Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions…

Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions - Patch by Joel Peshkin <bugreport@peshkin.net> r=LpSolit a=justdave

Bug 308662: [SECURITY] User matching bypasses 'usevisibilitygroups' restrictions…
88d7ced2 · lpsolit%gmail.com · 9910fc71 · 88d7ced2
Commit 88d7ced2 authored Oct 01, 2005 by lpsolit%gmail.com
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

User.pm Bugzilla/User.pm +2 -2

No files found.
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -711,10 +711,10 @@ sub match {
        if (&::Param('usevisibilitygroups')) {
            $query .= ", user_group_map";
        }
-        $query     .= " WHERE " .
+        $query     .= " WHERE (" .
                $dbh->sql_position($sqlstr, 'LOWER(login_name)') . " > 0" .
                      " OR " .
-                $dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0";
+                $dbh->sql_position($sqlstr, 'LOWER(realname)') . " > 0)";
        if (&::Param('usevisibilitygroups')) {
            $query .= " AND user_group_map.user_id = userid" .
                      " AND isbless = 0" .