diff options
| author | Simon Green <sgreen@redhat.com> | 2013-02-19 18:11:40 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2013-02-19 18:11:40 +0100 |
| commit | e2c8da0dfc534ffca6232cc7d370299d5d446604 (patch) | |
| tree | 94031fcc7203f315398ddb7d3055908769e99294 /buglist.cgi | |
| parent | fab1e128fd61a78809ee967279e8acc6b6962f1e (diff) | |
| download | bugzilla-e2c8da0dfc534ffca6232cc7d370299d5d446604.tar.gz bugzilla-e2c8da0dfc534ffca6232cc7d370299d5d446604.tar.xz | |
Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence of products and components you cannot access
r/a=LpSolit
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi index 625b7eab8..97654cdf2 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -721,7 +721,10 @@ $::SIG{PIPE} = 'DEFAULT'; my ($data, $extra_data) = $search->data; $vars->{'search_description'} = $search->search_description; -if ($cgi->param('debug')) { +if ($cgi->param('debug') + && Bugzilla->params->{debug_group} + && $user->in_group(Bugzilla->params->{debug_group}) +) { $vars->{'debug'} = 1; $vars->{'queries'} = $extra_data; my $query_time = 0; |