diff options
author | justdave%syndicomm.com <> | 2003-11-03 11:25:51 +0000 |
---|---|---|
committer | justdave%syndicomm.com <> | 2003-11-03 11:25:51 +0000 |
commit | a30e5f2cf9b04a8a377186ecb3b90b4311d23894 (patch) | |
tree | efbcccbae8cd64c293ff40069e8ee298c14160d5 | |
parent | 808d96e117740d8cd8221dbf3c82c54de1bb7272 (diff) | |
download | bugs-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar bugs-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.gz bugs-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.bz2 bugs-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.tar.xz bugs-a30e5f2cf9b04a8a377186ecb3b90b4311d23894.zip |
[SECURITY] Bug 209742: Under some circumstances, a user can obtain component descriptions for a product to which he does not normally have access.
Patch by Ryan Cleary <tryanc@interdimensions.com>
r= joel, bbaetz a= justdave
-rwxr-xr-x | describecomponents.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/describecomponents.cgi b/describecomponents.cgi index ff7f46ac8..05af91949 100755 --- a/describecomponents.cgi +++ b/describecomponents.cgi @@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) { # Reference to a subset of %::proddesc, which the user is allowed to see my %products; - if (AnyDefaultGroups()) { + if (AnyEntryGroups()) { # OK, now only add products the user can see confirm_login() unless $::userid; foreach my $p (@::legal_product) { |