Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi…

Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi appear editable by users with no privs - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

Bug 370921: reporter_accessible and cclist_accessible checkboxes in show_bug.cgi…
275a10ab · lpsolit%gmail.com · 9de3481e · 275a10ab · 275a10ab
Commit 275a10ab authored Jun 20, 2007 by lpsolit%gmail.com
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 12 deletions

process_bug.cgi process_bug.cgi +10 -10

edit.html.tmpl template/en/default/bug/edit.html.tmpl +4 -2

No files found.
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -671,17 +671,17 @@ if (defined $cgi->param('id')) {
        q{SELECT group_id FROM bug_group_map WHERE bug_id = ?},
        undef, $cgi->param('id'));
    if ( $havegroup ) {
+        foreach my $field ('reporter_accessible', 'cclist_accessible') {
+            if ($bug->check_can_change_field($field, 0, 1, \$PrivilegesRequired)) {
                DoComma();
-        $cgi->param('reporter_accessible',
+                $cgi->param($field, $cgi->param($field) ? '1' : '0');
-                    $cgi->param('reporter_accessible') ? '1' : '0');
+                $::query .= " $field = ?";
-        $::query .= "reporter_accessible = ?";
+                push(@values, $cgi->param($field));
-        push(@values, $cgi->param('reporter_accessible'));
+            }
+            else {
-        DoComma();
+                $cgi->delete($field);
-        $cgi->param('cclist_accessible',
+            }
-                    $cgi->param('cclist_accessible') ? '1' : '0');
+        }
-        $::query .= "cclist_accessible = ?";
-        push(@values, $cgi->param('cclist_accessible'));
    }
 }

--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -518,11 +518,13 @@
      <p>
        <input type="checkbox" value="1"
               name="reporter_accessible" id="reporter_accessible"
-               [% " checked" IF bug.reporter_accessible %]>
+               [% " checked" IF bug.reporter_accessible %]
+               [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("reporter_accessible", 0, 1) %]>
        <label for="reporter_accessible">Reporter</label>
        <input type="checkbox" value="1"
               name="cclist_accessible" id="cclist_accessible"
-               [% " checked" IF bug.cclist_accessible %]>
+               [% " checked" IF bug.cclist_accessible %]
+               [% " disabled=\"disabled\"" UNLESS bug.check_can_change_field("cclist_accessible", 0, 1) %]>
        <label for="cclist_accessible">CC List</label>
      </p>
    [% END %]