Closed
Bug 312933
Opened 20 years ago
Closed 20 years ago
Query.cgi leaks product names
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.22
People
(Reporter: bugreport, Assigned: bugreport)
Details
Attachments
(1 file, 1 obsolete file)
|
900 bytes,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
Classification.pm populates query.cgi's bug form with a list of products even
when they are not selectable.
|
Assignee | |
Comment 1•20 years ago
|
||
This is seen in 2.21 but I believe it is in 2.20 as well.
|
|
Assignee | |
Comment 2•20 years ago
|
||
This does not exist on 2.20. Only on 2.21
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.22
Version: 2.20 → 2.21
|
|
Assignee | |
Comment 3•20 years ago
|
||
This restricts the products listed to those the user is permitted to select.
It also fixes the inconsistent ordering of the products.
Attachment #200052 -
Flags: review?
|
||
Comment 4•20 years ago
|
||
Comment on attachment 200052 [details] [diff] [review]
fix v1
Classification.pm is user-independent.
Attachment #200052 -
Flags: review? → review-
|
|
||
Comment 5•20 years ago
|
||
Classification.pm is user-independent. Moreover, in query.cgi, line 299, I can read:
if (Param('useclassification')) {
$vars->{'classification'} = $user->get_selectable_classifications;
}
User::get_selectable_classifications only returns classifications you can see.
So I see no issue here. If there is one, then it's in this method in User.pm,
not in Classification.pm.
Group: webtools-security
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Target Milestone: Bugzilla 2.22 → ---
|
|
Assignee | |
Updated•20 years ago
|
Group: webtools-security
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: Clasisifcation.pm returns product list to search form without checking selectability → Query.cgi leaks product names
|
|
Assignee | |
Comment 6•20 years ago
|
||
Since this does not effect a release version, we can drop the security flag....
this leaks through the template....
template/en/default/search/form.html.tmpl
[% FOREACH c = classification %]
prods[[% nclass FILTER js %]] = [
[%- FOREACH item = c.products %]'[% item.name FILTER js %]'[% ", " UNLESS
loop.last %] [%- END -%] ];
[% nclass = nclass+1 %]
[% END %]
which blindly polulates the structures used by the javascript code
Group: webtools-security
|
|
Assignee | |
Updated•20 years ago
|
Target Milestone: --- → Bugzilla 2.22
|
|
Assignee | |
Comment 7•20 years ago
|
||
Assignee: general → bugreport
Attachment #200052 -
Attachment is obsolete: true
Status: REOPENED → ASSIGNED
Attachment #200073 -
Flags: review?(LpSolit)
|
|
||
Comment 8•20 years ago
|
||
Comment on attachment 200073 [details] [diff] [review]
keep the change to the template
r=LpSolit
Attachment #200073 -
Flags: review?(LpSolit) → review+
|
|
Assignee | |
Updated•20 years ago
|
Flags: approval?
|
||
Updated•20 years ago
|
Flags: approval? → approval+
|
|
Assignee | |
Comment 9•20 years ago
|
||
Checking in template/en/default/search/form.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/search/form.html.tmpl,v
<-- form.html.tmpl
new revision: 1.34; previous revision: 1.33
done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•