Bug 314198: Fix leaking list of product names in query.cgi

Patch by Joel Peshkin <bugreport@peshkin.net> r=lpsolit, a=justdave

Bug 314198: Fix leaking list of product names in query.cgi
7cb75c8a · bugreport%peshkin.net · 9a161bbf · 7cb75c8a
Commit 7cb75c8a authored Nov 01, 2005 by bugreport%peshkin.net
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

search-specific.html.tmpl template/en/default/search/search-specific.html.tmpl +6 -4

No files found.
--- a/template/en/default/search/search-specific.html.tmpl
+++ b/template/en/default/search/search-specific.html.tmpl
@@ -74,10 +74,12 @@ for "crash secure SSL flash".
          [% FOREACH c = classification %]
            <optgroup label="[% c.name FILTER html %]">
            [% FOREACH p = c.products %]
-              <option value="[% p.name FILTER html %]"
-                [% " selected" IF lsearch(default.product, p.name) != -1 %]>
-                [% p.name FILTER html %]
-              </option>
+              [% IF user.can_see_product(p.name) %]
+                <option value="[% p.name FILTER html %]"
+                  [% " selected" IF lsearch(default.product, p.name) != -1 %]>
+                  [% p.name FILTER html %]
+                </option>
+              [% END %]
            [% END %]
            </optgroup>
          [% END %]