From 5d70d16f37a866852e6a48ec9fefe3664a6a9a55 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 4 Aug 2011 22:08:32 +0200 Subject: Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug r=mkanat a=LpSolit --- Bugzilla/Group.pm | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'Bugzilla/Group.pm') diff --git a/Bugzilla/Group.pm b/Bugzilla/Group.pm index 11a27e2e6..b7532fe09 100644 --- a/Bugzilla/Group.pm +++ b/Bugzilla/Group.pm @@ -439,6 +439,21 @@ sub ValidateGroupName { return $ret; } +sub check_no_disclose { + my ($class, $params) = @_; + my $action = delete $params->{action}; + + $action =~ /^(?:add|remove)$/ + or ThrowCodeError('bad_arg', { argument => $action, + function => "${class}::check_no_disclose" }); + + $params->{_error} = ($action eq 'add') ? 'group_restriction_not_allowed' + : 'group_invalid_removal'; + + my $group = $class->check($params); + return $group; +} + ############################### ### Validators ### ############################### @@ -538,6 +553,47 @@ Returns: It returns the group id if successful =over +=item C + +=over + +=item B + +Throws an error if the user cannot add or remove this group to/from a given +bug, but doesn't specify if this is because the group doesn't exist, or the +user is not allowed to edit this group restriction. + +=item B + +This method takes a single hashref as argument, with the following keys: + +=over + +=item C + +C The name of the group to add or remove. + +=item C + +C The ID of the bug to which the group change applies. + +=item C + +C The name of the product the bug belongs to. + +=item C + +C Must be either C or C, depending on whether the group +must be added or removed from the bug. Any other value will generate an error. + +=back + +=item C + +A C object on success, else an error is thrown. + +=back + =item C Throws an error if this group is not visible (according to -- cgit v1.2.3-24-g4f1b