diff options
| author | lpsolit%gmail.com <> | 2005-10-19 02:45:47 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-10-19 02:45:47 +0200 |
| commit | 8d67e86a56de870d2a76f0bc5d0dfa53af664a73 (patch) | |
| tree | 5406a0078d3d75838cc47fcf6004e37e1354abc1 /attachment.cgi | |
| parent | 59ef7920a7efaba7cf0e5b55eb85761b59c8aaa7 (diff) | |
| download | bugzilla-8d67e86a56de870d2a76f0bc5d0dfa53af664a73.tar.gz bugzilla-8d67e86a56de870d2a76f0bc5d0dfa53af664a73.tar.xz | |
Bug 302936: Reject the requestee if he cannot access private attachments - Patch by Frédéric Buclin <LpSolit@gmail.com> r=jouni a=justdave
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/attachment.cgi b/attachment.cgi index 6670e6325..3aa1a68d6 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -937,11 +937,11 @@ sub insert $vars->{'message'} = 'user_match_multiple'; } - # Flag::validate() should not detect any reference to existing - # flags when creating a new attachment. Setting the third param - # to -1 will force this function to check this point. + # FlagType::validate() and Flag::validate() should not detect + # any reference to existing flags when creating a new attachment. + # Setting the third param to -1 will force this function to check this point. Bugzilla::Flag::validate($cgi, $bugid, -1); - Bugzilla::FlagType::validate($cgi, $bugid); + Bugzilla::FlagType::validate($cgi, $bugid, -1); # Escape characters in strings that will be used in SQL statements. my $sql_filename = SqlQuote($filename); |