aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormkanat%kerio.com <>2005-05-12 09:07:09 +0000
committermkanat%kerio.com <>2005-05-12 09:07:09 +0000
commite2252835e8e96371d6536af5dbd72a79e6ed05b5 (patch)
treec76c89f4a2fc3e7c0e9172efd988d8d49c0c4e5f /post_bug.cgi
parentBug 287436: [SECURITY] After having logged in, links to change the report typ... (diff)
downloadbugzilla-e2252835e8e96371d6536af5dbd72a79e6ed05b5.tar.gz
bugzilla-e2252835e8e96371d6536af5dbd72a79e6ed05b5.tar.bz2
bugzilla-e2252835e8e96371d6536af5dbd72a79e6ed05b5.zip
Bug 287109: [SECURITY] Names of private products/components can be exposed on certain CGIs
Patch By Frederic Buclin <LpSolit@gmail.com> r=myk, r=joel, a=justdave
Diffstat (limited to 'post_bug.cgi')
-rwxr-xr-xpost_bug.cgi7
1 files changed, 3 insertions, 4 deletions
diff --git a/post_bug.cgi b/post_bug.cgi
index 9a4860409..b9d63b3fe 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -79,11 +79,10 @@ $template->process($format->{'template'}, $vars, \$comment)
ValidateComment($comment);
# Check that the product exists and that the user
-# is allowed to submit bugs in this product.
+# is allowed to enter bugs into this product.
my $product = $cgi->param('product');
-if (!CanEnterProduct($product)) {
- ThrowUserError("entry_access_denied", {product => $product});
-}
+CanEnterProductOrWarn($product);
+
my $product_id = get_product_id($product);
# Set cookies