]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 23df77b)
[SECURITY] Bug 263780: Exporting a bug to XML exposes user comments and attachment...
authorjustdave%bugzilla.org <>
Mon, 25 Oct 2004 14:25:58 +0000 (14:25 +0000)
committerjustdave%bugzilla.org <>
Mon, 25 Oct 2004 14:25:58 +0000 (14:25 +0000)
Patch by Joel Peshkin <bugreport@peshkin.net>
r=vladd,justdave, a=justdave

show_bug.cgi patch | blob | blame | history
template/en/default/bug/show.xml.tmpl patch | blob | blame | history

diff --git a/show_bug.cgi b/show_bug.cgi
index 4803ff67bdeb34a74dce5a460c9f17fa561c40e9..03cf6f60d57570c29e7cc76823d14d806b699285 100755 (executable)
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -113,6 +113,10 @@ if ($cgi->param("field")) {
     @fieldlist = $cgi->param("field");
 }
 
+unless (UserInGroup(Param("timetrackinggroup"))) {
+    @fieldlist = grep($_ !~ /_time$/, @fieldlist);
+}
+
 foreach (@fieldlist) {
     $displayfields{$_} = 1;
 }
diff --git a/template/en/default/bug/show.xml.tmpl b/template/en/default/bug/show.xml.tmpl
index 97d3dee6752d63d734699f6d6817354114da2a43..37cead53dae2fb0f7e44e60059fbb3e929d89247 100644 (file)
--- a/template/en/default/bug/show.xml.tmpl
+++ b/template/en/default/bug/show.xml.tmpl
@@ -53,6 +53,7 @@
 
       [% IF displayfields.long_desc %]
         [% FOREACH c = bug.longdescs %]
+          [% NEXT IF c.isprivate && !UserInGroup(Param("insidergroup")) %]
           <long_desc>
             <who>[% c.email FILTER xml %]</who>
             <bug_when>[% c.time FILTER time FILTER xml %]</bug_when>
@@ -63,6 +64,7 @@
       
       [% IF displayfields.attachment %]
         [% FOREACH a = bug.attachments %]
+          [% NEXT IF a.isprivate && !UserInGroup(Param("insidergroup")) %]
           <attachment>
             <attachid>[% a.attachid %]</attachid>
             <date>[% a.date FILTER time FILTER xml %]</date>
Mirror of https://github.com/bugzilla/bugzilla.git