From 5d17c6384fffceab2c19bf3744010a840420d2d3 Mon Sep 17 00:00:00 2001 From: "bzrmirror%bugzilla.org" Date: Thu, 2 Jan 2014 23:30:43 +0000 Subject: [PATCH] Bug 952284 - Tags set to private comments should not be disclosed to everybody in the bug activity table r=LpSolit,a=sgreen git-svn-id: svn://10.0.0.236/trunk@265164 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/webtools/bugzilla/.bzrrev | 2 +- mozilla/webtools/bugzilla/Bugzilla/Bug.pm | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev index 0a107d004aa..fbd458fcd76 100644 --- a/mozilla/webtools/bugzilla/.bzrrev +++ b/mozilla/webtools/bugzilla/.bzrrev @@ -1 +1 @@ -8848 \ No newline at end of file +8849 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/Bugzilla/Bug.pm b/mozilla/webtools/bugzilla/Bugzilla/Bug.pm index f0476c898ce..b4e8c361a57 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/Bug.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/Bug.pm @@ -3872,6 +3872,15 @@ sub get_activity { && $include_comment_tags && !$attach_id) { + # Only includes comment tag activity for comments the user is allowed to see. + $suppjoins = ""; + $suppwhere = ""; + if (!Bugzilla->user->is_insider) { + $suppjoins = "INNER JOIN longdescs + ON longdescs.comment_id = longdescs_tags_activity.comment_id"; + $suppwhere = "AND longdescs.isprivate = 0"; + } + $query .= " UNION ALL SELECT 'comment_tag' AS name, @@ -3883,8 +3892,10 @@ sub get_activity { longdescs_tags_activity.comment_id as comment_id FROM longdescs_tags_activity INNER JOIN profiles ON profiles.userid = longdescs_tags_activity.who + $suppjoins WHERE longdescs_tags_activity.bug_id = ? $datepart + $suppwhere "; push @args, $self->id; push @args, $starttime if defined $starttime;