]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a839c5d)
[SECURITY] Bug 263780: Exporting a bug to XML exposes user comments and attachment...
authorjustdave%bugzilla.org <>
Mon, 25 Oct 2004 14:26:56 +0000 (14:26 +0000)
committerjustdave%bugzilla.org <>
Mon, 25 Oct 2004 14:26:56 +0000 (14:26 +0000)
Patch by Joel Peshkin <bugreport@peshkin.net>
r=vladd,justdave, a=justdave

show_bug.cgi patch | blob | blame | history
template/en/default/bug/show.xml.tmpl patch | blob | blame | history

diff --git a/show_bug.cgi b/show_bug.cgi
index 7a568e3f54ec23dc53b69f66f1cff40e72776cb4..2eb42d3c1a0519eb8cc458aa0e89899e465fa575 100755 (executable)
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -100,6 +100,10 @@ if ($cgi->param("field")) {
     @fieldlist = $cgi->param("field");
 }
 
+unless (UserInGroup(Param("timetrackinggroup"))) {
+    @fieldlist = grep($_ !~ /_time$/, @fieldlist);
+}
+
 foreach (@fieldlist) {
     $displayfields{$_} = 1;
 }
diff --git a/template/en/default/bug/show.xml.tmpl b/template/en/default/bug/show.xml.tmpl
index 45ef1712a8ea7089e06c69e3912deb5e4248bf5f..34219c2080913a4604f24ada590fad0a9f2442f8 100644 (file)
--- a/template/en/default/bug/show.xml.tmpl
+++ b/template/en/default/bug/show.xml.tmpl
@@ -53,6 +53,7 @@
 
       [% IF displayfields.long_desc %]
         [% FOREACH c = bug.longdescs %]
+          [% NEXT IF c.isprivate && !UserInGroup(Param("insidergroup")) %]
           <long_desc>
             <who>[% c.email FILTER xml %]</who>
             <bug_when>[% c.time FILTER time FILTER xml %]</bug_when>
@@ -63,6 +64,7 @@
       
       [% IF displayfields.attachment %]
         [% FOREACH a = bug.attachments %]
+          [% NEXT IF a.isprivate && !UserInGroup(Param("insidergroup")) %]
           <attachment>
             <attachid>[% a.attachid %]</attachid>
             <date>[% a.date FILTER time FILTER xml %]</date>
Mirror of https://github.com/bugzilla/bugzilla.git