diff options
author | bugreport%peshkin.net <> | 2004-07-10 16:39:56 +0200 |
---|---|---|
committer | bugreport%peshkin.net <> | 2004-07-10 16:39:56 +0200 |
commit | 0066e681a05fb471d9468119e755a00e40dd19f5 (patch) | |
tree | a2d1a8c005100cef4fb9ce7f06e294c58b969387 | |
parent | dbce51e838e74f1ad31e3d8076db93df64f56592 (diff) | |
download | bugzilla-0066e681a05fb471d9468119e755a00e40dd19f5.tar.gz bugzilla-0066e681a05fb471d9468119e755a00e40dd19f5.tar.xz |
Bug 233486: Only process groups user is supposed to be able to bless in editgroups.cgi
r=justdave
a=justdave
-rwxr-xr-x | editusers.cgi | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/editusers.cgi b/editusers.cgi index 9dfc672d9..ed8f974e2 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -155,7 +155,7 @@ sub EmitFormElements ($$$$) print "<TD COLSPAN=2 ALIGN=LEFT><B>User is a member of these groups</B></TD>\n"; while (MoreSQLData()) { my ($groupid, $name, $description, $checked, $isderived, $isregexp) = FetchSQLData(); - next if (!$editall && !UserCanBlessGroup($name)); + next unless ($editall || UserCanBlessGroup($name)); PushGlobalSQLState(); SendSQL("SELECT user_id " . "FROM user_group_map " . @@ -762,6 +762,7 @@ if ($action eq 'update') { my $chggrp = 0; SendSQL("SELECT id, name FROM groups"); while (my ($groupid, $name) = FetchSQLData()) { + next unless ($editall || UserCanBlessGroup($name)); if ($::FORM{"oldgroup_$groupid"} != ($::FORM{"group_$groupid"} ? 1 : 0)) { # group membership changed PushGlobalSQLState(); |