From: justdave%syndicomm.com <> Date: Sat, 17 Nov 2001 16:18:33 +0000 (+0000) Subject: Fix for bug 108821: It was possible to change your own groupset by altering the page... X-Git-Tag: bugzilla-2.14.1~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b8b9ed0eb7216351e7db2a048767ab1773c0640;p=thirdparty%2Fbugzilla.git Fix for bug 108821: It was possible to change your own groupset by altering the page HTML before submitting on editusers.cgi if you had any blessgroupset privs. Patch by Myk Melez and Brad Baetz r= myk, bbaetz, jake --- diff --git a/editusers.cgi b/editusers.cgi index a2a6ee51b7..188cd05b5d 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -56,8 +56,8 @@ sub TestUser ($) # does the product exist? SendSQL("SELECT login_name - FROM profiles - WHERE login_name=" . SqlQuote($user)); + FROM profiles + WHERE login_name=" . SqlQuote($user)); return FetchOneColumn(); } @@ -67,15 +67,15 @@ sub CheckUser ($) # do we have a product? unless ($user) { - print "Sorry, you haven't specified a user."; + print "Sorry, you haven't specified a user."; PutTrailer(); - exit; + exit; } unless (TestUser $user) { - print "Sorry, user '$user' does not exist."; + print "Sorry, user '$user' does not exist."; PutTrailer(); - exit; + exit; } } @@ -202,24 +202,23 @@ sub EmitFormElements ($$$$$) sub PutTrailer (@) { - my (@links) = ("Back to the index", - "Add a new user", @_); + my (@links) = ("Back to the index", @_); my $count = $#links; my $num = 0; print "

\n"; foreach (@links) { - print $_; - if ($num == $count) { - print ".\n"; - } - elsif ($num == $count-1) { - print " or "; - } - else { - print ", "; - } - $num++; + print $_; + if ($num == $count) { + print ".\n"; + } + elsif ($num == $count-1) { + print " or "; + } + else { + print ", "; + } + $num++; } PutFooter(); } @@ -293,25 +292,20 @@ List users with login name matching: if ($action eq 'list') { PutHeader("Select user"); my $query = ""; - my $matchstr = $::FORM{'matchstr'}; if (exists $::FORM{'matchtype'}) { $query = "SELECT login_name,realname,disabledtext " . "FROM profiles WHERE login_name "; if ($::FORM{'matchtype'} eq 'substr') { $query .= "like"; - $matchstr = '%' . $matchstr . '%'; + $::FORM{'matchstr'} = '%' . $::FORM{'matchstr'} . '%'; } elsif ($::FORM{'matchtype'} eq 'regexp') { $query .= "regexp"; - $matchstr = '.' - unless $matchstr; } elsif ($::FORM{'matchtype'} eq 'notregexp') { $query .= "not regexp"; - $matchstr = '.' - unless $matchstr; } else { die "Unknown match type"; } - $query .= SqlQuote($matchstr) . " ORDER BY login_name"; + $query .= SqlQuote($::FORM{'matchstr'}) . " ORDER BY login_name"; } elsif (exists $::FORM{'query'}) { $query = "SELECT login_name,realname,disabledtext " . "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name"; @@ -335,21 +329,21 @@ if ($action eq 'list') { if ($count % 100 == 0) { print "$header"; } - my ($user, $realname, $disabledtext) = FetchSQLData(); + my ($user, $realname, $disabledtext) = FetchSQLData(); my $s = ""; my $e = ""; if ($disabledtext) { $s = ""; $e = ""; } - $realname ||= "missing"; - print "\n"; - print " $s$user$e\n"; - print " $s$realname$e\n"; + $realname ||= "missing"; + print "\n"; + print " $s$user$e\n"; + print " $s$realname$e\n"; if ($candelete) { print " Delete\n"; } - print ""; + print ""; } if ($editall && !Param('useLDAP')) { print "\n"; @@ -452,10 +446,10 @@ if ($action eq 'new') { exit; } if (TestUser($user)) { - print "The user '$user' does already exist. Please press\n"; - print "Back and try again.\n"; + print "The user '$user' does already exist. Please press\n"; + print "Back and try again.\n"; PutTrailer($localtrailer); - exit; + exit; } my $passworderror = ValidatePassword($password); if ( $passworderror ) { @@ -509,7 +503,7 @@ if ($action eq 'new') { print "To change ${user}'s permissions, go back and edit this user"; print "

