]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a9e45d6)
Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions...
authorlpsolit%gmail.com <>
Sat, 1 Oct 2005 05:28:04 +0000 (05:28 +0000)
committerlpsolit%gmail.com <>
Sat, 1 Oct 2005 05:28:04 +0000 (05:28 +0000)
Bugzilla/User.pm patch | blob | blame | history

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 3a3cace197ae2ae0822312ac0633dff766c40bfb..cfa3429206942b69cbdbd9fca074081a0920a5dc 100644 (file)
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -713,10 +713,10 @@ sub match {
         if (&::Param('usevisibilitygroups')) {
             $query .= ", user_group_map";
         }
-        $query     .= " WHERE " .
+        $query     .= " WHERE (" .
                 $dbh->sql_position($sqlstr, 'LOWER(login_name)') . " > 0" .
                       " OR " .
-                $dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0";
+                $dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0)";
         if (&::Param('usevisibilitygroups')) {
             $query .= " AND user_group_map.user_id = userid" .
                       " AND isbless = 0" .
Mirror of https://github.com/bugzilla/bugzilla.git