diff options
| author |   Frédéric Buclin <LpSolit@gmail.com> | 2010-02-01 13:19:31 -0800 |
|---|---|---|
| committer |   Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-02-01 13:19:31 -0800 |
| commit | 6d11d68f570d4d921f078a67ce1928703df4bf2e (patch) | |
| tree | c97a1429bde0a22dfbee73a9900d663d43692b00 /process_bug.cgi | |
| parent | Bug 538705: Assure that Bugzilla->dbh doesn't become invalid under MySQL duri... (diff) | |
| download | bugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.tar.gz bugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.tar.bz2 bugzilla-6d11d68f570d4d921f078a67ce1928703df4bf2e.zip | |
Bug 532493: [SECURITY] Restricting a bug to a group while moving it to another product has no effect if the group is not used by both products
Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 6c9baa3d3..237588ebd 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -236,36 +236,39 @@ foreach my $bug (@bug_objects) { } } -my $product_change; -foreach my $bug (@bug_objects) { - my $args; - if (should_set('product')) { - $args->{product} = scalar $cgi->param('product'); - $args->{component} = scalar $cgi->param('component'); - $args->{version} = scalar $cgi->param('version'); - $args->{target_milestone} = scalar $cgi->param('target_milestone'); - $args->{confirm_product_change} = scalar $cgi->param('confirm_product_change'); - $args->{other_bugs} = \@bug_objects; +# For security purposes, and because lots of other checks depend on it, +# we set the product first before anything else. +my $product_change; # Used only for strict_isolation checks, right now. +if (should_set('product')) { + foreach my $b (@bug_objects) { + my $changed = $b->set_product(scalar $cgi->param('product'), + { component => scalar $cgi->param('component'), + version => scalar $cgi->param('version'), + target_milestone => scalar $cgi->param('target_milestone'), + change_confirmed => scalar $cgi->param('confirm_product_change'), + other_bugs => \@bug_objects, + }); + $product_change ||= $changed; } +} - foreach my $group (@{$bug->product_obj->groups_valid}) { +# strict_isolation checks mean that we should set the groups +# immediately after changing the product. +foreach my $b (@bug_objects) { + foreach my $group (@{$b->product_obj->groups_valid}) { my $gid = $group->id; if (should_set("bit-$gid", 1)) { # Check ! first to avoid having to check defined below. if (!$cgi->param("bit-$gid")) { - push (@{$args->{remove_group}}, $gid); + $b->remove_group($gid); } # "== 1" is important because mass-change uses -1 to mean # "don't change this restriction" elsif ($cgi->param("bit-$gid") == 1) { - push (@{$args->{add_group}}, $gid); + $b->add_group($gid); } } } - - # this will be deleted later when code moves to $bug->set_all - my $changed = $bug->set_all($args); - $product_change ||= $changed; } # Flags should be set AFTER the bug has been moved into another product/component. |