From e2252835e8e96371d6536af5dbd72a79e6ed05b5 Mon Sep 17 00:00:00 2001
From: "mkanat%kerio.com" <>
Date: Thu, 12 May 2005 09:07:09 +0000
Subject: Bug 287109: [SECURITY] Names of private products/components can be
 exposed on certain CGIs Patch By Frederic Buclin <LpSolit@gmail.com> r=myk,
 r=joel, a=justdave

---
 reports.cgi | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'reports.cgi')

diff --git a/reports.cgi b/reports.cgi
index a3e2c740e..c5314b33e 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -85,9 +85,7 @@ if (! defined $cgi->param('product')) {
 
     # We don't want people to be able to view
     # reports for products they don't have permissions for...
-    if (($product ne '-All-') && (!CanEnterProduct($product))) {
-        ThrowUserError("report_access_denied");
-    }
+    if ($product ne '-All-') { CanEnterProductOrWarn($product) }
           
     # We've checked that the product exists, and that the user can see it
     # This means that is OK to detaint
-- 
cgit v1.2.3-24-g4f1b