From 50035ffc59885e32f744389e732a12d533ec1e66 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Fri, 17 Oct 2008 07:53:23 +0000
Subject: Bug 460379: New user accounts could access editusers and add and
 remove themselves from groups Patch By Max Kanat-Alexander
 <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

---
 Bugzilla/User.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index aa3baa243..293b18d3e 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -453,7 +453,8 @@ sub bless_groups {
     # Get all groups for the user where:
     #    + They have direct bless privileges
     #    + They are a member of a group that inherits bless privs.
-    my @group_ids = (map {$_->id} @{ $self->groups }) || (-1);
+    my @group_ids = map {$_->id} @{ $self->groups };
+    @group_ids = (-1) if !@group_ids;
     my $query =
         'SELECT DISTINCT groups.id
            FROM groups, user_group_map, group_group_map AS ggm
-- 
cgit v1.2.3-24-g4f1b