Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/showdependencytree.cgi
diff options
context:
space:
mode:
authorterry%mozilla.org <>1999-05-27 22:17:25 +0000
committerterry%mozilla.org <>1999-05-27 22:17:25 +0000
commitf47c0339e2c258c878e6284970d917dcd3960cba (patch)
treece7a23f45dfc55420b74e8cb4c7c4fb956261421 /showdependencytree.cgi
parentMake sure every node that we asked about shows up in the graph, even (diff)
downloadbugzilla-f47c0339e2c258c878e6284970d917dcd3960cba.tar.gz
bugzilla-f47c0339e2c258c878e6284970d917dcd3960cba.tar.bz2
bugzilla-f47c0339e2c258c878e6284970d917dcd3960cba.zip
Patched minor security hole; don't show summary of bugs that the user
doesn't have permission to see.
Diffstat (limited to 'showdependencytree.cgi')
-rwxr-xr-xshowdependencytree.cgi8
1 files changed, 7 insertions, 1 deletions
diff --git a/showdependencytree.cgi b/showdependencytree.cgi
index 92964648f..f457d67a3 100755
--- a/showdependencytree.cgi
+++ b/showdependencytree.cgi
@@ -37,6 +37,10 @@ PutHeader("Dependency tree", "Dependency tree", "Bug $linkedid");
ConnectToDatabase();
+quietly_check_login();
+
+$::usergroupset = $::usergroupset; # More warning suppression silliness.
+
my %seen;
sub DumpKids {
@@ -53,8 +57,10 @@ sub DumpKids {
if (@list) {
print "<ul>\n";
foreach my $kid (@list) {
- SendSQL("select bug_status, short_desc from bugs where bug_id = $kid");
+ SendSQL("select bug_status, short_desc from bugs where bug_id = $kid and bugs.groupset & $::usergroupset = bugs.groupset");
my ($stat, $short_desc) = (FetchSQLData());
+ $stat = "NEW" if !defined $stat;
+ $short_desc = "" if !defined $short_desc;
my $opened = ($stat eq "NEW" || $stat eq "ASSIGNED" ||
$stat eq "REOPENED");
print "<li>";