summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-08-23 05:59:56 +0200
committerlpsolit%gmail.com <>2005-08-23 05:59:56 +0200
commit04b1c1f9602547c2cad48ff5e8e4f198f6b7c044 (patch)
treec9a23f075b1cbb421ca1613f1c61acca19225299 /editusers.cgi
parent38c2d4b6e1b3723833e5dca4001692531d1ffc3f (diff)
downloadbugzilla-04b1c1f9602547c2cad48ff5e8e4f198f6b7c044.tar.gz
bugzilla-04b1c1f9602547c2cad48ff5e8e4f198f6b7c044.tar.xz
Bug 305476: Group membership inheritance broken in editusers.cgi (regression) - Patch by Joel Peshkin <bugreport@peshkin.net> r=wurblzap a=justdave
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi15
1 files changed, 9 insertions, 6 deletions
diff --git a/editusers.cgi b/editusers.cgi
index 6c9fceefe..c05508813 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -127,12 +127,11 @@ if ($action eq 'search') {
# Handle selection by group.
if ($grouprestrict eq '1') {
+ detaint_natural($groupid);
+ my $grouplist = join(',',
+ @{Bugzilla::User->flatten_group_membership($groupid)});
$query .= " $nextCondition profiles.userid = ugm.user_id " .
- 'AND ugm.group_id = ?';
- # We can trick_taint because we use the value in a SELECT only,
- # using a placeholder.
- trick_taint($groupid);
- push(@bindValues, $groupid);
+ "AND ugm.group_id IN($grouplist)";
}
$query .= ' ORDER BY profiles.login_name';
@@ -656,7 +655,11 @@ sub userDataToVars {
qq{SELECT id,
COUNT(directmember.group_id) AS directmember,
COUNT(regexpmember.group_id) AS regexpmember,
- CASE WHEN groups.id IN ($grouplist) THEN 1 ELSE 0 END,
+ (CASE WHEN (groups.id IN ($grouplist)
+ AND COUNT(directmember.group_id) = 0
+ AND COUNT(regexpmember.group_id) = 0
+ ) THEN 1 ELSE 0 END)
+ AS derivedmember,
COUNT(directbless.group_id) AS directbless
FROM groups
LEFT JOIN user_group_map AS directmember