Bug 96085 - bypassing group security checks using duplicate bugs

Patch by Christopher Aillon <christopher@aillon.com> r= jake@acutex.net
author: jake%acutex.net <> 2001-08-27 03:51:44 +0200
committer: jake%acutex.net <> 2001-08-27 03:51:44 +0200
commit: c05c60cf06842168c9cb6a958accb28b728f7436 (patch)
tree: def5975de55f337198ed937d21e00278d3bfd46f /CGI.pl
parent: 406508ea8a600b9ed3582b6771cab62de81b9dc5 (diff)
download: bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.gz
bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/CGI.pl b/CGI.pl
index ddf5fa14c..2cf6ffeca 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -21,6 +21,7 @@
 #                 Dan Mosedale <dmose@mozilla.org>
 #                 Joe Robins <jmrobins@tgix.com>
 #                 Dave Miller <justdave@syndicomm.com>
+#                 Christopher Aillon <christopher@aillon.com>
 
 # Contains some global routines used throughout the CGI scripts of Bugzilla.
 
@@ -315,9 +316,11 @@ sub ValidateBugID {
                  AND    cc.bug_id = bugs.bug_id
                 ");
         while (my ($ccwho) = FetchSQLData()) {
-            push @cclist , $ccwho;
+            # more efficient to just check the var here instead of
+            # creating a potentially huge array to grep against
+            return if ($userid == $ccwho);
         }
-        return if grep($userid == $_ , @cclist);
+
     }
 
     # The user did not pass any of the authorization tests, which means they
author	jake%acutex.net <>	2001-08-27 03:51:44 +0200
committer	jake%acutex.net <>	2001-08-27 03:51:44 +0200
commit	c05c60cf06842168c9cb6a958accb28b728f7436 (patch)
tree	def5975de55f337198ed937d21e00278d3bfd46f /CGI.pl
parent	406508ea8a600b9ed3582b6771cab62de81b9dc5 (diff)
download	bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.gz bugzilla-c05c60cf06842168c9cb6a958accb28b728f7436.tar.xz