From: preed%sigkill.com <> Date: Sat, 11 May 2002 17:01:29 +0000 (+0000) Subject: Bugs 126801, 141557: backported security patches for the 2.14.1 branch; backport... X-Git-Tag: bugzilla-2.14.2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=778ed7d1cab498230281407ff932f5f78f66fd88;p=thirdparty%2Fbugzilla.git Bugs 126801, 141557: backported security patches for the 2.14.1 branch; backport=preed, 2xr=gerv --- diff --git a/editusers.cgi b/editusers.cgi index 188cd05b5d..cc56966d7f 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -521,6 +521,7 @@ if ($action eq 'del') { if (!$candelete) { print "Sorry, deleting users isn't allowed."; PutTrailer(); + exit; } if (!$editall) { print "Sorry, you don't have permissions to delete users."; @@ -650,6 +651,7 @@ if ($action eq 'delete') { if (!$candelete) { print "Sorry, deleting users isn't allowed."; PutTrailer(); + exit; } if (!$editall) { print "Sorry, you don't have permissions to delete users."; diff --git a/queryhelp.cgi b/queryhelp.cgi index 5d312b2db8..6a2a6880f2 100755 --- a/queryhelp.cgi +++ b/queryhelp.cgi @@ -19,8 +19,8 @@ # Rights Reserved. # # Contributor(s): Brian Bober -# Terry Weissman -# Tara Hernandez +# Terry Weissman +# Tara Hernandez use vars %::FORM; @@ -585,40 +585,41 @@ $line_count = 0; $max_table_size = 50; my @products; -$tableheader = qq{

}; + print qq{ }; } -print qq{ +print qq{
- - - - }; +$tableheader = qq{

ProductDescription
+ + + + }; print qq{ - $tableheader + $tableheader }; SendSQL("SELECT product,description FROM products ORDER BY product"); - while (MoreSQLData()) { + while (MoreSQLData()) { - my ($product, $productdesc) = FetchSQLData(); - push (@products, $product); + my ($product, $productdesc) = FetchSQLData(); + next if (Param("usebuggroups") && GroupExists($product) && !UserInGroup($product)); + push (@products, $product); - $line_count++; - if ($line_count > $max_table_size) { - print qq{ -
ProductDescription
- $tableheader - }; - $line_count=1; - } + $line_count++; + if ($line_count > $max_table_size) { + print qq{ +
+ $tableheader + }; + $line_count=1; + } - print qq{
$product$productdesc
$product$productdesc
}; @@ -642,41 +643,41 @@ entered instead (milestones explained below). $line_count = 0; $tableheader = qq{ -

- - - - - +

+

ComponentProductDescription
+ + + + }; -print qq{ +print qq{

Component

Each product has components, against which bugs can be filed. Components are parts of the product, and are assigned to a module owner. The following lists components and their associated products: - $tableheader + $tableheader }; foreach $product (@products) { - SendSQL("SELECT value,description FROM components WHERE program=" . SqlQuote($product) . " ORDER BY value"); + SendSQL("SELECT value,description FROM components WHERE program=" . SqlQuote($product) . " ORDER BY value"); - while (MoreSQLData()) { + while (MoreSQLData()) { - my ($component, $compdesc) = FetchSQLData(); + my ($component, $compdesc) = FetchSQLData(); - $line_count++; - if ($line_count > $max_table_size) { - print qq{ -

ComponentProductDescription
- $tableheader - }; - $line_count=0; - } - print qq{$component$product$compdesc}; - } + $line_count++; + if ($line_count > $max_table_size) { + print qq{ + + $tableheader + }; + $line_count=0; + } + print qq{$component$product$compdesc}; + } } @@ -884,9 +885,9 @@ queries, but it's not the easiest thing to learn (or explain).

-   -