From 7a4c46dc5ebef6de0c387c38cf80d8cf34c57c33 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 26 Jul 2017 20:35:55 -0700
Subject: Bug 1384100 - Lock out access to /new-bug in production

---
 new_bug.cgi | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'new_bug.cgi')

diff --git a/new_bug.cgi b/new_bug.cgi
index 2e903cfce..7f35f9ebc 100644
--- a/new_bug.cgi
+++ b/new_bug.cgi
@@ -46,6 +46,11 @@ my $cgi      = Bugzilla->cgi;
 my $template = Bugzilla->template;
 my $vars     = {};
 
+unless ($user->in_group('new-bug-testers')) {
+    print $cgi->redirect(correct_urlbase());
+    exit;
+}
+
 if (lc($cgi->request_method) eq 'post') {
      my $token = $cgi->param('token');
      check_hash_token($token, ['new_bug']);
-- 
cgit v1.2.3-24-g4f1b