diff options
| author | lpsolit%gmail.com <> | 2007-06-20 20:46:12 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2007-06-20 20:46:12 +0200 |
| commit | 275a10ab18b0e6c713a74ac37532022ff5ecd2ff (patch) | |
| tree | 6bef73ef79f63fb30d96a608edeef88c08c88ad1 /process_bug.cgi | |
| parent | 9de3481eb1733f20b1ceac522fcc94ea0d4f27c2 (diff) | |
| download | bugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.gz bugzilla-275a10ab18b0e6c713a74ac37532022ff5ecd2ff.tar.xz | |
Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi appear editable by users with no privs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index e3143ac98..98b799670 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -671,17 +671,17 @@ if (defined $cgi->param('id')) { q{SELECT group_id FROM bug_group_map WHERE bug_id = ?}, undef, $cgi->param('id')); if ( $havegroup ) { - DoComma(); - $cgi->param('reporter_accessible', - $cgi->param('reporter_accessible') ? '1' : '0'); - $::query .= "reporter_accessible = ?"; - push(@values, $cgi->param('reporter_accessible')); - - DoComma(); - $cgi->param('cclist_accessible', - $cgi->param('cclist_accessible') ? '1' : '0'); - $::query .= "cclist_accessible = ?"; - push(@values, $cgi->param('cclist_accessible')); + foreach my $field ('reporter_accessible', 'cclist_accessible') { + if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) { + DoComma(); + $cgi->param($field, $cgi->param($field) ? '1' : '0'); + $::query .= " $field = ?"; + push(@values, $cgi->param($field)); + } + else { + $cgi->delete($field); + } + } } } |