From 275a10ab18b0e6c713a74ac37532022ff5ecd2ff Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Wed, 20 Jun 2007 18:46:12 +0000
Subject: Bug 370921: reporter_accessible and cclist_accessible checkboxes in
 show_bug.cgi appear editable by users with no privs - Patch by Frédéric
 Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 process_bug.cgi | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index e3143ac98..98b799670 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -671,17 +671,17 @@ if (defined $cgi->param('id')) {
         q{SELECT group_id FROM bug_group_map WHERE bug_id = ?},
         undef, $cgi->param('id'));
     if ( $havegroup ) {
-        DoComma();
-        $cgi->param('reporter_accessible',
-                    $cgi->param('reporter_accessible') ? '1' : '0');
-        $::query .= "reporter_accessible = ?";
-        push(@values, $cgi->param('reporter_accessible'));
-
-        DoComma();
-        $cgi->param('cclist_accessible',
-                    $cgi->param('cclist_accessible') ? '1' : '0');
-        $::query .= "cclist_accessible = ?";
-        push(@values, $cgi->param('cclist_accessible'));
+        foreach my $field ('reporter_accessible', 'cclist_accessible') {
+            if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) {
+                DoComma();
+                $cgi->param($field, $cgi->param($field) ? '1' : '0');
+                $::query .= " $field = ?";
+                push(@values, $cgi->param($field));
+            }
+            else {
+                $cgi->delete($field);
+            }
+        }
     }
 }
 
-- 
cgit v1.2.3-24-g4f1b