\n"; PutTrailer($localtrailer, - "add another user."); + "add another user."); exit; } @@ -537,7 +531,7 @@ if ($action eq 'del') { # display some data about the user SendSQL("SELECT realname, groupset FROM profiles - WHERE login_name=" . SqlQuote($user)); + WHERE login_name=" . SqlQuote($user)); my ($realname, $groupset) = FetchSQLData(); $realname ||= "missing"; @@ -559,12 +553,12 @@ if ($action eq 'del') { print " Group set:\n"; print " "; SendSQL("SELECT name - FROM groups + FROM groups WHERE bit & $groupset = bit - ORDER BY isbuggroup, name"); + ORDER BY isbuggroup, name"); my $found = 0; while ( MoreSQLData() ) { - my ($name) = FetchSQLData(); + my ($name) = FetchSQLData(); print "
\n" if $found; print ucfirst $name; $found = 1; @@ -577,23 +571,23 @@ if ($action eq 'del') { my $nodelete = ''; SendSQL("SELECT program, value - FROM components + FROM components WHERE initialowner=" . DBname_to_id($user)); $found = 0; while (MoreSQLData()) { - if ($found) { - print "
\n"; - } else { - print "\n"; - print " Initial owner:\n"; - print " "; - } - my ($product, $component) = FetchSQLData(); - print "$product: $component"; - $found = 1; - $nodelete = 'initial bug owner'; + if ($found) { + print "
\n"; + } else { + print "\n"; + print " Initial owner:\n"; + print " "; + } + my ($product, $component) = FetchSQLData(); + print "$product: $component"; + $found = 1; + $nodelete = 'initial bug owner'; } print "\n" if $found; @@ -601,23 +595,23 @@ if ($action eq 'del') { # Check if the user is an initialqacontact SendSQL("SELECT program, value - FROM components + FROM components WHERE initialqacontact=" . DBname_to_id($user)); $found = 0; while (MoreSQLData()) { - if ($found) { - print "
\n"; - } else { - print "\n"; - print " Initial QA contact:\n"; - print " "; - } - my ($product, $component) = FetchSQLData(); - print "$product: $component"; - $found = 1; - $nodelete = 'initial QA contact'; + if ($found) { + print "
\n"; + } else { + print "\n"; + print " Initial QA contact:\n"; + print " "; + } + my ($product, $component) = FetchSQLData(); + print "$product: $component"; + $found = 1; + $nodelete = 'initial QA contact'; } print "\n" if $found; @@ -625,10 +619,10 @@ if ($action eq 'del') { if ($nodelete) { - print "

You can't delete this user because '$user' is an $nodelete ", - "for at least one product."; - PutTrailer($localtrailer); - exit; + print "

You can't delete this user because '$user' is an $nodelete ", + "for at least one product."; + PutTrailer($localtrailer); + exit; } @@ -665,14 +659,14 @@ if ($action eq 'delete') { CheckUser($user); SendSQL("SELECT userid - FROM profiles - WHERE login_name=" . SqlQuote($user)); + FROM profiles + WHERE login_name=" . SqlQuote($user)); my $userid = FetchOneColumn(); SendSQL("DELETE FROM profiles - WHERE login_name=" . SqlQuote($user)); + WHERE login_name=" . SqlQuote($user)); SendSQL("DELETE FROM logincookies - WHERE userid=" . $userid); + WHERE userid=" . $userid); print "User deleted.
