Bug 341867: post_bug.cgi lets users with editbugs and canconfirm privs enter bugs...

diff --git a/post_bug.cgi b/post_bug.cgi
index 94f224940e352053fba3a1541f1a304a1dae8d77..521354994086d84e0ec2f2dd1fe18a52be0e39ef 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -171,19 +171,19 @@ if (Param("useqacontact")) {
     }
 }
 
-if (UserInGroup("editbugs") || UserInGroup("canconfirm")) {
-    # Default to NEW if the user hasn't selected another status
-    if (!defined $cgi->param('bug_status')) {
-        $cgi->param(-name => 'bug_status', -value => "NEW");
+my $votes_to_confirm = $dbh->selectrow_array('SELECT votestoconfirm
+                                              FROM products WHERE id = ?',
+                                              undef, $product_id);
+my $bug_status = 'UNCONFIRMED';
+if ($votes_to_confirm) {
+    # Default to NEW if the user with privs hasn't selected another status.
+    if (UserInGroup('editbugs') || UserInGroup('canconfirm')) {
+        $bug_status = scalar($cgi->param('bug_status')) || 'NEW';
     }
 } else {
-    # Default to UNCONFIRMED if we are using it, NEW otherwise
-    $cgi->param(-name => 'bug_status', -value => 'UNCONFIRMED');
-    SendSQL("SELECT votestoconfirm FROM products WHERE id = $product_id");
-    if (!FetchOneColumn()) {   
-        $cgi->param(-name => 'bug_status', -value => "NEW");
-    }
+    $bug_status = 'NEW';
 }
+$cgi->param(-name => 'bug_status', -value => $bug_status);
 
 if (!defined $cgi->param('target_milestone')) {
     SendSQL("SELECT defaultmilestone FROM products WHERE name=$sql_product");