From 2039a990c46a153a30a15b6e76e19062c5565e02 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sat, 1 Aug 2009 12:35:46 +0000
Subject: Bug 507389: [SECURITY] Users can see all products when editing bugs -
 Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 template/en/default/bug/edit.html.tmpl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'template/en/default/bug/edit.html.tmpl')

diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index 9434271d8..2ce19833e 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -375,8 +375,16 @@
     [%#############%]
     
     <tr>
+       [% IF bug.check_can_change_field('product', 0, 1) %]
+         [% prod_list = user.get_enterable_products %]
+         [% IF NOT user.can_enter_product(bug.product) %]
+           [% prod_list.unshift(bug.product_obj) %]
+         [% END %]
+       [% END %]
+
        [% INCLUDE bug/field.html.tmpl
             bug = bug, field = select_fields.product,
+            override_legal_values = prod_list
             desc_url = 'describecomponents.cgi', value = bug.product
             editable = bug.check_can_change_field('product', 0, 1) %]
     </tr>
-- 
cgit v1.2.3-24-g4f1b