From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 26 Jul 2012 21:07:23 +0000 (+0200)
Subject: Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is... 
X-Git-Tag: bugzilla-4.0.7~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fdf177d91adbc64d88361ac7d9c062e5c3d73cb;p=thirdparty%2Fbugzilla.git

Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment
r=glob a=LpSolit
---

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index cc3d006135..801d702964 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -270,13 +270,16 @@ sub quoteUrls {
 sub get_attachment_link {
     my ($attachid, $link_text) = @_;
     my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
 
     my $attachment = new Bugzilla::Attachment($attachid);
 
     if ($attachment) {
         my $title = "";
         my $className = "";
-        if (Bugzilla->user->can_see_bug($attachment->bug_id)) {
+        if ($user->can_see_bug($attachment->bug_id)
+            && (!$attachment->isprivate || $user->is_insider))
+        {
             $title = $attachment->description;
         }
         if ($attachment->isobsolete) {