summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjake%acutex.net <>2001-06-01 22:38:01 +0200
committerjake%acutex.net <>2001-06-01 22:38:01 +0200
commit8e1f344a2b52856dde0ac23b05244d3a3e7bf66e (patch)
treefded7aef212c4219e223315865ae5c159349f19d
parent6496a7165061d8552f3cc1bc3aa1454b24f45470 (diff)
downloadbugzilla-8e1f344a2b52856dde0ac23b05244d3a3e7bf66e.tar.gz
bugzilla-8e1f344a2b52856dde0ac23b05244d3a3e7bf66e.tar.xz
More leak pluggin. This one fixes bug 39526.
Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net
-rwxr-xr-xshow_activity.cgi25
1 files changed, 22 insertions, 3 deletions
diff --git a/show_activity.cgi b/show_activity.cgi
index d6e388afc..fccc21cd4 100755
--- a/show_activity.cgi
+++ b/show_activity.cgi
@@ -19,21 +19,40 @@
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
+# Myk Melez <myk@mozilla.org>
use diagnostics;
use strict;
require "CGI.pl";
+ConnectToDatabase();
+
+######################################################################
+# Begin Data/Security Validation
+######################################################################
+
+# Check whether or not the user is currently logged in. This function
+# sets the value of $::usergroupset, the binary number that records
+# the set of groups to which the user belongs and which we can use
+# to determine whether or not the user is authorized to access this bug.
+quietly_check_login();
+
+# Make sure the bug ID is a positive integer representing an existing
+# bug that the user is authorized to access.
+ValidateBugID($::FORM{'id'});
+
+######################################################################
+# End Data/Security Validation
+######################################################################
+
print "Content-type: text/html\n\n";
PutHeader("Changes made to bug $::FORM{'id'}", "Activity log",
"Bug $::FORM{'id'}");
-ConnectToDatabase();
-
DumpBugActivity($::FORM{'id'});
-print "<hr><a href=show_bug.cgi?id=$::FORM{'id'}>Back to bug $::FORM{'id'}</a>\n";
+print qq|<hr><a href="show_bug.cgi?id=$::FORM{'id'}">Back to bug $::FORM{'id'}</a>\n|;
PutFooter();