aboutsummaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:08:32 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:08:32 +0200
commit5d70d16f37a866852e6a48ec9fefe3664a6a9a55 (patch)
treeb193cb8a52a93619d408869931126777d8c82bb0 /process_bug.cgi
parentb9c01561118c42514055b218f81cb82fa76dbb05 (diff)
downloadbugs-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar
bugs-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.gz
bugs-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.bz2
bugs-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.xz
bugs-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.zip
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-xprocess_bug.cgi10
1 files changed, 10 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 0348424fa..acb359f63 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -345,7 +345,17 @@ foreach my $field (@custom_fields) {
}
}
+# We are going to alter the list of removed groups, so we keep a copy here.
+my @unchecked_groups = @$removed_groups;
foreach my $b (@bug_objects) {
+ # Don't blindly ask to remove unchecked groups available in the UI.
+ # A group can be already unchecked, and the user didn't try to remove it.
+ # In this case, we don't want remove_group() to complain.
+ my @remove_groups;
+ foreach my $g (@{$b->groups_in}) {
+ push(@remove_groups, $g->name) if grep { $_ eq $g->name } @unchecked_groups;
+ }
+ local $set_all_fields{groups}->{remove} = \@remove_groups;
$b->set_all(\%set_all_fields);
}