diff options
author | lpsolit%gmail.com <> | 2006-10-21 06:16:53 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-21 06:16:53 +0200 |
commit | ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51 (patch) | |
tree | 71ed1b78ec49498ed76a2f9c2e10e57bab686dc4 /editgroups.cgi | |
parent | 0b954e5dc3a6e199252c97d876113b013eb3d3bd (diff) | |
download | bugzilla-ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51.tar.gz bugzilla-ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51.tar.xz |
Bug 349855: editgroups.cgi doesn't protect the querysharegroup from deletion
Bug 357429: Renaming a group which plays a special role generates a SQL error
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-x | editgroups.cgi | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/editgroups.cgi b/editgroups.cgi index 09e1c8b10..0c49db698 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -37,6 +37,9 @@ use Bugzilla::Product; use Bugzilla::User; use Bugzilla::Token; +use constant SPECIAL_GROUPS => ('chartgroup', 'insidergroup', + 'timetrackinggroup', 'querysharegroup'); + my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; @@ -316,7 +319,7 @@ if ($action eq 'del') { } # Groups having a special role cannot be deleted. my @special_groups; - foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') { + foreach my $special_group (SPECIAL_GROUPS) { if ($name eq Bugzilla->params->{$special_group}) { push(@special_groups, $special_group); } @@ -389,7 +392,7 @@ if ($action eq 'delete') { } # Groups having a special role cannot be deleted. my @special_groups; - foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') { + foreach my $special_group (SPECIAL_GROUPS) { if ($name eq Bugzilla->params->{$special_group}) { push(@special_groups, $special_group); } @@ -577,7 +580,11 @@ sub doGroupChanges { $dbh->bz_lock_tables('groups WRITE', 'group_group_map WRITE', 'bug_group_map WRITE', 'user_group_map WRITE', - 'group_control_map READ', 'bugs READ', 'profiles READ'); + 'group_control_map READ', 'bugs READ', 'profiles READ', + # Due to the way Bugzilla::Config::BugFields::get_param_list() + # works, we need to lock these tables too. + 'priority READ', 'bug_severity READ', 'rep_platform READ', + 'op_sys READ'); # Check that the given group ID and regular expression are valid. # If tests are successful, trimmed values are returned by CheckGroup*. @@ -611,7 +618,7 @@ sub doGroupChanges { # If the group is used by some parameters, we have to update # these parameters too. my $update_params = 0; - foreach my $group ('chartgroup', 'insidergroup', 'timetrackinggroup') { + foreach my $group (SPECIAL_GROUPS) { if ($cgi->param('oldname') eq Bugzilla->params->{$group}) { SetParam($group, $name); $update_params = 1; |