From c05c60cf06842168c9cb6a958accb28b728f7436 Mon Sep 17 00:00:00 2001
From: "jake%acutex.net" <>
Date: Mon, 27 Aug 2001 01:51:44 +0000
Subject: Bug 96085 - bypassing group security checks using duplicate bugs
 Patch by Christopher Aillon <christopher@aillon.com> r= jake@acutex.net

---
 CGI.pl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'CGI.pl')

diff --git a/CGI.pl b/CGI.pl
index ddf5fa14c..2cf6ffeca 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -21,6 +21,7 @@
 #                 Dan Mosedale <dmose@mozilla.org>
 #                 Joe Robins <jmrobins@tgix.com>
 #                 Dave Miller <justdave@syndicomm.com>
+#                 Christopher Aillon <christopher@aillon.com>
 
 # Contains some global routines used throughout the CGI scripts of Bugzilla.
 
@@ -315,9 +316,11 @@ sub ValidateBugID {
                  AND    cc.bug_id = bugs.bug_id
                 ");
         while (my ($ccwho) = FetchSQLData()) {
-            push @cclist , $ccwho;
+            # more efficient to just check the var here instead of
+            # creating a potentially huge array to grep against
+            return if ($userid == $ccwho);
         }
-        return if grep($userid == $_ , @cclist);
+
     }
 
     # The user did not pass any of the authorization tests, which means they
-- 
cgit v1.2.1