Bug 314198: Fix leaking list of product names in query.cgi

Patch by Joel Peshkin <bugreport@peshkin.net> r=lpsolit, a=justdave
author: bugreport%peshkin.net <> 2005-11-01 03:48:59 +0100
committer: bugreport%peshkin.net <> 2005-11-01 03:48:59 +0100
commit: 7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7 (patch)
tree: 886795d02323ccfcea3ced6699bf34ebfbab5c1d /template
parent: 9a161bbf7300a96cafbc6c17f0b9285057f17056 (diff)
download: bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.gz
bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.xz
1 files changed, 6 insertions, 4 deletions
diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl
index 1ff6f17ac..dcc87130e 100644
--- a/template/en/default/search/search-specific.html.tmpl
+++ b/template/en/default/search/search-specific.html.tmpl
@@ -74,10 +74,12 @@ for "crash secure SSL flash".
           [% FOREACH c = classification %]
             <optgroup label="[% c.name FILTER html %]">
             [% FOREACH p = c.products %]
-              <option value="[% p.name FILTER html %]"
-                [% " selected" IF lsearch(default.product, p.name) != -1 %]>
-                [% p.name FILTER html %]
-              </option>
+              [% IF user.can_see_product(p.name) %]
+                <option value="[% p.name FILTER html %]"
+                  [% " selected" IF lsearch(default.product, p.name) != -1 %]>
+                  [% p.name FILTER html %]
+                </option>
+              [% END %]
             [% END %]
             </optgroup>
           [% END %]
author	bugreport%peshkin.net <>	2005-11-01 03:48:59 +0100
committer	bugreport%peshkin.net <>	2005-11-01 03:48:59 +0100
commit	7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7 (patch)
tree	886795d02323ccfcea3ced6699bf34ebfbab5c1d /template
parent	9a161bbf7300a96cafbc6c17f0b9285057f17056 (diff)
download	bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.gz bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.xz