diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:08:32 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:08:32 +0200 |
| commit | 5d70d16f37a866852e6a48ec9fefe3664a6a9a55 (patch) | |
| tree | b193cb8a52a93619d408869931126777d8c82bb0 /process_bug.cgi | |
| parent | b9c01561118c42514055b218f81cb82fa76dbb05 (diff) | |
| download | bugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.gz bugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.xz | |
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 0348424fa..acb359f63 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -345,7 +345,17 @@ foreach my $field (@custom_fields) { } } +# We are going to alter the list of removed groups, so we keep a copy here. +my @unchecked_groups = @$removed_groups; foreach my $b (@bug_objects) { + # Don't blindly ask to remove unchecked groups available in the UI. + # A group can be already unchecked, and the user didn't try to remove it. + # In this case, we don't want remove_group() to complain. + my @remove_groups; + foreach my $g (@{$b->groups_in}) { + push(@remove_groups, $g->name) if grep { $_ eq $g->name } @unchecked_groups; + } + local $set_all_fields{groups}->{remove} = \@remove_groups; $b->set_all(\%set_all_fields); } |