Skip to content

bugzilla
bugzilla
Commit 3805f522 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 455099: Some methods in Search.pm use the wrong user object to check privs -…

Bug 455099: Some methods in Search.pm use the wrong user object to check privs - Patch by Fré©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
parent ac1f49a8
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 43 deletions
Bugzilla/Search.pm
View file @ 3805f522
...@@ -369,7 +369,7 @@ sub init { ...@@ -369,7 +369,7 @@ sub init {
my $sql_deadlinefrom; my $sql_deadlinefrom;
my $sql_deadlineto; my $sql_deadlineto;
if (Bugzilla->user->in_group(Bugzilla->params->{'timetrackinggroup'})){ if ($user->is_timetracker) {
my $deadlinefrom; my $deadlinefrom;
my $deadlineto; my $deadlineto;
...@@ -1292,12 +1292,7 @@ sub _commenter_exact { ...@@ -1292,12 +1292,7 @@ sub _commenter_exact {
$$sequence++; $$sequence++;
} }
my $table = "longdescs_$chartseq"; my $table = "longdescs_$chartseq";
my $extra = ""; my $extra = $user->is_insider ? "" : "AND $table.isprivate < 1";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $table.isprivate < 1";
}
push(@$supptables, "LEFT JOIN longdescs AS $table " . push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra " . "ON $table.bug_id = bugs.bug_id $extra " .
"AND $table.who IN ($match)"); "AND $table.who IN ($match)");
...@@ -1316,12 +1311,7 @@ sub _commenter { ...@@ -1316,12 +1311,7 @@ sub _commenter {
$$sequence++; $$sequence++;
} }
my $table = "longdescs_$chartseq"; my $table = "longdescs_$chartseq";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $table.isprivate < 1";
}
$$f = "login_name"; $$f = "login_name";
$$ff = "profiles.login_name"; $$ff = "profiles.login_name";
$$funcsbykey{",$$t"}($self, %func_args); $$funcsbykey{",$$t"}($self, %func_args);
...@@ -1340,12 +1330,7 @@ sub _long_desc { ...@@ -1340,12 +1330,7 @@ sub _long_desc {
@func_args{qw(chartid supptables f)}; @func_args{qw(chartid supptables f)};
my $table = "longdescs_$$chartid"; my $table = "longdescs_$$chartid";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $table.isprivate < 1";
}
push(@$supptables, "LEFT JOIN longdescs AS $table " . push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra"); "ON $table.bug_id = bugs.bug_id $extra");
$$f = "$table.thetext"; $$f = "$table.thetext";
...@@ -1358,12 +1343,7 @@ sub _longdescs_isprivate { ...@@ -1358,12 +1343,7 @@ sub _longdescs_isprivate {
@func_args{qw(chartid supptables f)}; @func_args{qw(chartid supptables f)};
my $table = "longdescs_$$chartid"; my $table = "longdescs_$$chartid";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate < 1";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $table.isprivate < 1";
}
push(@$supptables, "LEFT JOIN longdescs AS $table " . push(@$supptables, "LEFT JOIN longdescs AS $table " .
"ON $table.bug_id = bugs.bug_id $extra"); "ON $table.bug_id = bugs.bug_id $extra");
$$f = "$table.isprivate"; $$f = "$table.isprivate";
...@@ -1505,12 +1485,7 @@ sub _attach_data_thedata { ...@@ -1505,12 +1485,7 @@ sub _attach_data_thedata {
my $atable = "attachments_$$chartid"; my $atable = "attachments_$$chartid";
my $dtable = "attachdata_$$chartid"; my $dtable = "attachdata_$$chartid";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $atable.isprivate = 0";
}
push(@$supptables, "INNER JOIN attachments AS $atable " . push(@$supptables, "INNER JOIN attachments AS $atable " .
"ON bugs.bug_id = $atable.bug_id $extra"); "ON bugs.bug_id = $atable.bug_id $extra");
push(@$supptables, "INNER JOIN attach_data AS $dtable " . push(@$supptables, "INNER JOIN attach_data AS $dtable " .
...@@ -1525,12 +1500,7 @@ sub _attachments_submitter { ...@@ -1525,12 +1500,7 @@ sub _attachments_submitter {
@func_args{qw(chartid supptables f)}; @func_args{qw(chartid supptables f)};
my $atable = "map_attachment_submitter_$$chartid"; my $atable = "map_attachment_submitter_$$chartid";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $atable.isprivate = 0";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $atable.isprivate = 0";
}
push(@$supptables, "INNER JOIN attachments AS $atable " . push(@$supptables, "INNER JOIN attachments AS $atable " .
"ON bugs.bug_id = $atable.bug_id $extra"); "ON bugs.bug_id = $atable.bug_id $extra");
push(@$supptables, "LEFT JOIN profiles AS attachers_$$chartid " . push(@$supptables, "LEFT JOIN profiles AS attachers_$$chartid " .
...@@ -1546,12 +1516,7 @@ sub _attachments { ...@@ -1546,12 +1516,7 @@ sub _attachments {
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $table = "attachments_$$chartid"; my $table = "attachments_$$chartid";
my $extra = ""; my $extra = $self->{'user'}->is_insider ? "" : "AND $table.isprivate = 0";
if (Bugzilla->params->{"insidergroup"}
&& !Bugzilla->user->in_group(Bugzilla->params->{"insidergroup"}))
{
$extra = "AND $table.isprivate = 0";
}
push(@$supptables, "INNER JOIN attachments AS $table " . push(@$supptables, "INNER JOIN attachments AS $table " .
"ON bugs.bug_id = $table.bug_id $extra"); "ON bugs.bug_id = $table.bug_id $extra");
$$f =~ m/^attachments\.(.*)$/; $$f =~ m/^attachments\.(.*)$/;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment