summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjake%acutex.net <>2001-06-07 03:36:25 +0200
committerjake%acutex.net <>2001-06-07 03:36:25 +0200
commitce9c76ebbd1a699ce89cdead5f7ba427b62d9844 (patch)
tree764df019db99019aa24edfc2c20f8962e2f91145
parentd0f18b8747f261fa2ff5229735ee96b6d06dc745 (diff)
downloadbugzilla-ce9c76ebbd1a699ce89cdead5f7ba427b62d9844.tar.gz
bugzilla-ce9c76ebbd1a699ce89cdead5f7ba427b62d9844.tar.xz
Users should only be able to view attachments if they can view the bug that the file is attached to (bug 70189)
r=tara
-rwxr-xr-xshowattachment.cgi26
1 files changed, 17 insertions, 9 deletions
diff --git a/showattachment.cgi b/showattachment.cgi
index 22cfa9087..ae81117e5 100755
--- a/showattachment.cgi
+++ b/showattachment.cgi
@@ -19,6 +19,7 @@
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
+# Jacob Steenhagen <jake@acutex.net>
use diagnostics;
use strict;
@@ -27,17 +28,24 @@ require "CGI.pl";
ConnectToDatabase();
-my @row;
-if (defined $::FORM{'attach_id'}) {
- SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'}));
- @row = FetchSQLData();
+quietly_check_login();
+
+if ($::FORM{attach_id} !~ /^[1-9][0-9]*$/) {
+ DisplayError("Attachment ID should be numeric.");
+ exit;
}
-if (!@row) {
- print "Content-type: text/html\n\n";
- PutHeader("Bad ID");
- print "Please hit back and try again.\n";
+
+SendSQL("select bug_id, mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}");
+my ($bug_id, $mimetype, $thedata) = FetchSQLData();
+
+if (!$bug_id) {
+ DisplayError("Attachment $::FORM{attach_id} does not exist.");
exit;
}
-print qq{Content-type: $row[0]\n\n$row[1]};
+
+# Make sure the user can see the bug to which this file is attached
+ValidateBugID($bug_id);
+
+print qq{Content-type: $mimetype\n\n$thedata};