Commit 5fed7ece authored by's avatar

Bug 153461: describe components shouldn't give an error for a bad product

Patch: r=mkanat a=justdave
parent 26276ec4
......@@ -21,27 +21,25 @@
# Contributor(s): Terry Weissman <>
# Bradley Baetz <>
use vars qw(
use strict;
use lib qw(.);
use Bugzilla;
use Bugzilla::Constants;
require "";
use vars qw($vars @legal_product);
my $cgi = Bugzilla->cgi;
my $product = $cgi->param('product');
my $template = Bugzilla->template;
my $product = trim($cgi->param('product') || '');
my $product_id = get_product_id($product);
if (!defined $product) {
if (!$product_id || !CanEnterProduct($product)) {
# Reference to a subset of %::proddesc, which the user is allowed to see
my %products;
......@@ -63,43 +61,32 @@ if (!defined $product) {
elsif ($prodsize > 1) {
$::vars->{'proddesc'} = \%products;
$::vars->{'target'} = "describecomponents.cgi";
$vars->{'proddesc'} = \%products;
$vars->{'target'} = "describecomponents.cgi";
# If an invalid product name is given, or the user is not
# allowed to access that product, a message is displayed
# with a list of the products the user can choose from.
if ($product) {
$vars->{'message'} = "product_invalid";
$vars->{'product'} = $product;
print $cgi->header();
$::template->process("global/choose-product.html.tmpl", $::vars)
|| ThrowTemplateError($::template->error());
$template->process("global/choose-product.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
$product = (keys %products)[0];
# Make sure the user specified a valid product name. Note that
# if the user specifies a valid product name but is not authorized
# to access that product, they will receive a different error message
# which could enable people guessing product names to determine
# whether or not certain products exist in Bugzilla, even if they
# cannot get any other information about that product.
my $product_id = get_product_id($product);
if (!$product_id) {
{ product => $product });
# Make sure the user is authorized to access this product.
|| ThrowUserError("product_access_denied");
# End Data/Security Validation
my @components;
SendSQL("SELECT name, initialowner, initialqacontact, description FROM " .
"components WHERE product_id = $product_id ORDER BY " .
"components WHERE product_id = $product_id ORDER BY name");
while (MoreSQLData()) {
my ($name, $initialowner, $initialqacontact, $description) =
......@@ -116,10 +103,9 @@ while (MoreSQLData()) {
push @components, \%component;
$::vars->{'product'} = $product;
$::vars->{'components'} = \@components;
$vars->{'product'} = $product;
$vars->{'components'} = \@components;
print $cgi->header();
$::template->process("reports/components.html.tmpl", $::vars)
|| ThrowTemplateError($::template->error());
$template->process("reports/components.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
......@@ -135,6 +135,12 @@
<a href="editflagtypes.cgi">Back to flag types.</a>
[% ELSIF message_tag == "product_invalid" %]
[% title = "$terms.Bugzilla Component Descriptions" %]
The product <em>[% product FILTER html %]</em> does not exist
or you don't have access to it. The following is a list of the
products you can choose from.
[% ELSIF message_tag == "series_created" %]
[% title = "Series Created" %]
The series <em>[% series.category FILTER html %] /
......@@ -798,10 +798,6 @@
Patches cannot be more than [% Param('maxpatchsize') %] KB in size.
Try breaking your patch into several pieces.
[% ELSIF error == "product_access_denied" %]
[% title = "Access Denied" %]
You do not have the permissions necessary to access that product.
[% ELSIF error == "product_edit_denied" %]
[% title = "Product Edit Access Denied" %]
You are not permitted to edit [% terms.bugs %] in product
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment