diff options
author | myk%mozilla.org <> | 2001-11-08 09:52:13 +0100 |
---|---|---|
committer | myk%mozilla.org <> | 2001-11-08 09:52:13 +0100 |
commit | 6f66681a7a9d326e628e3a0e70de34fa20c4bb16 (patch) | |
tree | f46124a9ce0128a5209b2890614491665700a2df | |
parent | 4b5278c7ba3654533b551a9ab5fab1c40c58d74d (diff) | |
download | bugzilla-6f66681a7a9d326e628e3a0e70de34fa20c4bb16.tar.gz bugzilla-6f66681a7a9d326e628e3a0e70de34fa20c4bb16.tar.xz |
Fix for bug 108821: Prevent users with any blessgroupset privileges from blessing any group set.
Patch by Jake <jake@acutex.net> and Bradley <bbaetz@cs.mcgill.ca>.
r=jake,myk for Bradley's portion, r=bbaetz,myk for Jake's portion.
-rwxr-xr-x | editusers.cgi | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/editusers.cgi b/editusers.cgi index 3e4a20e3b..a2a6ee51b 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -742,12 +742,14 @@ if ($action eq 'update') { foreach (keys %::FORM) { next unless /^bit_/; #print "$_=$::FORM{$_}<br>\n"; + detaint_natural($::FORM{$_}) || die "Groupset field tampered with"; $groupset .= " + $::FORM{$_}"; } my $blessgroupset = "0"; foreach (keys %::FORM) { next unless /^blbit_/; #print "$_=$::FORM{$_}<br>\n"; + detaint_natural($::FORM{$_}) || die "Blessgroupset field tampered with"; $blessgroupset .= " + $::FORM{$_}"; } @@ -767,7 +769,8 @@ if ($action eq 'update') { } else { SendSQL("UPDATE profiles SET groupset = - groupset - (groupset & $opblessgroupset) + $groupset + groupset - (groupset & $opblessgroupset) + + (($groupset) & $opblessgroupset) WHERE login_name=" . SqlQuote($userold)); # I'm paranoid that someone who I give the ability to bless people |