From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 26 Jul 2012 21:09:32 +0000 (+0200)
Subject: Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is... 
X-Git-Tag: bugzilla-3.6.10~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b99bee4e257dbce259fbb5b86a2ae12260bbd375;p=thirdparty%2Fbugzilla.git

Bug 777586: (CVE-2012-1969) [SECURITY] The description of private attachments is still visible to unauthorized users when mentioned in a comment
r=glob a=LpSolit
---

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index bb5ff5eda7..153812e96f 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -266,13 +266,16 @@ sub quoteUrls {
 sub get_attachment_link {
     my ($attachid, $link_text) = @_;
     my $dbh = Bugzilla->dbh;
+    my $user = Bugzilla->user;
 
     my $attachment = new Bugzilla::Attachment($attachid);
 
     if ($attachment) {
         my $title = "";
         my $className = "";
-        if (Bugzilla->user->can_see_bug($attachment->bug_id)) {
+        if ($user->can_see_bug($attachment->bug_id)
+            && (!$attachment->isprivate || $user->is_insider))
+        {
             $title = $attachment->description;
         }
         if ($attachment->isobsolete) {