Bug 756550: Do not link a bug alias with its bug ID for bugs you cannot see

r=glob a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2012-08-09 13:45:59 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2012-08-09 13:45:59 +0200
commit: 9ec7d139f9ab26fc2cc6986ec72d254d0fdef242 (patch)
tree: f151e0e128b4e93e1f631a002c621a345c43053a /Bugzilla/Search
parent: 17a866fde027a1236cfadc7829d0176a60dc4b51 (diff)
download: bugzilla-9ec7d139f9ab26fc2cc6986ec72d254d0fdef242.tar.gz
bugzilla-9ec7d139f9ab26fc2cc6986ec72d254d0fdef242.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm
index 10f3f768b..17c5635ff 100644
--- a/Bugzilla/Search/Quicksearch.pm
+++ b/Bugzilla/Search/Quicksearch.pm
@@ -285,9 +285,10 @@ sub _handle_alias {
     if ($searchstring =~ /^([^,\s]+)$/) {
         my $alias = $1;
         # We use this direct SQL because we want quicksearch to be VERY fast.
-        my $is_alias = Bugzilla->dbh->selectrow_array(
-            q{SELECT 1 FROM bugs WHERE alias = ?}, undef, $alias);
-        if ($is_alias) {
+        my $bug_id = Bugzilla->dbh->selectrow_array(
+            q{SELECT bug_id FROM bugs WHERE alias = ?}, undef, $alias);
+        # If the user cannot see the bug, do not resolve its alias.
+        if ($bug_id && Bugzilla->user->can_see_bug($bug_id)) {
             $alias = url_quote($alias);
             print Bugzilla->cgi->redirect(
                 -uri => correct_urlbase() . "show_bug.cgi?id=$alias");
author	Frédéric Buclin <LpSolit@gmail.com>	2012-08-09 13:45:59 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2012-08-09 13:45:59 +0200
commit	9ec7d139f9ab26fc2cc6986ec72d254d0fdef242 (patch)
tree	f151e0e128b4e93e1f631a002c621a345c43053a /Bugzilla/Search
parent	17a866fde027a1236cfadc7829d0176a60dc4b51 (diff)
download	bugzilla-9ec7d139f9ab26fc2cc6986ec72d254d0fdef242.tar.gz bugzilla-9ec7d139f9ab26fc2cc6986ec72d254d0fdef242.tar.xz