diff options
| author |   Simon Green <sgreen@redhat.com> | 2013-02-19 18:13:13 +0100 |
|---|---|---|
| committer |   Frédéric Buclin <LpSolit@gmail.com> | 2013-02-19 18:13:13 +0100 |
| commit | b3ecc440b5f77f71b450e7e552891f3e7a0e42ea (patch) | |
| tree | fed70e71d5103ff4039d5e441ae6a6a2c0bbe378 /buglist.cgi | |
| parent | Bug 832262: Release notes for Bugzilla 4.4rc2 (diff) | |
| download | bugzilla-b3ecc440b5f77f71b450e7e552891f3e7a0e42ea.tar.gz bugzilla-b3ecc440b5f77f71b450e7e552891f3e7a0e42ea.tar.bz2 bugzilla-b3ecc440b5f77f71b450e7e552891f3e7a0e42ea.zip | |
Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the existence of products and components you cannot access
r/a=LpSolit
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi index cd8ae2111..fbdbb8593 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -736,7 +736,10 @@ $::SIG{PIPE} = 'DEFAULT'; my ($data, $extra_data) = $search->data; $vars->{'search_description'} = $search->search_description; -if ($cgi->param('debug')) { +if ($cgi->param('debug') + && Bugzilla->params->{debug_group} + && $user->in_group(Bugzilla->params->{debug_group}) +) { $vars->{'debug'} = 1; $vars->{'queries'} = $extra_data; my $query_time = 0; |