summaryrefslogtreecommitdiffstats
path: root/editgroups.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-21 06:16:53 +0200
committerlpsolit%gmail.com <>2006-10-21 06:16:53 +0200
commitac3fe4074a3e583948bf2a1d0b81f8f3f6acce51 (patch)
tree71ed1b78ec49498ed76a2f9c2e10e57bab686dc4 /editgroups.cgi
parent0b954e5dc3a6e199252c97d876113b013eb3d3bd (diff)
downloadbugzilla-ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51.tar.gz
bugzilla-ac3fe4074a3e583948bf2a1d0b81f8f3f6acce51.tar.xz
Bug 349855: editgroups.cgi doesn't protect the querysharegroup from deletion
Bug 357429: Renaming a group which plays a special role generates a SQL error Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-xeditgroups.cgi15
1 files changed, 11 insertions, 4 deletions
diff --git a/editgroups.cgi b/editgroups.cgi
index 09e1c8b10..0c49db698 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -37,6 +37,9 @@ use Bugzilla::Product;
use Bugzilla::User;
use Bugzilla::Token;
+use constant SPECIAL_GROUPS => ('chartgroup', 'insidergroup',
+ 'timetrackinggroup', 'querysharegroup');
+
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
@@ -316,7 +319,7 @@ if ($action eq 'del') {
}
# Groups having a special role cannot be deleted.
my @special_groups;
- foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+ foreach my $special_group (SPECIAL_GROUPS) {
if ($name eq Bugzilla->params->{$special_group}) {
push(@special_groups, $special_group);
}
@@ -389,7 +392,7 @@ if ($action eq 'delete') {
}
# Groups having a special role cannot be deleted.
my @special_groups;
- foreach my $special_group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+ foreach my $special_group (SPECIAL_GROUPS) {
if ($name eq Bugzilla->params->{$special_group}) {
push(@special_groups, $special_group);
}
@@ -577,7 +580,11 @@ sub doGroupChanges {
$dbh->bz_lock_tables('groups WRITE', 'group_group_map WRITE',
'bug_group_map WRITE', 'user_group_map WRITE',
- 'group_control_map READ', 'bugs READ', 'profiles READ');
+ 'group_control_map READ', 'bugs READ', 'profiles READ',
+ # Due to the way Bugzilla::Config::BugFields::get_param_list()
+ # works, we need to lock these tables too.
+ 'priority READ', 'bug_severity READ', 'rep_platform READ',
+ 'op_sys READ');
# Check that the given group ID and regular expression are valid.
# If tests are successful, trimmed values are returned by CheckGroup*.
@@ -611,7 +618,7 @@ sub doGroupChanges {
# If the group is used by some parameters, we have to update
# these parameters too.
my $update_params = 0;
- foreach my $group ('chartgroup', 'insidergroup', 'timetrackinggroup') {
+ foreach my $group (SPECIAL_GROUPS) {
if ($cgi->param('oldname') eq Bugzilla->params->{$group}) {
SetParam($group, $name);
$update_params = 1;