From 73fd49ff3bbff6244802ba548bb22c2be39014e1 Mon Sep 17 00:00:00 2001
From: "bugreport%peshkin.net" <>
Date: Tue, 6 Jul 2004 08:12:29 +0000
Subject: Bug 243463 Use a param to protect new charts from leaking information
 r=justdave a=justdave

---
 chart.cgi | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'chart.cgi')

diff --git a/chart.cgi b/chart.cgi
index 229e9bbf7..b6f7f746b 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -84,6 +84,10 @@ if ($action eq "search") {
 
 Bugzilla->login(LOGIN_REQUIRED);
 
+UserInGroup(Param("chartgroup")) 
+    || ThrowUserError("authorization_failure", 
+                     {action => "use this feature"});
+
 # Only admins may create public queries
 UserInGroup('admin') || $cgi->delete('public');
 
-- 
cgit v1.2.3-24-g4f1b