diff options
| author | mkanat%kerio.com <> | 2005-07-08 14:29:14 +0200 |
|---|---|---|
| committer | mkanat%kerio.com <> | 2005-07-08 14:29:14 +0200 |
| commit | 0d7a4fbf959a1c522350786e83df580476bf5642 (patch) | |
| tree | bdc9db68814ef7e0ff8a30a43d34f541b9c4c547 /process_bug.cgi | |
| parent | 4f5fe2cd8ca790ff083d5f5a9903b13afc75cb9a (diff) | |
| download | bugzilla-0d7a4fbf959a1c522350786e83df580476bf5642.tar.gz bugzilla-0d7a4fbf959a1c522350786e83df580476bf5642.tar.xz | |
Bug 293159: [SECURITY] Anyone can change flags and access bug summaries due to a bad check in Flag::validate() and Flag::modify()
Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, a=justdave
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 1fa8400e9..4b6410b2c 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -165,12 +165,11 @@ foreach my $field ("dependson", "blocked") { 'assigned_to' => { 'type' => 'single' }, '^requestee(_type)?-(\d+)$' => { 'type' => 'single' }, }); -# Validate flags, but only if the user is changing a single bug, -# since the multi-change form doesn't include flag changes. -if (defined $cgi->param('id')) { - Bugzilla::Flag::validate($cgi, $cgi->param('id')); - Bugzilla::FlagType::validate($cgi, $cgi->param('id')); -} + +# Validate flags in all cases. validate() should not detect any +# reference to flags if $cgi->param('id') is undefined. +Bugzilla::Flag::validate($cgi, $cgi->param('id')); +Bugzilla::FlagType::validate($cgi, $cgi->param('id')); ###################################################################### # End Data/Security Validation |