[SECURITY] Bug 219690: When deleting products and the 'usebuggroups' parameter is...

Patch by Stefan Mayr <S.Mayr2@cadenas.de>
r= justdave, joel  a= justdave

diff --git a/editproducts.cgi b/editproducts.cgi
index 8ef01ebe15757da8de7214e214f35006b163e10c..4c1bb5a8c78187593f92b4c77cd11493af825169 100755 (executable)
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -686,8 +686,9 @@ if ($action eq 'delete') {
             # I'm merely checking to make sure that the groupset is not
             # the superuser groupset in doing this update...
             SendSQL("UPDATE profiles " .
-                    "SET groupset = groupset - $bit " .
-                    "WHERE (groupset & $bit) " .
+                    "SET groupset = (groupset | $bit) - $bit, " .
+                    "blessgroupset = (blessgroupset | $bit) - $bit " .
+                    "WHERE ((groupset & $bit) or (blessgroupset & $bit)) " .
                     "AND (groupset != $::superusergroupset)");
             print "Users dropped from group '$group_desc'.<BR>\n";