diff options
author | lpsolit%gmail.com <> | 2009-08-01 14:35:46 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-08-01 14:35:46 +0200 |
commit | 2039a990c46a153a30a15b6e76e19062c5565e02 (patch) | |
tree | 53cc73654ed593baae26e597b29e949e20444b1d /template/en/default/bug/edit.html.tmpl | |
parent | 8bd1ee512f2e16192c38da0887caa7dbfc7f4dc1 (diff) | |
download | bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.gz bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.xz |
Bug 507389: [SECURITY] Users can see all products when editing bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/bug/edit.html.tmpl')
-rw-r--r-- | template/en/default/bug/edit.html.tmpl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index 9434271d8..2ce19833e 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -375,8 +375,16 @@ [%#############%] <tr> + [% IF bug.check_can_change_field('product', 0, 1) %] + [% prod_list = user.get_enterable_products %] + [% IF NOT user.can_enter_product(bug.product) %] + [% prod_list.unshift(bug.product_obj) %] + [% END %] + [% END %] + [% INCLUDE bug/field.html.tmpl bug = bug, field = select_fields.product, + override_legal_values = prod_list desc_url = 'describecomponents.cgi', value = bug.product editable = bug.check_can_change_field('product', 0, 1) %] </tr> |