diff options
author | bbaetz%student.usyd.edu.au <> | 2002-03-01 14:39:25 +0100 |
---|---|---|
committer | bbaetz%student.usyd.edu.au <> | 2002-03-01 14:39:25 +0100 |
commit | d0e08d069d70cfa2b3ece8eb83d6b6dd5d917ca5 (patch) | |
tree | 2a3127a6230a3400260a2582ea4fb346382b354a /post_bug.cgi | |
parent | 1d29501cf5dbd911fc807a498393d7cf4ea04f8f (diff) | |
download | bugzilla-d0e08d069d70cfa2b3ece8eb83d6b6dd5d917ca5.tar.gz bugzilla-d0e08d069d70cfa2b3ece8eb83d6b6dd5d917ca5.tar.xz |
Bug 107743 - post_bug.cgi doesn't properly validate parameters
r=gerv, justdave
Diffstat (limited to 'post_bug.cgi')
-rwxr-xr-x | post_bug.cgi | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/post_bug.cgi b/post_bug.cgi index fa3fd075f..7152e37c6 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -39,7 +39,6 @@ sub sillyness { $zz = %::COOKIE; $zz = %::components; $zz = %::versions; - $zz = @::legal_bug_status; $zz = @::legal_opsys; $zz = @::legal_platform; $zz = @::legal_priority; @@ -122,7 +121,12 @@ if (Param("useqacontact")) { } if (exists $::FORM{'bug_status'}) { - if (!UserInGroup("canedit") && !UserInGroup("canconfirm")) { + # Ignore the given status, so that we can set it to UNCONFIRMED + # or NEW, depending on votestoconfirm if either the given state was + # unconfirmed (so that a user can't override the below check), or if + # the user doesn't have permission to change the default status anyway + if ($::FORM{'bug_status'} == $::unconfirmedstate + || (!UserInGroup("canedit") && !UserInGroup("canconfirm"))) { delete $::FORM{'bug_status'}; } } @@ -142,6 +146,10 @@ if (!exists $::FORM{'target_milestone'}) { $::FORM{'target_milestone'} = FetchOneColumn(); } +if (!Param('letsubmitterchoosepriority')) { + $::FORM{'priority'} = Param{'defaultpriority'}; +} + GetVersionTable(); CheckFormField(\%::FORM, 'product', \@::legal_product); CheckFormField(\%::FORM, 'version', \@{$::versions{$::FORM{'product'}}}); @@ -152,7 +160,7 @@ CheckFormField(\%::FORM, 'bug_severity', \@::legal_severity); CheckFormField(\%::FORM, 'priority', \@::legal_priority); CheckFormField(\%::FORM, 'op_sys', \@::legal_opsys); CheckFormFieldDefined(\%::FORM, 'assigned_to'); -CheckFormField(\%::FORM, 'bug_status', \@::legal_bug_status); +CheckFormField(\%::FORM, 'bug_status', [$::unconfirmedstate, 'NEW']); CheckFormFieldDefined(\%::FORM, 'bug_file_loc'); CheckFormField(\%::FORM, 'component', \@{$::components{$::FORM{'product'}}}); |