diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2014-01-03 00:18:45 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2014-01-03 00:18:45 +0100 |
| commit | 05efc5cc95012761732f453211ccb18456fd8086 (patch) | |
| tree | 0f832d9afa86804dd2a2ff2dc3953d507667be73 /Bugzilla | |
| parent | 0ac53ed9b6735eb6b5f49aa1574901a660c58657 (diff) | |
| download | bugzilla-05efc5cc95012761732f453211ccb18456fd8086.tar.gz bugzilla-05efc5cc95012761732f453211ccb18456fd8086.tar.xz | |
Bug 952284 - Tags set to private comments should not be disclosed to everybody in the bug activity table
r=LpSolit,a=sgreen
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Bug.pm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index f0476c898..b4e8c361a 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -3872,6 +3872,15 @@ sub get_activity { && $include_comment_tags && !$attach_id) { + # Only includes comment tag activity for comments the user is allowed to see. + $suppjoins = ""; + $suppwhere = ""; + if (!Bugzilla->user->is_insider) { + $suppjoins = "INNER JOIN longdescs + ON longdescs.comment_id = longdescs_tags_activity.comment_id"; + $suppwhere = "AND longdescs.isprivate = 0"; + } + $query .= " UNION ALL SELECT 'comment_tag' AS name, @@ -3883,8 +3892,10 @@ sub get_activity { longdescs_tags_activity.comment_id as comment_id FROM longdescs_tags_activity INNER JOIN profiles ON profiles.userid = longdescs_tags_activity.who + $suppjoins WHERE longdescs_tags_activity.bug_id = ? $datepart + $suppwhere "; push @args, $self->id; push @args, $starttime if defined $starttime; |