diff options
| author | justdave%syndicomm.com <> | 2003-11-03 12:25:51 +0100 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2003-11-03 12:25:51 +0100 |
| commit | a30e5f2cf9b04a8a377186ecb3b90b4311d23894 (patch) | |
| tree | efbcccbae8cd64c293ff40069e8ee298c14160d5 /describecomponents.cgi | |
| parent | 808d96e117740d8cd8221dbf3c82c54de1bb7272 (diff) | |
| download | bugzilla-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.gz bugzilla-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.xz | |
[SECURITY] Bug 209742: Under some circumstances, a user can obtain component descriptions for a product to which he does not normally have access.
Patch by Ryan Cleary <tryanc@interdimensions.com>
r= joel, bbaetz a= justdave
Diffstat (limited to 'describecomponents.cgi')
| -rwxr-xr-x | describecomponents.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/describecomponents.cgi b/describecomponents.cgi index ff7f46ac8..05af91949 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; - if (AnyDefaultGroups()) { + if (AnyEntryGroups()) { # OK, now only add products the user can see confirm_login() unless $::userid; foreach my $p (@::legal_product) { |