From 2039a990c46a153a30a15b6e76e19062c5565e02 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sat, 1 Aug 2009 12:35:46 +0000 Subject: Bug 507389: [SECURITY] Users can see all products when editing bugs - Patch by Frédéric Buclin r=mkanat a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/bug/field.html.tmpl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'template/en/default/bug/field.html.tmpl') diff --git a/template/en/default/bug/field.html.tmpl b/template/en/default/bug/field.html.tmpl index 039910f1d..e8ed85010 100644 --- a/template/en/default/bug/field.html.tmpl +++ b/template/en/default/bug/field.html.tmpl @@ -23,6 +23,7 @@ [%# INTERFACE: # field: a Bugzilla::Field object # value: The value of the field for this bug. + # override_legal_values (optional): The list of legal values, for select fields. # editable: Whether the field should be displayed as an editable # or as just the plain text of its value. # allow_dont_change: display the --do_not_change-- option for select fields. @@ -130,7 +131,10 @@ [% dontchange FILTER html %] [% END %] - [% FOREACH legal_value = field.legal_values %] + [% IF NOT override_legal_values %] + [% override_legal_values = field.legal_values %] + [% END %] + [% FOREACH legal_value = override_legal_values %] [% SET control_value = legal_value.visibility_value %] [% SET control_field = field.value_field %]