Skip to content

bugzilla
bugzilla
Commit 88d7ced2 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions…

Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions - Patch by Joel Peshkin <bugreport@peshkin.net> r=LpSolit a=justdave
parent 9910fc71
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
Bugzilla/User.pm
View file @ 88d7ced2
...@@ -711,10 +711,10 @@ sub match { ...@@ -711,10 +711,10 @@ sub match {
if (&::Param('usevisibilitygroups')) { if (&::Param('usevisibilitygroups')) {
$query .= ", user_group_map"; $query .= ", user_group_map";
} }
$query .= " WHERE " . $query .= " WHERE (" .
$dbh->sql_position($sqlstr, 'LOWER(login_name)') . " > 0" . $dbh->sql_position($sqlstr, 'LOWER(login_name)') . " > 0" .
" OR " . " OR " .
$dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0"; $dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0)";
if (&::Param('usevisibilitygroups')) { if (&::Param('usevisibilitygroups')) {
$query .= " AND user_group_map.user_id = userid" . $query .= " AND user_group_map.user_id = userid" .
" AND isbless = 0" . " AND isbless = 0" .
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment