From a30e5f2cf9b04a8a377186ecb3b90b4311d23894 Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Mon, 3 Nov 2003 11:25:51 +0000 Subject: [SECURITY] Bug 209742: Under some circumstances, a user can obtain component descriptions for a product to which he does not normally have access. Patch by Ryan Cleary r= joel, bbaetz a= justdave --- describecomponents.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'describecomponents.cgi') diff --git a/describecomponents.cgi b/describecomponents.cgi index ff7f46ac8..05af91949 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; - if (AnyDefaultGroups()) { + if (AnyEntryGroups()) { # OK, now only add products the user can see confirm_login() unless $::userid; foreach my $p (@::legal_product) { -- cgit v1.2.3-24-g4f1b