summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2010-02-01 13:19:31 -0800
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-02-01 13:19:31 -0800
commit6d11d68f570d4d921f078a67ce1928703df4bf2e (patch)
treec97a1429bde0a22dfbee73a9900d663d43692b00 /process_bug.cgi
parentBug 538705: Assure that Bugzilla->dbh doesn't become invalid under MySQL duri... (diff)
downloadbugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.tar.gz
bugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.tar.bz2
bugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.zip
Bug 532493: [SECURITY] Restricting a bug to a group while moving it to another product has no effect if the group is not used by both products
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-xprocess_bug.cgi37
1 files changed, 20 insertions, 17 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 6c9baa3d3..237588ebd 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -236,36 +236,39 @@ foreach my $bug (@bug_objects) {
}
}
-my $product_change;
-foreach my $bug (@bug_objects) {
- my $args;
- if (should_set('product')) {
- $args->{product} = scalar $cgi->param('product');
- $args->{component} = scalar $cgi->param('component');
- $args->{version} = scalar $cgi->param('version');
- $args->{target_milestone} = scalar $cgi->param('target_milestone');
- $args->{confirm_product_change} = scalar $cgi->param('confirm_product_change');
- $args->{other_bugs} = \@bug_objects;
+# For security purposes, and because lots of other checks depend on it,
+# we set the product first before anything else.
+my $product_change; # Used only for strict_isolation checks, right now.
+if (should_set('product')) {
+ foreach my $b (@bug_objects) {
+ my $changed = $b->set_product(scalar $cgi->param('product'),
+ { component => scalar $cgi->param('component'),
+ version => scalar $cgi->param('version'),
+ target_milestone => scalar $cgi->param('target_milestone'),
+ change_confirmed => scalar $cgi->param('confirm_product_change'),
+ other_bugs => \@bug_objects,
+ });
+ $product_change ||= $changed;
}
+}
- foreach my $group (@{$bug->product_obj->groups_valid}) {
+# strict_isolation checks mean that we should set the groups
+# immediately after changing the product.
+foreach my $b (@bug_objects) {
+ foreach my $group (@{$b->product_obj->groups_valid}) {
my $gid = $group->id;
if (should_set("bit-$gid", 1)) {
# Check ! first to avoid having to check defined below.
if (!$cgi->param("bit-$gid")) {
- push (@{$args->{remove_group}}, $gid);
+ $b->remove_group($gid);
}
# "== 1" is important because mass-change uses -1 to mean
# "don't change this restriction"
elsif ($cgi->param("bit-$gid") == 1) {
- push (@{$args->{add_group}}, $gid);
+ $b->add_group($gid);
}
}
}
-
- # this will be deleted later when code moves to $bug->set_all
- my $changed = $bug->set_all($args);
- $product_change ||= $changed;
}
# Flags should be set AFTER the bug has been moved into another product/component.