summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2005-11-01 03:48:59 +0100
committerbugreport%peshkin.net <>2005-11-01 03:48:59 +0100
commit7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7 (patch)
tree886795d02323ccfcea3ced6699bf34ebfbab5c1d /template
parent9a161bbf7300a96cafbc6c17f0b9285057f17056 (diff)
downloadbugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.gz
bugzilla-7cb75c8af8b5cdcbc1040e659a4d6d2d8457d7e7.tar.xz
Bug 314198: Fix leaking list of product names in query.cgi
Patch by Joel Peshkin <bugreport@peshkin.net> r=lpsolit, a=justdave
Diffstat (limited to 'template')
-rw-r--r--template/en/default/search/search-specific.html.tmpl10
1 files changed, 6 insertions, 4 deletions
diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl
index 1ff6f17ac..dcc87130e 100644
--- a/template/en/default/search/search-specific.html.tmpl
+++ b/template/en/default/search/search-specific.html.tmpl
@@ -74,10 +74,12 @@ for "crash secure SSL flash".
[% FOREACH c = classification %]
<optgroup label="[% c.name FILTER html %]">
[% FOREACH p = c.products %]
- <option value="[% p.name FILTER html %]"
- [% " selected" IF lsearch(default.product, p.name) != -1 %]>
- [% p.name FILTER html %]
- </option>
+ [% IF user.can_see_product(p.name) %]
+ <option value="[% p.name FILTER html %]"
+ [% " selected" IF lsearch(default.product, p.name) != -1 %]>
+ [% p.name FILTER html %]
+ </option>
+ [% END %]
[% END %]
</optgroup>
[% END %]