From fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Mon, 6 Oct 2014 14:49:38 +0000
Subject: Bug 1064140: [SECURITY] Private comments can be shown to flagmail
 recipients who aren't in the insider group r=glob,a=glob

---
 Bugzilla/Bug.pm | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'Bugzilla/Bug.pm')

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index a92a7077b..aa5085fe7 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1030,12 +1030,6 @@ sub update {
                                    join(', ', @added_names)];
     }
 
-    # Flags
-    my ($removed, $added) = Bugzilla::Flag->update_flags($self, $old_bug, $delta_ts);
-    if ($removed || $added) {
-        $changes->{'flagtypes.name'} = [$removed, $added];
-    }
-
     # Comments
     foreach my $comment (@{$self->{added_comments} || []}) {
         # Override the Comment's timestamp to be identical to the update
@@ -1058,6 +1052,9 @@ sub update {
                          $user->id, $delta_ts, $comment->id);
     }
 
+    # Clear the cache of comments
+    delete $self->{comments};
+
     # Insert the values into the multiselect value tables
     my @multi_selects = grep {$_->type == FIELD_TYPE_MULTI_SELECT}
                              Bugzilla->active_custom_fields;
@@ -1090,6 +1087,12 @@ sub update {
                                 join(', ', map { $_->name } @$added_see)];
     }
 
+    # Flags
+    my ($removed, $added) = Bugzilla::Flag->update_flags($self, $old_bug, $delta_ts);
+    if ($removed || $added) {
+        $changes->{'flagtypes.name'} = [$removed, $added];
+    }
+
     $_->update foreach @{ $self->{_update_ref_bugs} || [] };
     delete $self->{_update_ref_bugs};
 
-- 
cgit v1.2.3-24-g4f1b