Bug 507389: [SECURITY] Users can see all products when editing bugs - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

author: lpsolit%gmail.com <> 2009-08-01 14:35:46 +0200
committer: lpsolit%gmail.com <> 2009-08-01 14:35:46 +0200
commit: 2039a990c46a153a30a15b6e76e19062c5565e02 (patch)
tree: 53cc73654ed593baae26e597b29e949e20444b1d /template/en/default/bug/edit.html.tmpl
parent: 8bd1ee512f2e16192c38da0887caa7dbfc7f4dc1 (diff)
download: bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.gz
bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index 9434271d8..2ce19833e 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -375,8 +375,16 @@
     [%#############%]
     
     <tr>
+       [% IF bug.check_can_change_field('product', 0, 1) %]
+         [% prod_list = user.get_enterable_products %]
+         [% IF NOT user.can_enter_product(bug.product) %]
+           [% prod_list.unshift(bug.product_obj) %]
+         [% END %]
+       [% END %]
+
        [% INCLUDE bug/field.html.tmpl
             bug = bug, field = select_fields.product,
+            override_legal_values = prod_list
             desc_url = 'describecomponents.cgi', value = bug.product
             editable = bug.check_can_change_field('product', 0, 1) %]
     </tr>
author	lpsolit%gmail.com <>	2009-08-01 14:35:46 +0200
committer	lpsolit%gmail.com <>	2009-08-01 14:35:46 +0200
commit	2039a990c46a153a30a15b6e76e19062c5565e02 (patch)
tree	53cc73654ed593baae26e597b29e949e20444b1d /template/en/default/bug/edit.html.tmpl
parent	8bd1ee512f2e16192c38da0887caa7dbfc7f4dc1 (diff)
download	bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.gz bugzilla-2039a990c46a153a30a15b6e76e19062c5565e02.tar.xz