Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and...

author Frédéric Buclin <LpSolit@gmail.com>

Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl

index c18e1c53546387b73b504ba8ec76f68ffa4e581b..ea000f2f36691c44fb7262152a0ddf19af28e6ab 100644 (file)
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -248,7 +248,7 @@ TUI_hide_default('expert_fields');
        <script type="text/javascript">
         <!--
           [%+ INCLUDE "bug/field-events.js.tmpl" 
-                    field = bug_fields.component %]
+                    field = bug_fields.component product = product %]
         //-->
         </script>
      </td>
diff --git a/template/en/default/bug/field-events.js.tmpl b/template/en/default/bug/field-events.js.tmpl

index f9e0ea93dc166699f931fb30e087ef36ed59d650..ab3ba77f9448832d3db6703cc238ef57c36c1a11 100644 (file)
--- a/template/en/default/bug/field-events.js.tmpl
+++ b/template/en/default/bug/field-events.js.tmpl
@@ -19,12 +19,18 @@
  
  [%# INTERFACE:
    #   field: a Bugzilla::Field object
+  #   product: (optional) a Bugzilla::Product object.
    #%]
  
  [% FOREACH controlled_field = field.controls_visibility_of %]
+  [% vis_value = controlled_field.visibility_value %]
+  [% NEXT IF field.name == "product"
+             && vis_value.id != product.id
+             && !user.can_enter_product(vis_value) %]
+  [% NEXT IF field.name == "component" && vis_value.product_id != product.id %]
+
    showFieldWhen('[% controlled_field.name FILTER js %]',
-                '[% field.name FILTER js %]',
-                '[% controlled_field.visibility_value.name FILTER js %]');
+                '[% field.name FILTER js %]', '[% vis_value.name FILTER js %]');
  [% END %]
  [% FOREACH legal_value = field.legal_values %]
    [% FOREACH controlled_field = legal_value.controlled_values.keys %]
diff --git a/template/en/default/bug/field.html.tmpl b/template/en/default/bug/field.html.tmpl

index b014a6e6fbe03cef73f0237248cf6d1c53ff2d45..3ec7f1767017ed39ba9dd1c9de075fcf14d93714 100644 (file)
--- a/template/en/default/bug/field.html.tmpl
+++ b/template/en/default/bug/field.html.tmpl
@@ -154,7 +154,7 @@
          <script type="text/javascript">
          <!--
            initHidingOptionsForIE('[% field.name FILTER js %]');
-          [%+ INCLUDE "bug/field-events.js.tmpl" field = field %]
+          [%+ INCLUDE "bug/field-events.js.tmpl" field = field product = bug.product_obj %]
          //-->
          </script>
author	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 13 Nov 2012 17:10:31 +0000 (18:10 +0100)
template/en/default/bug/create/create.html.tmpl		patch \| blob \| blame \| history
template/en/default/bug/field-events.js.tmpl		patch \| blob \| blame \| history
template/en/default/bug/field.html.tmpl		patch \| blob \| blame \| history