diff options
author | Simon Green <sgreen@redhat.com> | 2014-10-06 16:42:40 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 16:42:40 +0200 |
commit | 976dc12e4ed769bc02ffeb2be03bb1720e885135 (patch) | |
tree | ad7644c6ef1a2b5bea253e007f7166cfb37bfd28 /Bugzilla/Bug.pm | |
parent | 6d6b39029b7d2c24b17496fcdf8abdd080b59b55 (diff) | |
download | bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.gz bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.xz |
Bug 1064140: [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group
r=glob,a=glob
Diffstat (limited to 'Bugzilla/Bug.pm')
-rw-r--r-- | Bugzilla/Bug.pm | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 7b86ab2a1..90bd8b66d 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -908,12 +908,6 @@ sub update { join(', ', @added_names)]; } - # Flags - my ($removed, $added) = Bugzilla::Flag->update_flags($self, $old_bug, $delta_ts); - if ($removed || $added) { - $changes->{'flagtypes.name'} = [$removed, $added]; - } - # Comments foreach my $comment (@{$self->{added_comments} || []}) { # Override the Comment's timestamp to be identical to the update @@ -936,6 +930,9 @@ sub update { Bugzilla->user->id, $delta_ts, $comment->id); } + # Clear the cache of comments + delete $self->{comments}; + # Insert the values into the multiselect value tables my @multi_selects = grep {$_->type == FIELD_TYPE_MULTI_SELECT} Bugzilla->active_custom_fields; @@ -971,6 +968,12 @@ sub update { $_->update foreach @{ $self->{_update_ref_bugs} || [] }; delete $self->{_update_ref_bugs}; + # Flags + my ($removed, $added) = Bugzilla::Flag->update_flags($self, $old_bug, $delta_ts); + if ($removed || $added) { + $changes->{'flagtypes.name'} = [$removed, $added]; + } + # Log bugs_activity items # XXX Eventually, when bugs_activity is able to track the dupe_id, # this code should go below the duplicates-table-updating code below. |