diff options
author | bugreport%peshkin.net <> | 2004-07-06 10:12:29 +0200 |
---|---|---|
committer | bugreport%peshkin.net <> | 2004-07-06 10:12:29 +0200 |
commit | 73fd49ff3bbff6244802ba548bb22c2be39014e1 (patch) | |
tree | f7b78fde82e5557d604de9282d19c235dfc3dea1 /chart.cgi | |
parent | 4ab7a75f97285207ceb8c4830406701b11819cbc (diff) | |
download | bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.gz bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.xz |
Bug 243463 Use a param to protect new charts from leaking information
r=justdave
a=justdave
Diffstat (limited to 'chart.cgi')
-rwxr-xr-x | chart.cgi | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -84,6 +84,10 @@ if ($action eq "search") { Bugzilla->login(LOGIN_REQUIRED); +UserInGroup(Param("chartgroup")) + || ThrowUserError("authorization_failure", + {action => "use this feature"}); + # Only admins may create public queries UserInGroup('admin') || $cgi->delete('public'); |