diff options
author | jake%acutex.net <> | 2001-08-27 03:51:44 +0200 |
---|---|---|
committer | jake%acutex.net <> | 2001-08-27 03:51:44 +0200 |
commit | c05c60cf06842168c9cb6a958accb28b728f7436 (patch) | |
tree | def5975de55f337198ed937d21e00278d3bfd46f /CGI.pl | |
parent | 406508ea8a600b9ed3582b6771cab62de81b9dc5 (diff) | |
download | bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.gz bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.xz |
Bug 96085 - bypassing group security checks using duplicate bugs
Patch by Christopher Aillon <christopher@aillon.com>
r= jake@acutex.net
Diffstat (limited to 'CGI.pl')
-rw-r--r-- | CGI.pl | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -21,6 +21,7 @@ # Dan Mosedale <dmose@mozilla.org> # Joe Robins <jmrobins@tgix.com> # Dave Miller <justdave@syndicomm.com> +# Christopher Aillon <christopher@aillon.com> # Contains some global routines used throughout the CGI scripts of Bugzilla. @@ -315,9 +316,11 @@ sub ValidateBugID { AND cc.bug_id = bugs.bug_id "); while (my ($ccwho) = FetchSQLData()) { - push @cclist , $ccwho; + # more efficient to just check the var here instead of + # creating a potentially huge array to grep against + return if ($userid == $ccwho); } - return if grep($userid == $_ , @cclist); + } # The user did not pass any of the authorization tests, which means they |