diff options
| author | lpsolit%gmail.com <> | 2005-08-23 05:59:56 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-08-23 05:59:56 +0200 |
| commit | 04b1c1f9602547c2cad48ff5e8e4f198f6b7c044 (patch) | |
| tree | c9a23f075b1cbb421ca1613f1c61acca19225299 /editusers.cgi | |
| parent | 38c2d4b6e1b3723833e5dca4001692531d1ffc3f (diff) | |
| download | bugzilla-04b1c1f9602547c2cad48ff5e8e4f198f6b7c044.tar.gz bugzilla-04b1c1f9602547c2cad48ff5e8e4f198f6b7c044.tar.xz | |
Bug 305476: Group membership inheritance broken in editusers.cgi (regression) - Patch by Joel Peshkin <bugreport@peshkin.net> r=wurblzap a=justdave
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/editusers.cgi b/editusers.cgi index 6c9fceefe..c05508813 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -127,12 +127,11 @@ if ($action eq 'search') { # Handle selection by group. if ($grouprestrict eq '1') { + detaint_natural($groupid); + my $grouplist = join(',', + @{Bugzilla::User->flatten_group_membership($groupid)}); $query .= " $nextCondition profiles.userid = ugm.user_id " . - 'AND ugm.group_id = ?'; - # We can trick_taint because we use the value in a SELECT only, - # using a placeholder. - trick_taint($groupid); - push(@bindValues, $groupid); + "AND ugm.group_id IN($grouplist)"; } $query .= ' ORDER BY profiles.login_name'; @@ -656,7 +655,11 @@ sub userDataToVars { qq{SELECT id, COUNT(directmember.group_id) AS directmember, COUNT(regexpmember.group_id) AS regexpmember, - CASE WHEN groups.id IN ($grouplist) THEN 1 ELSE 0 END, + (CASE WHEN (groups.id IN ($grouplist) + AND COUNT(directmember.group_id) = 0 + AND COUNT(regexpmember.group_id) = 0 + ) THEN 1 ELSE 0 END) + AS derivedmember, COUNT(directbless.group_id) AS directbless FROM groups LEFT JOIN user_group_map AS directmember |