diff options
| author | bbaetz%cs.mcgill.ca <> | 2001-10-24 00:44:50 +0200 |
|---|---|---|
| committer | bbaetz%cs.mcgill.ca <> | 2001-10-24 00:44:50 +0200 |
| commit | 9042b58f0ceb4896bd99542a3f59a368158bbccc (patch) | |
| tree | dfa9027e25cd0456fad9697bc4038a12daae63a6 /processmail | |
| parent | 35f74cea13f5d1ce63d56cd643d2f2963bbb90a5 (diff) | |
| download | bugzilla-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar.gz bugzilla-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar.xz | |
Bug 97469 - Assignee/QA/Reporter/CC don't get email on restricted bugs.
Also fixes seeing bugs in the buglist (bug 95024), dependancy lists,
tooltips, duplicates, and everywhere else I could see which checked group
bugs.groupset == 0.
Also fxed bug 101560, by clearing BASH_ENV
r=myk,justdave
Diffstat (limited to 'processmail')
| -rwxr-xr-x | processmail | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/processmail b/processmail index 22dc85cc3..75a7b4bf9 100755 --- a/processmail +++ b/processmail @@ -111,8 +111,8 @@ sub ProcessOneBug { } my ($start, $end) = (@row); # $start and $end are considered safe because users can't touch them - $start = detaint_string($start); - $end = detaint_string($end); + trick_taint($start); + trick_taint($end); my $ccSet = new RelationSet(); $ccSet->mergeFromDB("SELECT who FROM cc WHERE bug_id = $id"); @@ -644,31 +644,26 @@ sub NewProcessOnePerson ($$$$$$$$$$$) { if ($nomail{$person}) { return; } + - # Sanitize $values{'groupset'} - if ($values{'groupset'} =~ m/(\d+)/) { - $values{'groupset'} = $1; - } else { - $values{'groupset'} = 0; - } - SendSQL("SELECT userid, groupset & $values{'groupset'} " . + SendSQL("SELECT userid, groupset " . "FROM profiles WHERE login_name = " . SqlQuote($person)); my ($userid, $groupset) = (FetchSQLData()); - + $seen{$person} = 1; + detaint_natural($userid); + detaint_natural($groupset); # if this person doesn't have permission to see info on this bug, # return. # - # XXX - I _think_ this currently means that if a bug is suddenly given + # XXX - This currently means that if a bug is suddenly given # more restrictive permissions, people without those permissions won't # see the action of restricting the bug itself; the bug will just # quietly disappear from their radar. # - if ($groupset ne $values{'groupset'}) { - return; - } + return unless CanSeeBug($id, $userid, $groupset); my %mailhead = %defmailhead; @@ -824,9 +819,10 @@ if ($ARGV[0] eq "rescanall") { push @list, $row[0]; } foreach my $id (@list) { - $ARGV[0] = $id; - print "<br> Doing bug $id\n"; - ProcessOneBug($ARGV[0]); + if (detaint_natural($id)) { + print "<br> Doing bug $id\n"; + ProcessOneBug($id); + } } } else { my $bugnum; |