From bc521effbd39f4e88e8de50dac650acd8a46705f Mon Sep 17 00:00:00 2001
From: "jake%acutex.net" <>
Date: Thu, 31 May 2001 22:52:23 +0000
Subject: Bugzilla was leaking information about bugs marked secure (using bug
 groups). This checkin fixes  bugs 39524, 39527, 39531, and 39533. Patches by
 Myk Melez <myk@mozilla.org>. r= jake@acutex.net

---
 CGI.pl | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

(limited to 'CGI.pl')

diff --git a/CGI.pl b/CGI.pl
index e82ce8911..87639165b 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -226,6 +226,55 @@ sub CheckFormFieldDefined (\%$) {
       }
 }
 
+sub ValidateBugID {
+  # Validates and verifies a bug ID, making sure the number is a 
+  # positive integer, that it represents an existing bug in the
+  # database, and that the user is authorized to access that bug.
+
+  my ($id) = @_;
+
+  # Make sure the bug number is a positive integer.
+  $id =~ /^([1-9][0-9]*)$/
+    || DisplayError("The bug number is invalid.") 
+    && exit;
+
+  # Make sure the usergroupset variable is set.  This variable stores
+  # the set of groups the user is a member of.  This variable should
+  # be set by either confirm_login or quietly_check_login, but we set
+  # it here just in case one of those functions has not been run yet.
+  $::usergroupset ||= 0;
+
+  # Query the database for the bug, retrieving a boolean value that
+  # represents whether or not the user is authorized to access the bug.  
+
+  # Users are authorized to access bugs if they are a member of all 
+  # groups to which the bug is restricted.  User group membership and 
+  # bug restrictions are stored as bits within bitsets, so authorization
+  # can be determined by comparing the intersection of the user's
+  # bitset with the bug's bitset.  If the result matches the bug's bitset
+  # the user is a member of all groups to which the bug is restricted
+  # and is authorized to access the bug.
+  
+  # Bit arithmetic is performed by MySQL instead of Perl because bitset
+  # fields in the database are 64 bits wide (BIGINT), and Perl installations
+  # may or may not support integers larger than 32 bits.  Using bitsets
+  # and doing bitset arithmetic is probably not cross-database compatible,
+  # however, so these mechanisms are likely to change in the future.
+  SendSQL("SELECT ((groupset & $::usergroupset) = groupset) 
+           FROM bugs WHERE bug_id = $id");
+  
+  # Make sure the bug exists in the database.
+  MoreSQLData()
+    || DisplayError("Bug #$id does not exist.")
+    && exit;
+
+  # Make sure the user is authorized to access the bug.
+  my ($isauthorized) = FetchSQLData();
+  $isauthorized
+    || DisplayError("You are not authorized to access bug #$id.")
+    && exit;
+}
+
 # check and see if a given string actually represents a positive
 # integer, and abort if not.
 # 
-- 
cgit v1.2.3-24-g4f1b