diff options
| author |   mkanat%kerio.com <> | 2005-05-12 09:08:34 +0000 |
|---|---|---|
| committer | mkanat%kerio.com <> | 2005-05-12 09:08:34 +0000 |
| commit | 2de0dda74d14a5c9bd57ea25235e1f5d648d6924 (patch) | |
| tree | 5d27630b737eca1bcd228d0afffa52ffb4530764 /enter_bug.cgi | |
| parent | Bug 287436: [SECURITY] After having logged in, links to change the report typ... (diff) | |
| download | bugzilla-2de0dda74d14a5c9bd57ea25235e1f5d648d6924.tar.gz bugzilla-2de0dda74d14a5c9bd57ea25235e1f5d648d6924.tar.bz2 bugzilla-2de0dda74d14a5c9bd57ea25235e1f5d648d6924.zip | |
Bug 287109: [SECURITY] Names of private products/components can be exposed on certain CGIs
Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, a=justdave
Diffstat (limited to 'enter_bug.cgi')
| -rwxr-xr-x | enter_bug.cgi | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index 0b30f65e6..d41ea4fd0 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -223,17 +223,10 @@ Bugzilla->login(LOGIN_REQUIRED) if (!(AnyEntryGroups())); # We need to check and make sure # that the user has permission to enter a bug against this product. -if(!CanEnterProduct($product)) -{ - ThrowUserError("entry_access_denied", { product => $product}); -} +CanEnterProductOrWarn($product); GetVersionTable(); -if (lsearch(\@::enterable_products, $product) == -1) { - ThrowUserError("invalid_product_name", { product => $product}); -} - my $product_id = get_product_id($product); if (0 == @{$::components{$product}}) { |