From: mkanat%bugzilla.org <>
Date: Thu, 23 Jul 2009 02:16:57 +0000 (+0000)
Subject: Bug 505592: Make add_see_also and remove_see_also call check_can_change_field
X-Git-Tag: bugzilla-3.4~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d32f24052dff03afd34884400d8f0394d01301b9;p=thirdparty%2Fbugzilla.git

Bug 505592: Make add_see_also and remove_see_also call check_can_change_field
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
---

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 9b0bac1e19..64a53b8a13 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -2426,6 +2426,14 @@ sub add_see_also {
     # case-sensitive, but most of our DBs are case-insensitive, so we do
     # this check case-insensitively.
     if (!grep { lc($_) eq lc($result) } @{ $self->see_also }) {
+        my $privs;
+        my $can = $self->check_can_change_field('see_also', '', $result, \$privs);
+        if (!$can) {
+            ThrowUserError('illegal_change', { field    => 'see_also',
+                                               newvalue => $result,
+                                               privs    => $privs });
+        }
+
         push(@{ $self->see_also }, $result);
     }
 }
@@ -2433,7 +2441,15 @@ sub add_see_also {
 sub remove_see_also {
     my ($self, $url) = @_;
     my $see_also = $self->see_also;
-    @$see_also = grep { lc($_) ne lc($url) } @$see_also;
+    my @new_see_also = grep { lc($_) ne lc($url) } @$see_also;
+    my $privs;
+    my $can = $self->check_can_change_field('see_also', $see_also, \@new_see_also, \$privs);
+    if (!$can) {
+        ThrowUserError('illegal_change', { field    => 'see_also',
+                                           oldvalue => $url,
+                                           privs    => $privs });
+        }
+    $self->{see_also} = \@new_see_also;
 }
 
 #####################################################################