\n"; PutTrailer($localtrailer); @@ -693,8 +687,8 @@ if ($action eq 'edit') { # get data of user SendSQL("SELECT realname, groupset, blessgroupset, disabledtext - FROM profiles - WHERE login_name=" . SqlQuote($user)); + FROM profiles + WHERE login_name=" . SqlQuote($user)); my ($realname, $groupset, $blessgroupset, $disabledtext) = FetchSQLData(); @@ -740,17 +734,17 @@ if ($action eq 'update') { my $groupset = "0"; foreach (keys %::FORM) { - next unless /^bit_/; - #print "$_=$::FORM{$_}
\n"; + next unless /^bit_/; + #print "$_=$::FORM{$_}
\n"; detaint_natural($::FORM{$_}) || die "Groupset field tampered with"; - $groupset .= " + $::FORM{$_}"; + $groupset .= " + $::FORM{$_}"; } my $blessgroupset = "0"; foreach (keys %::FORM) { - next unless /^blbit_/; - #print "$_=$::FORM{$_}
\n"; + next unless /^blbit_/; + #print "$_=$::FORM{$_}
\n"; detaint_natural($::FORM{$_}) || die "Blessgroupset field tampered with"; - $blessgroupset .= " + $::FORM{$_}"; + $blessgroupset .= " + $::FORM{$_}"; } CheckUser($userold); @@ -788,15 +782,15 @@ if ($action eq 'update') { "($u, $::userid, now(), $fieldid, " . " $groupsetold, $groupset)"); } - print "Updated permissions.\n"; + print "Updated permissions.\n"; } } if ($editall && $blessgroupset ne $blessgroupsetold) { SendSQL("UPDATE profiles - SET blessgroupset=" . $blessgroupset . " - WHERE login_name=" . SqlQuote($userold)); - print "Updated ability to tweak permissions of other users.\n"; + SET blessgroupset=" . $blessgroupset . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated ability to tweak permissions of other users.\n"; } # Update the database with the user's new password if they changed it. @@ -815,39 +809,39 @@ if ($action eq 'update') { } if ($editall && $realname ne $realnameold) { SendSQL("UPDATE profiles - SET realname=" . SqlQuote($realname) . " - WHERE login_name=" . SqlQuote($userold)); - print "Updated real name.
\n"; + SET realname=" . SqlQuote($realname) . " + WHERE login_name=" . SqlQuote($userold)); + print "Updated real name.
\n"; } if ($editall && $disabledtext ne $disabledtextold) { SendSQL("UPDATE profiles - SET disabledtext=" . SqlQuote($disabledtext) . " - WHERE login_name=" . SqlQuote($userold)); + SET disabledtext=" . SqlQuote($disabledtext) . " + WHERE login_name=" . SqlQuote($userold)); SendSQL("SELECT userid - FROM profiles - WHERE login_name=" . SqlQuote($userold)); + FROM profiles + WHERE login_name=" . SqlQuote($user)); my $userid = FetchOneColumn(); SendSQL("DELETE FROM logincookies - WHERE userid=" . $userid); - print "Updated disabled text.
\n"; + WHERE userid=" . $userid); + print "Updated disabled text.
\n"; } if ($editall && $user ne $userold) { - unless ($user) { - print "Sorry, I can't delete the user's name."; + unless ($user) { + print "Sorry, I can't delete the user's name."; PutTrailer($localtrailer); - exit; + exit; } - if (TestUser($user)) { - print "Sorry, user name '$user' is already in use."; + if (TestUser($user)) { + print "Sorry, user name '$user' is already in use."; PutTrailer($localtrailer); - exit; + exit; } SendSQL("UPDATE profiles - SET login_name=" . SqlQuote($user) . " - WHERE login_name=" . SqlQuote($userold)); + SET login_name=" . SqlQuote($user) . " + WHERE login_name=" . SqlQuote($userold)); - print "Updated user's name.
\n"; + print "Updated user's name.
\n"; } PutTrailer($localtrailer);