From b42289bb5c84bff0bc610c8d3d87b63e4246a240 Mon Sep 17 00:00:00 2001
From: "jake%acutex.net" <>
Date: Sat, 2 Jun 2001 21:24:45 +0000
Subject: sanitycheck.cgi was able to be run by anybody - even people without
 Bugzilla accounts.  It is now restricted to only people with the editbugs
 permission (bug 54556). Patch by Myk Melez <myk@mozilla.org> r=
 jake@acutex.net

---
 sanitycheck.cgi | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'sanitycheck.cgi')

diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index 2da7fde2f..bc3b823c7 100755
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -27,10 +27,25 @@ require "CGI.pl";
 
 use vars %::FORM;
 
+ConnectToDatabase();
+
+confirm_login();
+
+# Make sure the user is authorized to access sanitycheck.cgi.  Access
+# is restricted to logged-in users who have "editbugs" privileges,
+# which is a reasonable compromise between allowing all users to access
+# the script (creating the potential for denial of service attacks)
+# and restricting access to this installation's administrators (which
+# prevents users with a legitimate interest in Bugzilla integrity
+# from accessing the script).
+UserInGroup("editbugs")
+  || DisplayError("You are not authorized to access this script,
+                   which is reserved for users with the ability to edit bugs.")
+  && exit;
+
 print "Content-type: text/html\n";
 print "\n";
 
-ConnectToDatabase();
 SendSQL("set SQL_BIG_TABLES=1");
 
 my $offervotecacherebuild = 0;
-- 
cgit v1.2.3-24-g4f1b