Bug 292544: [SECURITY] Can see a security-sensitive bug in buglist.cgi for a short time when there are certain performance problems

Patch By Frederic Buclin <LpSolit@gmail.com> r=joel, a=justdave

3 files changed, 12 insertions, 11 deletions

diff --git a/Bugzilla/DB/Schema.pm b/Bugzilla/DB/Schema.pm
index c7d4a5583..52d1b3212 100644
--- a/Bugzilla/DB/Schema.pm
+++ b/Bugzilla/DB/Schema.pm
@@ -156,7 +156,7 @@ use constant ABSTRACT_SCHEMA => {
             bug_file_loc        => {TYPE => 'TEXT'},
             bug_severity        => {TYPE => 'varchar(64)', NOTNULL => 1},
             bug_status          => {TYPE => 'varchar(64)', NOTNULL => 1},
-            creation_ts         => {TYPE => 'DATETIME', NOTNULL => 1},
+            creation_ts         => {TYPE => 'DATETIME'},
             delta_ts            => {TYPE => 'DATETIME', NOTNULL => 1},
             short_desc          => {TYPE => 'MEDIUMTEXT', NOTNULL => 1},
             op_sys              => {TYPE => 'varchar(64)', NOTNULL => 1},
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index e69c3232f..ec93e96a8 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1357,7 +1357,7 @@ sub init {
     }
 
     $query .= " WHERE " . join(' AND ', (@wherepart, @andlist)) .
-              " AND ((bug_group_map.group_id IS NULL)";
+              " AND bugs.creation_ts IS NOT NULL AND ((bug_group_map.group_id IS NULL)";
 
     if ($user->id) {
         my $userid = $user->id;
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index c9817a4d9..ff88b9f3b 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -356,7 +356,7 @@ sub can_see_bug {
     # is cached because this may be called for every row in buglists or
     # every bug in a dependency list.
     unless ($sth) {
-        $sth = $dbh->prepare("SELECT reporter, assigned_to, qa_contact,
+        $sth = $dbh->prepare("SELECT 1, reporter, assigned_to, qa_contact,
                              reporter_accessible, cclist_accessible,
                              COUNT(cc.who), COUNT(bug_group_map.bug_id)
                              FROM bugs
@@ -367,22 +367,23 @@ sub can_see_bug {
                                ON bugs.bug_id = bug_group_map.bug_id
                                AND bug_group_map.group_ID NOT IN(" .
                                join(',',(-1, values(%{$self->groups}))) .
-                               ") WHERE bugs.bug_id = ? " .
+                               ") WHERE bugs.bug_id = ? 
+                               AND creation_ts IS NOT NULL " .
                              $dbh->sql_group_by('bugs.bug_id', 'reporter, ' .
                              'assigned_to, qa_contact, reporter_accessible, ' .
                              'cclist_accessible'));
     }
     $sth->execute($bugid);
-    my ($reporter, $owner, $qacontact, $reporter_access, $cclist_access,
+    my ($ready, $reporter, $owner, $qacontact, $reporter_access, $cclist_access,
         $isoncclist, $missinggroup) = $sth->fetchrow_array();
     $sth->finish;
     $self->{sthCanSeeBug} = $sth;
-    return ( (($reporter == $userid) && $reporter_access)
-           || (Param('useqacontact') && $qacontact && 
-              ($qacontact == $userid))
-           || ($owner == $userid)
-           || ($isoncclist && $cclist_access)
-           || (!$missinggroup) );
+    return ($ready
+            && ((($reporter == $userid) && $reporter_access)
+                || (Param('useqacontact') && $qacontact && ($qacontact == $userid))
+                || ($owner == $userid)
+                || ($isoncclist && $cclist_access)
+                || (!$missinggroup)));
 }
 
 sub get_selectable_products {