diff options
author | travis%sedsystems.ca <> | 2005-02-25 00:30:40 +0000 |
---|---|---|
committer | travis%sedsystems.ca <> | 2005-02-25 00:30:40 +0000 |
commit | 1e734201ceb9fe600d739ea4a0e254af857af45f (patch) | |
tree | 61c2b267e38a535f0f2c3f73f4e395f2dece798c /post_bug.cgi | |
parent | e6f4f6c720488c19d06aa5854cb13cf124687627 (diff) | |
download | bugs-1e734201ceb9fe600d739ea4a0e254af857af45f.tar bugs-1e734201ceb9fe600d739ea4a0e254af857af45f.tar.gz bugs-1e734201ceb9fe600d739ea4a0e254af857af45f.tar.bz2 bugs-1e734201ceb9fe600d739ea4a0e254af857af45f.tar.xz bugs-1e734201ceb9fe600d739ea4a0e254af857af45f.zip |
Bug 283085 : post_bug.cgi can be used to know which products do not exist and which ones are not accessible
Patch by Frederic Buclin <LpSolit@gmail.com> r=myk a=myk
Diffstat (limited to 'post_bug.cgi')
-rwxr-xr-x | post_bug.cgi | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/post_bug.cgi b/post_bug.cgi index 3e5b289a8..4f545fbb2 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -78,12 +78,13 @@ $template->process($format->{'template'}, $vars, \$comment) ValidateComment($comment); +# Check that the product exists and that the user +# is allowed to submit bugs in this product. my $product = $::FORM{'product'}; -my $product_id = get_product_id($product); -if (!$product_id) { - ThrowUserError("invalid_product_name", - { product => $product }); +if (!CanEnterProduct($product)) { + ThrowUserError("entry_access_denied", {product => $product}); } +my $product_id = get_product_id($product); # Set cookies if (exists $::FORM{'product'}) { @@ -106,10 +107,6 @@ if (defined $::FORM{'maketemplate'}) { umask 0; # Some sanity checking -if (!CanEnterProduct($product)) { - ThrowUserError("entry_access_denied", {product => $product}); -} - my $component_id = get_component_id($product_id, $::FORM{component}); $component_id || ThrowUserError("require_component"); |