summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2003-11-03 12:25:51 +0100
committerjustdave%syndicomm.com <>2003-11-03 12:25:51 +0100
commita30e5f2cf9b04a8a377186ecb3b90b4311d23894 (patch)
treeefbcccbae8cd64c293ff40069e8ee298c14160d5
parent808d96e117740d8cd8221dbf3c82c54de1bb7272 (diff)
downloadbugzilla-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.gz
bugzilla-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.xz
[SECURITY] Bug 209742: Under some circumstances, a user can obtain component descriptions for a product to which he does not normally have access.
Patch by Ryan Cleary <tryanc@interdimensions.com> r= joel, bbaetz a= justdave
-rwxr-xr-xdescribecomponents.cgi2
1 files changed, 1 insertions, 1 deletions
diff --git a/describecomponents.cgi b/describecomponents.cgi
index ff7f46ac8..05af91949 100755
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) {
# Reference to a subset of %::proddesc, which the user is allowed to see
my %products;
- if (AnyDefaultGroups()) {
+ if (AnyEntryGroups()) {
# OK, now only add products the user can see
confirm_login() unless $::userid;
foreach my $p (@::legal_product) {