Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and...

r=dkl a=LpSolit

diff --git a/template/en/default/bug/field-events.js.tmpl b/template/en/default/bug/field-events.js.tmpl
index 06fba12450e5671407bd65e59705cabd0a794dbf..80e6799f103b5e656a617af740ed4af96294f3b8 100644 (file)
--- a/template/en/default/bug/field-events.js.tmpl
+++ b/template/en/default/bug/field-events.js.tmpl
@@ -19,12 +19,17 @@
 
 [%# INTERFACE:
   #   field: a Bugzilla::Field object
+  #   product: (optional) a Bugzilla::Product object.
   #%]
 
 [% FOREACH controlled_field = field.controls_visibility_of %]
+  [% vis_value = controlled_field.visibility_value %]
+  [% NEXT IF field.name == "product"
+             && vis_value.id != product.id
+             && !user.can_enter_product(vis_value) %]
+
   showFieldWhen('[% controlled_field.name FILTER js %]',
-                '[% field.name FILTER js %]',
-                '[% controlled_field.visibility_value.name FILTER js %]');
+                '[% field.name FILTER js %]', '[% vis_value.name FILTER js %]');
 [% END %]
 [% FOREACH legal_value = field.legal_values %]
   [% FOREACH controlled_field = legal_value.controlled_values.keys %]

diff --git a/template/en/default/bug/field.html.tmpl b/template/en/default/bug/field.html.tmpl
index bb678d79dfc97ee35635cf4319c19280a70cb597..d775d1f4ea7893893cbc6fccbe1842f2ab1e0149 100644 (file)
--- a/template/en/default/bug/field.html.tmpl
+++ b/template/en/default/bug/field.html.tmpl
@@ -171,7 +171,7 @@
         <script type="text/javascript">
         <!--
           initHidingOptionsForIE('[% field.name FILTER js %]');
-          [%+ INCLUDE "bug/field-events.js.tmpl" field = field %]
+          [%+ INCLUDE "bug/field-events.js.tmpl" field = field product = bug.product_obj %]
         //-->
         </script>