Bug 309952: (CVE-2010-1204) [SECURITY] Make boolean chart searches with time

tracking fields no longer work for everybody r=LpSolit, a=mkanat

Bug 309952: (CVE-2010-1204) [SECURITY] Make boolean chart searches with time
14944e84 · Max Kanat-Alexander · 92f35343 · 14944e84
Commit 14944e84 authored Jun 24, 2010 by Max Kanat-Alexander
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

Search.pm Bugzilla/Search.pm +6 -0

No files found.
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -870,6 +870,12 @@ sub init {
    my %chartfields = @{$dbh->selectcol_arrayref(
        q{SELECT name, id FROM fielddefs}, { Columns=>[1,2] })};

+    if (!$user->is_timetracker) {
+        foreach my $tt_field (TIMETRACKING_FIELDS) {
+            delete $chartfields{$tt_field};
+        }
+    }
+
    my ($sequence, $chartid);
    $row = 0;
    for ($chart=-1 ;