From 5d70d16f37a866852e6a48ec9fefe3664a6a9a55 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 4 Aug 2011 22:08:32 +0200
Subject: Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed
 when creating or editing a bug r=mkanat a=LpSolit

---
 Bugzilla/Product.pm | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'Bugzilla/Product.pm')

diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index b9443e9e6..85524ac47 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -680,10 +680,12 @@ sub groups_mandatory {
 # if this group can be validly set by the currently-logged-in user.
 sub group_is_settable {
     my ($self, $group) = @_;
-    my $group_id = blessed($group) ? $group->id : $group;
-    my $is_mandatory = grep { $group_id == $_->id } 
+
+    return 0 unless ($group->is_active && $group->is_bug_group);
+
+    my $is_mandatory = grep { $group->id == $_->id }
                             @{ $self->groups_mandatory };
-    my $is_available = grep { $group_id == $_->id }
+    my $is_available = grep { $group->id == $_->id }
                             @{ $self->groups_available };
     return ($is_mandatory or $is_available) ? 1 : 0;
 }
@@ -948,7 +950,7 @@ a bug. (In fact, the user I<must> set the Mandatory group on the bug.)
 
 =over
 
-=item C<$group> - Either a numeric group id or a L<Bugzilla::Group> object.
+=item C<$group> - A L<Bugzilla::Group> object.
 
 =back
 
-- 
cgit v1.2.3-24-g4f1b