Fix for bug 108821: Prevent users with any blessgroupset privileges from blessing any group set.

Patch by Jake <jake@acutex.net> and Bradley <bbaetz@cs.mcgill.ca>. r=jake,myk for Bradley's portion, r=bbaetz,myk for Jake's portion.

Fix for bug 108821: Prevent users with any blessgroupset privileges from blessing any group set.
6f66681a · myk%mozilla.org · 4b5278c7 · 6f66681a
Commit 6f66681a authored Nov 08, 2001 by myk%mozilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

editusers.cgi editusers.cgi +4 -1

No files found.
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -742,12 +742,14 @@ if ($action eq 'update') {
    foreach (keys %::FORM) {
        next unless /^bit_/;
        #print "$_=$::FORM{$_}<br>\n";
+        detaint_natural($::FORM{$_}) || die "Groupset field tampered with";
        $groupset .= " + $::FORM{$_}";
    }
    my $blessgroupset = "0";
    foreach (keys %::FORM) {
        next unless /^blbit_/;
        #print "$_=$::FORM{$_}<br>\n";
+        detaint_natural($::FORM{$_}) || die "Blessgroupset field tampered with";
        $blessgroupset .= " + $::FORM{$_}";
    }

@@ -767,7 +769,8 @@ if ($action eq 'update') {
        } else {
           SendSQL("UPDATE profiles
                    SET groupset =
-                         groupset - (groupset & $opblessgroupset) + $groupset
+                         groupset - (groupset & $opblessgroupset) + 
+                         (($groupset) & $opblessgroupset)
                    WHERE login_name=" . SqlQuote($userold));

           # I'm paranoid that someone who I give the ability to bless people