Bug 309952: (CVE-2010-1204) [SECURITY] Make boolean chart searches with time

tracking fields no longer work for everybody
r=LpSolit, a=mkanat

diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index a764babe43c905d6cbdee168eb19d9200f2596b2..24adf009482ca40d8be8a760a02bda9d5ac94e84 100644 (file)
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -870,6 +870,12 @@ sub init {
     my %chartfields = @{$dbh->selectcol_arrayref(
         q{SELECT name, id FROM fielddefs}, { Columns=>[1,2] })};
 
+    if (!$user->is_timetracker) {
+        foreach my $tt_field (TIMETRACKING_FIELDS) {
+            delete $chartfields{$tt_field};
+        }
+    }
+
     my ($sequence, $chartid);
     $row = 0;
     for ($chart=-1 ;