summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-06-03 12:51:23 +0200
committerlpsolit%gmail.com <>2009-06-03 12:51:23 +0200
commitc17a0e4f5bc47334d459cb1ff78f3aef1f0ea358 (patch)
tree0092cf6c07a7edd1a8581cde445d9378b81d64fb
parent5a10ebe6514918f89e60e0dc43fa19ebe06c03be (diff)
downloadbugzilla-c17a0e4f5bc47334d459cb1ff78f3aef1f0ea358.tar.gz
bugzilla-c17a0e4f5bc47334d459cb1ff78f3aef1f0ea358.tar.xz
Bug 494072: editvalues.cgi lets you edit product names - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
-rwxr-xr-xeditvalues.cgi9
1 files changed, 7 insertions, 2 deletions
diff --git a/editvalues.cgi b/editvalues.cgi
index 5b82cee01..3c553c8d1 100755
--- a/editvalues.cgi
+++ b/editvalues.cgi
@@ -71,11 +71,16 @@ Bugzilla->user->in_group('admin') ||
my $action = trim($cgi->param('action') || '');
my $token = $cgi->param('token');
+# Fields listed here must not be edited from this interface.
+my @non_editable_fields = qw(product);
+my %block_list = map { $_ => 1 } @non_editable_fields;
+
#
# field = '' -> Show nice list of fields
#
if (!$cgi->param('field')) {
- my @field_list = Bugzilla->get_fields({ is_select => 1 });
+ my @field_list = grep { !$block_list{$_->name} }
+ Bugzilla->get_fields({ is_select => 1 });
$vars->{'fields'} = \@field_list;
$template->process("admin/fieldvalues/select-field.html.tmpl", $vars)
@@ -85,7 +90,7 @@ if (!$cgi->param('field')) {
# At this point, the field must be defined.
my $field = Bugzilla::Field->check($cgi->param('field'));
-if (!$field->is_select) {
+if (!$field->is_select || $block_list{$field->name}) {
ThrowUserError('fieldname_invalid', { field => $field });
}
$vars->{'field'} = $field;