Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsole...

author Frédéric Buclin <LpSolit@gmail.com>

Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm

index 982435a3ac4231b27bdaa2b5514afaf2ebe65824..ba6c25736a3be8ffaa6c3c6418f6fdc87042c0d3 100644 (file)
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -766,11 +766,8 @@ sub validate_obsolete {
          $attachment->validate_can_edit($bug->product_id)
            || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
  
-        $vars->{'description'} = $attachment->description;
-
          if ($attachment->bug_id != $bug->bug_id) {
              $vars->{'my_bug_id'} = $bug->bug_id;
-            $vars->{'attach_bug_id'} = $attachment->bug_id;
              ThrowUserError('mismatched_bug_ids_on_obsolete', $vars);
          }
author	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 13 Nov 2012 17:19:46 +0000 (18:19 +0100)