From a30e5f2cf9b04a8a377186ecb3b90b4311d23894 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Mon, 3 Nov 2003 11:25:51 +0000
Subject: [SECURITY] Bug 209742: Under some circumstances, a user can obtain
 component descriptions for a product to which he does not normally have
 access. Patch by Ryan Cleary <tryanc@interdimensions.com> r= joel, bbaetz  
 a= justdave

---
 describecomponents.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'describecomponents.cgi')

diff --git a/describecomponents.cgi b/describecomponents.cgi
index ff7f46ac8..05af91949 100755
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) {
     # Reference to a subset of %::proddesc, which the user is allowed to see
     my %products;
 
-    if (AnyDefaultGroups()) {
+    if (AnyEntryGroups()) {
         # OK, now only add products the user can see
         confirm_login() unless $::userid;
         foreach my $p (@::legal_product) {
-- 
cgit v1.2.3-24-g4f1b