From: justdave%syndicomm.com <>
Date: Mon, 3 Nov 2003 11:25:51 +0000 (+0000)
Subject: [SECURITY] Bug 209742: Under some circumstances, a user can obtain component descript... 
X-Git-Tag: bugzilla-2.17.5~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a30e5f2cf9b04a8a377186ecb3b90b4311d23894;p=thirdparty%2Fbugzilla.git

[SECURITY] Bug 209742: Under some circumstances, a user can obtain component descriptions for a product to which he does not normally have access.
Patch by Ryan Cleary <tryanc@interdimensions.com>
r= joel, bbaetz   a= justdave
---

diff --git a/describecomponents.cgi b/describecomponents.cgi
index ff7f46ac87..05af919491 100755
--- a/describecomponents.cgi
+++ b/describecomponents.cgi
@@ -46,7 +46,7 @@ if (!defined $::FORM{'product'}) {
     # Reference to a subset of %::proddesc, which the user is allowed to see
     my %products;
 
-    if (AnyDefaultGroups()) {
+    if (AnyEntryGroups()) {
         # OK, now only add products the user can see
         confirm_login() unless $::userid;
         foreach my $p (@::legal_product) {