From: lpsolit%gmail.com <>
Date: Tue, 4 Jul 2006 16:51:56 +0000 (+0000)
Subject: Bug 341867: post_bug.cgi lets users with editbugs and canconfirm privs enter bugs... 
X-Git-Tag: bugzilla-2.22.1~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bd4676289bd83be3740a76ee446f5f2a377503b;p=thirdparty%2Fbugzilla.git

Bug 341867: post_bug.cgi lets users with editbugs and canconfirm privs enter bugs as UNCONFIRMED even when votes_to_confirm is 0 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=bkor a=myk
---

diff --git a/post_bug.cgi b/post_bug.cgi
index 94f224940e..5213549940 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -171,19 +171,19 @@ if (Param("useqacontact")) {
     }
 }
 
-if (UserInGroup("editbugs") || UserInGroup("canconfirm")) {
-    # Default to NEW if the user hasn't selected another status
-    if (!defined $cgi->param('bug_status')) {
-        $cgi->param(-name => 'bug_status', -value => "NEW");
+my $votes_to_confirm = $dbh->selectrow_array('SELECT votestoconfirm
+                                              FROM products WHERE id = ?',
+                                              undef, $product_id);
+my $bug_status = 'UNCONFIRMED';
+if ($votes_to_confirm) {
+    # Default to NEW if the user with privs hasn't selected another status.
+    if (UserInGroup('editbugs') || UserInGroup('canconfirm')) {
+        $bug_status = scalar($cgi->param('bug_status')) || 'NEW';
     }
 } else {
-    # Default to UNCONFIRMED if we are using it, NEW otherwise
-    $cgi->param(-name => 'bug_status', -value => 'UNCONFIRMED');
-    SendSQL("SELECT votestoconfirm FROM products WHERE id = $product_id");
-    if (!FetchOneColumn()) {   
-        $cgi->param(-name => 'bug_status', -value => "NEW");
-    }
+    $bug_status = 'NEW';
 }
+$cgi->param(-name => 'bug_status', -value => $bug_status);
 
 if (!defined $cgi->param('target_milestone')) {
     SendSQL("SELECT defaultmilestone FROM products WHERE name=$sql_product");