From 5d70d16f37a866852e6a48ec9fefe3664a6a9a55 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 4 Aug 2011 22:08:32 +0200
Subject: Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed
 when creating or editing a bug r=mkanat a=LpSolit

---
 process_bug.cgi | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index 0348424fa..acb359f63 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -345,7 +345,17 @@ foreach my $field (@custom_fields) {
     }
 }
 
+# We are going to alter the list of removed groups, so we keep a copy here.
+my @unchecked_groups = @$removed_groups;
 foreach my $b (@bug_objects) {
+    # Don't blindly ask to remove unchecked groups available in the UI.
+    # A group can be already unchecked, and the user didn't try to remove it.
+    # In this case, we don't want remove_group() to complain.
+    my @remove_groups;
+    foreach my $g (@{$b->groups_in}) {
+        push(@remove_groups, $g->name) if grep { $_ eq $g->name } @unchecked_groups;
+    }
+    local $set_all_fields{groups}->{remove} = \@remove_groups;
     $b->set_all(\%set_all_fields);
 }
 
-- 
cgit v1.2.3-24-g4f1b