aboutsummaryrefslogtreecommitdiffstats
path: root/processmail
diff options
context:
space:
mode:
authorbbaetz%cs.mcgill.ca <>2001-10-23 22:44:50 +0000
committerbbaetz%cs.mcgill.ca <>2001-10-23 22:44:50 +0000
commit9042b58f0ceb4896bd99542a3f59a368158bbccc (patch)
treedfa9027e25cd0456fad9697bc4038a12daae63a6 /processmail
parent35f74cea13f5d1ce63d56cd643d2f2963bbb90a5 (diff)
downloadbugs-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar
bugs-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar.gz
bugs-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar.bz2
bugs-9042b58f0ceb4896bd99542a3f59a368158bbccc.tar.xz
bugs-9042b58f0ceb4896bd99542a3f59a368158bbccc.zip
Bug 97469 - Assignee/QA/Reporter/CC don't get email on restricted bugs.
Also fixes seeing bugs in the buglist (bug 95024), dependancy lists, tooltips, duplicates, and everywhere else I could see which checked group bugs.groupset == 0. Also fxed bug 101560, by clearing BASH_ENV r=myk,justdave
Diffstat (limited to 'processmail')
-rwxr-xr-xprocessmail30
1 files changed, 13 insertions, 17 deletions
diff --git a/processmail b/processmail
index 22dc85cc3..75a7b4bf9 100755
--- a/processmail
+++ b/processmail
@@ -111,8 +111,8 @@ sub ProcessOneBug {
}
my ($start, $end) = (@row);
# $start and $end are considered safe because users can't touch them
- $start = detaint_string($start);
- $end = detaint_string($end);
+ trick_taint($start);
+ trick_taint($end);
my $ccSet = new RelationSet();
$ccSet->mergeFromDB("SELECT who FROM cc WHERE bug_id = $id");
@@ -644,31 +644,26 @@ sub NewProcessOnePerson ($$$$$$$$$$$) {
if ($nomail{$person}) {
return;
}
+
- # Sanitize $values{'groupset'}
- if ($values{'groupset'} =~ m/(\d+)/) {
- $values{'groupset'} = $1;
- } else {
- $values{'groupset'} = 0;
- }
- SendSQL("SELECT userid, groupset & $values{'groupset'} " .
+ SendSQL("SELECT userid, groupset " .
"FROM profiles WHERE login_name = " . SqlQuote($person));
my ($userid, $groupset) = (FetchSQLData());
-
+
$seen{$person} = 1;
+ detaint_natural($userid);
+ detaint_natural($groupset);
# if this person doesn't have permission to see info on this bug,
# return.
#
- # XXX - I _think_ this currently means that if a bug is suddenly given
+ # XXX - This currently means that if a bug is suddenly given
# more restrictive permissions, people without those permissions won't
# see the action of restricting the bug itself; the bug will just
# quietly disappear from their radar.
#
- if ($groupset ne $values{'groupset'}) {
- return;
- }
+ return unless CanSeeBug($id, $userid, $groupset);
my %mailhead = %defmailhead;
@@ -824,9 +819,10 @@ if ($ARGV[0] eq "rescanall") {
push @list, $row[0];
}
foreach my $id (@list) {
- $ARGV[0] = $id;
- print "<br> Doing bug $id\n";
- ProcessOneBug($ARGV[0]);
+ if (detaint_natural($id)) {
+ print "<br> Doing bug $id\n";
+ ProcessOneBug($id);
+ }
}
} else {
my $bugnum;