Bug 283085 : post_bug.cgi can be used to know which products do not exist and which...

Patch by Frederic Buclin <LpSolit@gmail.com>   r=myk   a=myk

diff --git a/post_bug.cgi b/post_bug.cgi
index 60807afb38bf7764e0811af97541a0af12300b05..609993d93a54a3d71a1dba8163b9f33a8afaa90f 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -77,12 +77,13 @@ $template->process($format->{'template'}, $vars, \$comment)
 
 ValidateComment($comment);
 
+# Check that the product exists and that the user
+# is allowed to submit bugs in this product.
 my $product = $::FORM{'product'};
-my $product_id = get_product_id($product);
-if (!$product_id) {
-    ThrowUserError("invalid_product_name",
-                   { product => $product });
+if (!CanEnterProduct($product)) {
+    ThrowUserError("entry_access_denied", {product => $product});
 }
+my $product_id = get_product_id($product);
 
 # Set cookies
 my $cookiepath = Param("cookiepath");
@@ -106,10 +107,6 @@ if (defined $::FORM{'maketemplate'}) {
 umask 0;
 
 # Some sanity checking
-if (!CanEnterProduct($product)) {
-    ThrowUserError("entry_access_denied", {product => $product});
-}
-
 my $component_id = get_component_id($product_id, $::FORM{component});
 $component_id || ThrowUserError("require_component");