From 0d7a4fbf959a1c522350786e83df580476bf5642 Mon Sep 17 00:00:00 2001
From: "mkanat%kerio.com" <>
Date: Fri, 8 Jul 2005 12:29:14 +0000
Subject: Bug 293159: [SECURITY] Anyone can change flags and access bug
 summaries due to a bad check in Flag::validate() and Flag::modify() Patch By
 Frederic Buclin <LpSolit@gmail.com> r=myk, a=justdave

---
 process_bug.cgi | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index 1fa8400e9..4b6410b2c 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -165,12 +165,11 @@ foreach my $field ("dependson", "blocked") {
     'assigned_to'               => { 'type' => 'single' },
     '^requestee(_type)?-(\d+)$' => { 'type' => 'single' },
 });
-# Validate flags, but only if the user is changing a single bug,
-# since the multi-change form doesn't include flag changes.
-if (defined $cgi->param('id')) {
-    Bugzilla::Flag::validate($cgi, $cgi->param('id'));
-    Bugzilla::FlagType::validate($cgi, $cgi->param('id'));
-}
+
+# Validate flags in all cases. validate() should not detect any
+# reference to flags if $cgi->param('id') is undefined.
+Bugzilla::Flag::validate($cgi, $cgi->param('id'));
+Bugzilla::FlagType::validate($cgi, $cgi->param('id'));
 
 ######################################################################
 # End Data/Security Validation
-- 
cgit v1.2.3-24-g4f1b