diff options
| author | terry%mozilla.org <> | 1999-05-27 22:17:25 +0000 |
|---|---|---|
| committer | terry%mozilla.org <> | 1999-05-27 22:17:25 +0000 |
| commit | f47c0339e2c258c878e6284970d917dcd3960cba (patch) | |
| tree | ce7a23f45dfc55420b74e8cb4c7c4fb956261421 /showdependencygraph.cgi | |
| parent | 9b1a447768cf2986a77c341274a254f06fe9d79d (diff) | |
| download | bugs-f47c0339e2c258c878e6284970d917dcd3960cba.tar bugs-f47c0339e2c258c878e6284970d917dcd3960cba.tar.gz bugs-f47c0339e2c258c878e6284970d917dcd3960cba.tar.bz2 bugs-f47c0339e2c258c878e6284970d917dcd3960cba.tar.xz bugs-f47c0339e2c258c878e6284970d917dcd3960cba.zip | |
Patched minor security hole; don't show summary of bugs that the user
doesn't have permission to see.
Diffstat (limited to 'showdependencygraph.cgi')
| -rwxr-xr-x | showdependencygraph.cgi | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 6ead9f84d..7e06ffc62 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -47,6 +47,8 @@ PutHeader("Dependency graph", "Dependency graph", $id); if (defined $id) { ConnectToDatabase(); + quietly_check_login(); + $::usergroupset = $::usergroupset; # More warning suppression silliness. mkdir("data/webdot", 0777); @@ -99,8 +101,10 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey] my $summary = ""; my $stat; if ($::FORM{'showsummary'}) { - SendSQL("select bug_status, short_desc from bugs where bug_id = $k"); + SendSQL("select bug_status, short_desc from bugs where bug_id = $k and bugs.groupset & $::usergroupset = bugs.groupset"); ($stat, $summary) = (FetchSQLData()); + $stat = "NEW" if !defined $stat; + $summary = "" if !defined $summary; } else { SendSQL("select bug_status from bugs where bug_id = $k"); $stat = FetchOneColumn(); |