diff options
| author | mkanat%bugzilla.org <> | 2008-10-17 07:53:23 +0000 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2008-10-17 07:53:23 +0000 |
| commit | 50035ffc59885e32f744389e732a12d533ec1e66 (patch) | |
| tree | 554576f917d7c75c6ec06be13536d8c49bb55ea2 | |
| parent | 69570c937f5c62be0f8cf7e5e4901020e5d9891a (diff) | |
| download | bugs-50035ffc59885e32f744389e732a12d533ec1e66.tar bugs-50035ffc59885e32f744389e732a12d533ec1e66.tar.gz bugs-50035ffc59885e32f744389e732a12d533ec1e66.tar.bz2 bugs-50035ffc59885e32f744389e732a12d533ec1e66.tar.xz bugs-50035ffc59885e32f744389e732a12d533ec1e66.zip | |
Bug 460379: New user accounts could access editusers and add and remove themselves from groups
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
| -rw-r--r-- | Bugzilla/User.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index aa3baa243..293b18d3e 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -453,7 +453,8 @@ sub bless_groups { # Get all groups for the user where: # + They have direct bless privileges # + They are a member of a group that inherits bless privs. - my @group_ids = (map {$_->id} @{ $self->groups }) || (-1); + my @group_ids = map {$_->id} @{ $self->groups }; + @group_ids = (-1) if !@group_ids; my $query = 'SELECT DISTINCT groups.id FROM groups, user_group_map, group_group_map AS ggm |