diff options
author | bugreport%peshkin.net <> | 2005-11-01 03:48:59 +0100 |
---|---|---|
committer | bugreport%peshkin.net <> | 2005-11-01 03:48:59 +0100 |
commit | 7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7 (patch) | |
tree | 886795d02323ccfcea3ced6699bf34ebfbab5c1d /template/en | |
parent | 9a161bbf7300a96cafbc6c17f0b9285057f17056 (diff) | |
download | bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.gz bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.xz |
Bug 314198: Fix leaking list of product names in query.cgi
Patch by Joel Peshkin <bugreport@peshkin.net>
r=lpsolit, a=justdave
Diffstat (limited to 'template/en')
-rw-r--r-- | template/en/default/search/search-specific.html.tmpl | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl index 1ff6f17ac..dcc87130e 100644 --- a/template/en/default/search/search-specific.html.tmpl +++ b/template/en/default/search/search-specific.html.tmpl @@ -74,10 +74,12 @@ for "crash secure SSL flash". [% FOREACH c = classification %] <optgroup label="[% c.name FILTER html %]"> [% FOREACH p = c.products %] - <option value="[% p.name FILTER html %]" - [% " selected" IF lsearch(default.product, p.name) != -1 %]> - [% p.name FILTER html %] - </option> + [% IF user.can_see_product(p.name) %] + <option value="[% p.name FILTER html %]" + [% " selected" IF lsearch(default.product, p.name) != -1 %]> + [% p.name FILTER html %] + </option> + [% END %] [% END %] </optgroup> [% END %] |