Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment

Browse Source 
r=glob a=LpSolit


git-svn-id: svn://10.0.0.236/branches/BUGZILLA-4_0-BRANCH@264073 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
mkanat%bugzilla.org 2012-07-26 21:16:55 +00:00
parent db54375ddd
commit 5902c5d0cb
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
7713
7714

5
mozilla/webtools/bugzilla/Bugzilla/Template.pm
View File

@ -270,13 +270,16 @@ sub quoteUrls {
sub get_attachment_link {
my ($attachid, $link_text) = @_;
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
my $attachment = new Bugzilla::Attachment($attachid);
if ($attachment) {
my $title = "";
my $className = "";
if (Bugzilla->user->can_see_bug($attachment->bug_id)) {
if ($user->can_see_bug($attachment->bug_id)
&& (!$attachment->isprivate || $user->is_insider))
{
$title = $attachment->description;
}
if ($attachment->isobsolete) {