From e2252835e8e96371d6536af5dbd72a79e6ed05b5 Mon Sep 17 00:00:00 2001 From: "mkanat%kerio.com" <> Date: Thu, 12 May 2005 09:07:09 +0000 Subject: Bug 287109: [SECURITY] Names of private products/components can be exposed on certain CGIs Patch By Frederic Buclin r=myk, r=joel, a=justdave --- post_bug.cgi | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'post_bug.cgi') diff --git a/post_bug.cgi b/post_bug.cgi index 9a4860409..b9d63b3fe 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -79,11 +79,10 @@ $template->process($format->{'template'}, $vars, \$comment) ValidateComment($comment); # Check that the product exists and that the user -# is allowed to submit bugs in this product. +# is allowed to enter bugs into this product. my $product = $cgi->param('product'); -if (!CanEnterProduct($product)) { - ThrowUserError("entry_access_denied", {product => $product}); -} +CanEnterProductOrWarn($product); + my $product_id = get_product_id($product); # Set cookies -- cgit v1.2.3-24-g4f1b