Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as…

Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description r=gerv a=LpSolit

Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as…
a9aa1020 · Frédéric Buclin · 1b925f4b · a9aa1020
Commit a9aa1020 authored Nov 13, 2012 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 3 deletions

Attachment.pm Bugzilla/Attachment.pm +0 -3

No files found.
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -766,11 +766,8 @@ sub validate_obsolete {
        $attachment->validate_can_edit($bug->product_id)
          || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });

-        $vars->{'description'} = $attachment->description;
-
        if ($attachment->bug_id != $bug->bug_id) {
            $vars->{'my_bug_id'} = $bug->bug_id;
-            $vars->{'attach_bug_id'} = $attachment->bug_id;
            ThrowUserError('mismatched_bug_ids_on_obsolete', $vars);
        }