From f47c0339e2c258c878e6284970d917dcd3960cba Mon Sep 17 00:00:00 2001
From: "terry%mozilla.org" <>
Date: Thu, 27 May 1999 22:17:25 +0000
Subject: Patched minor security hole; don't show summary of bugs that the user
 doesn't have permission to see.

---
 showdependencygraph.cgi | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'showdependencygraph.cgi')

diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 6ead9f84d..7e06ffc62 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -47,6 +47,8 @@ PutHeader("Dependency graph", "Dependency graph", $id);
 
 if (defined $id) {
     ConnectToDatabase();
+    quietly_check_login();
+    $::usergroupset = $::usergroupset; # More warning suppression silliness.
 
     mkdir("data/webdot", 0777);
 
@@ -99,8 +101,10 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey]
         my $summary = "";
         my $stat;
         if ($::FORM{'showsummary'}) {
-            SendSQL("select bug_status, short_desc from bugs where bug_id = $k");
+            SendSQL("select bug_status, short_desc from bugs where bug_id = $k and bugs.groupset & $::usergroupset = bugs.groupset");
             ($stat, $summary) = (FetchSQLData());
+            $stat = "NEW" if !defined $stat;
+            $summary = "" if !defined $summary;
         } else {
             SendSQL("select bug_status from bugs where bug_id = $k");
             $stat = FetchOneColumn();
-- 
cgit v1.2.3-24-g4f1b