From a98d0a4b0900f7de34608511a3c96305dcf1b0c7 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Wed, 1 Nov 2006 08:58:15 +0000 Subject: [PATCH] =?utf8?q?Bug=20351337:=20Users=20can=20add=20bugs=20to=20?= =?utf8?q?groups=20that=20they=20are=20members=20of,=20even=20if=20the=20g?= =?utf8?q?roup=20controls=20are=20NA/NA=20-=20Patch=20by=20Fr=C3=83=C2=A9d?= =?utf8?q?=C3=83=C2=A9ric=20Buclin=20=20r=3Dmkanat=20a?= =?utf8?q?=3Dmyk?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- post_bug.cgi | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/post_bug.cgi b/post_bug.cgi index 5213549940..dd6d020d82 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -364,14 +364,24 @@ foreach my $b (grep(/^bit-\d*$/, $cgi->param())) { $vars->{'bit'} = $v; ThrowCodeError("inactive_group"); } - my ($permit) = $user->in_group_id($v); - if (!$permit) { - SendSQL("SELECT othercontrol FROM group_control_map - WHERE group_id = $v AND product_id = $product_id"); - my ($othercontrol) = FetchSQLData(); - $permit = (($othercontrol == CONTROLMAPSHOWN) - || ($othercontrol == CONTROLMAPDEFAULT)); - } + my ($membercontrol, $othercontrol) = + $dbh->selectrow_array('SELECT membercontrol, othercontrol + FROM group_control_map + WHERE group_id = ? AND product_id = ?', + undef, ($v, $product_id)); + + # If these values are undefined or zero, then this group + # cannot be a valid one for this product. + next unless ($membercontrol || $othercontrol); + + my $permit = ($user->in_group_id($v) + && ($membercontrol == CONTROLMAPSHOWN + || $membercontrol == CONTROLMAPDEFAULT)) + || + (!$user->in_group_id($v) + && ($othercontrol == CONTROLMAPSHOWN + || $othercontrol == CONTROLMAPDEFAULT)); + if ($permit) { push(@groupstoadd, $v) } -- 2.47.2