Bug 283085 : post_bug.cgi can be used to know which products do not exist and which...

Patch by Frederic Buclin <LpSolit@gmail.com>   r=myk   a=myk

diff --git a/post_bug.cgi b/post_bug.cgi
index 3e5b289a8a5a85b3cf2c67bf5b468e4db64aecf1..4f545fbb2ddca75615c467579a2907fb685e59de 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -78,12 +78,13 @@ $template->process($format->{'template'}, $vars, \$comment)
 
 ValidateComment($comment);
 
+# Check that the product exists and that the user
+# is allowed to submit bugs in this product.
 my $product = $::FORM{'product'};
-my $product_id = get_product_id($product);
-if (!$product_id) {
-    ThrowUserError("invalid_product_name",
-                   { product => $product });
+if (!CanEnterProduct($product)) {
+    ThrowUserError("entry_access_denied", {product => $product});
 }
+my $product_id = get_product_id($product);
 
 # Set cookies
 if (exists $::FORM{'product'}) {
@@ -106,10 +107,6 @@ if (defined $::FORM{'maketemplate'}) {
 umask 0;
 
 # Some sanity checking
-if (!CanEnterProduct($product)) {
-    ThrowUserError("entry_access_denied", {product => $product});
-}
-
 my $component_id = get_component_id($product_id, $::FORM{component});
 $component_id || ThrowUserError("require_component");