cgi
r=justdave a=justdave
-rwxr-xr-xeditusers.cgi3
1 files changed, 2 insertions, 1 deletions
diff --git a/editusers.cgi b/editusers.cgi
index 9dfc672d9..ed8f974e2 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -155,7 +155,7 @@ sub EmitFormElements ($$$$)
print "<TD COLSPAN=2 ALIGN=LEFT><B>User is a member of these groups</B></TD>\n";
while (MoreSQLData()) {
my ($groupid, $name, $description, $checked, $isderived, $isregexp) = FetchSQLData();
- next if (!$editall && !UserCanBlessGroup($name));
+ next unless ($editall || UserCanBlessGroup($name));
PushGlobalSQLState();
SendSQL("SELECT user_id " .
"FROM user_group_map " .
@@ -762,6 +762,7 @@ if ($action eq 'update') {
my $chggrp = 0;
SendSQL("SELECT id, name FROM groups");
while (my ($groupid, $name) = FetchSQLData()) {
+ next unless ($editall || UserCanBlessGroup($name));
if ($::FORM{"oldgroup_$groupid"} != ($::FORM{"group_$groupid"} ? 1 : 0)) {
# group membership changed
PushGlobalSQLState();