diff options
author | endico%mozilla.org <> | 2001-03-13 07:35:50 +0100 |
---|---|---|
committer | endico%mozilla.org <> | 2001-03-13 07:35:50 +0100 |
commit | f9ad36979ee316009fe69972da97702ec14110ce (patch) | |
tree | db3b7d3ae96630345dc9f738b7c48433dddbc1e8 /show_bug.cgi | |
parent | 771e38ec238c4814bfbe756d80e991eda60f294b (diff) | |
download | bugzilla-f9ad36979ee316009fe69972da97702ec14110ce.tar.gz bugzilla-f9ad36979ee316009fe69972da97702ec14110ce.tar.xz |
Checking in Jake's <jake@acutex.net> interim patches from bug 30694. Bugzilla was showing bug summaries to everyone, even if they didn't have permission to view the bug. Jake's quick solution is to not display the bug at all if it is in a group no matter who is viewing it. The correct solution would be display the summary if the viewer had the proper permissions.
Diffstat (limited to 'show_bug.cgi')
-rwxr-xr-x | show_bug.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index 1dd1f8820..83baa42b5 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -47,9 +47,9 @@ if (!defined $::FORM{'id'} || $::FORM{'id'} !~ /^\s*\d+\s*$/) { GetVersionTable(); -SendSQL("select short_desc from bugs where bug_id = $::FORM{'id'}"); -my $summary = FetchOneColumn(); -if( $summary ) { +SendSQL("select short_desc, groupset from bugs where bug_id = $::FORM{'id'}"); +my ($summary, $groupset) = FetchSQLData(); +if( $summary && $groupset == 0) { $summary = html_quote($summary); PutHeader("Bug $::FORM{'id'} - $summary", "Bugzilla Bug $::FORM{'id'}", $summary ); }else { |