diff options
| author |   lpsolit%gmail.com <> | 2006-10-15 04:04:55 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 04:04:55 +0000 |
| commit | 79b572263ea0dfcc1638757057825c3e6a2ee38d (patch) | |
| tree | 2d373b78667d1af5e6ba588f28143229dbb2da77 /request.cgi | |
| parent | Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.t... (diff) | |
| download | bugzilla-79b572263ea0dfcc1638757057825c3e6a2ee38d.tar.gz bugzilla-79b572263ea0dfcc1638757057825c3e6a2ee38d.tar.bz2 bugzilla-79b572263ea0dfcc1638757057825c3e6a2ee38d.zip | |
Bug 346086: [SECURITY] attachment.cgi lets you view descriptions of private attachments even when you are not in the insidergroup - Patch by Frédéric Buclin <LpSolit@gmail.com> r=myk a=justdave
Diffstat (limited to 'request.cgi')
| -rwxr-xr-x | request.cgi | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/request.cgi b/request.cgi index 4b2adb6b5..8d514347a 100755 --- a/request.cgi +++ b/request.cgi @@ -78,13 +78,6 @@ sub queue { my $status = validateStatus($cgi->param('status')); my $form_group = validateGroup($cgi->param('group')); - my $attach_join_clause = "flags.attach_id = attachments.attach_id"; - if (Bugzilla->params->{"insidergroup"} - && !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"})) - { - $attach_join_clause .= " AND attachments.isprivate < 1"; - } - my $query = # Select columns describing each flag, the bug/attachment on which # it has been set, who set it, and of whom they are requesting it. @@ -105,7 +98,7 @@ sub queue { " FROM flags LEFT JOIN attachments - ON ($attach_join_clause) + ON flags.attach_id = attachments.attach_id INNER JOIN flagtypes ON flags.type_id = flagtypes.id INNER JOIN profiles AS requesters @@ -134,7 +127,13 @@ sub queue { (bugs.assigned_to = $userid) " . (Bugzilla->params->{'useqacontact'} ? "OR (bugs.qa_contact = $userid))" : ")"); - + + unless ($user->is_insider) { + $query .= " AND (attachments.attach_id IS NULL + OR attachments.isprivate = 0 + OR attachments.submitter_id = $userid)"; + } + # Limit query to pending requests. $query .= " AND flags.status = '?' " unless $status; |