summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi7
1 files changed, 4 insertions, 3 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 64e30f64a..5e4c520f5 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -204,9 +204,10 @@ sub validateID
# Make sure the user is authorized to access this attachment's bug.
($bugid, my $isprivate) = FetchSQLData();
ValidateBugID($bugid);
- if (($isprivate > 0 ) && Param("insidergroup") &&
- !(UserInGroup(Param("insidergroup")))) {
- ThrowUserError("attachment_access_denied");
+ if ($isprivate && Param("insidergroup")) {
+ UserInGroup(Param("insidergroup"))
+ || ThrowUserError("auth_failure", {action => "access",
+ object => "attachment"});
}
# XXX shim code, kill $::FORM
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-07 07:48:55 +0200