Closed Bug 282267 Opened 19 years ago Closed 19 years ago

product name is checked twice in enter_bug.cgi

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Version:
2.19.2
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.20

People

(Reporter: LpSolit, Assigned: LpSolit)

Details

Attachments

(1 file)

patch, v1
669 bytes, patch
mkanat
: review+
Details | Diff | Splinter Review 
if(!CanEnterProduct($product))
{
    ThrowUserError("entry_access_denied", { product => $product});         
}

GetVersionTable();

if (lsearch(\@::enterable_products, $product) == -1) {
    ThrowUserError("invalid_product_name", { product => $product});
}


CanEnterProduct() checks that the product exists and that the user is allowed to
enter bugs in this product. If not, an error message is displayed in a way such
that the user cannot distinguish between an invalid product name and a product
which requires privs, for confidential reasons. Then, the second check is useless.
Attached patch patch, v1Splinter Review 

        Attachment #174330 -
        Flags: review?(justdave)

    
    

    
  
Doesn't that just mean that the invalid_ check should be moved *above* the other
check, so that we get a sensible message if we have an invalid product?
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.20

    
    

    
  
Comment on attachment 174330 [details] [diff] [review]
patch, v1

r=mkanat on inspection and discussion with LpSolit in IRC.

        Attachment #174330 -
        Flags: review?(justdave) → review+

    
  
Flags: approval?
Flags: approval? → approval+

    
    

    
  
Checking in enter_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/enter_bug.cgi,v  <--  enter_bug.cgi
new revision: 1.104; previous revision: 1.103
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.