From e2c8da0dfc534ffca6232cc7d370299d5d446604 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Tue, 19 Feb 2013 18:11:40 +0100
Subject: Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the
 existence of products and components you cannot access r/a=LpSolit

---
 buglist.cgi | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index 625b7eab8..97654cdf2 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -721,7 +721,10 @@ $::SIG{PIPE} = 'DEFAULT';
 my ($data, $extra_data) = $search->data;
 $vars->{'search_description'} = $search->search_description;
 
-if ($cgi->param('debug')) {
+if ($cgi->param('debug')
+    && Bugzilla->params->{debug_group}
+    && $user->in_group(Bugzilla->params->{debug_group})
+) {
     $vars->{'debug'} = 1;
     $vars->{'queries'} = $extra_data;
     my $query_time = 0;
-- 
cgit v1.2.3-24-g4f1b