Closed
Bug 544434
Opened 14 years ago
Closed 13 years ago
describecomponents.cgi only lists enterable products
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.2
People
(Reporter: reed, Assigned: michaelc)
References
()
Details
Attachments
(1 file)
|
1.12 KB,
patch
|
Wurblzap
:
review+
|
Details | Diff | Splinter Review |
STR: 1. Go to https://bugzilla.mozilla.org/describecomponents.cgi 2. Notice "Mozilla Stats" product is missing 3. Go to https://bugzilla.mozilla.org/describecomponents.cgi?product=Mozilla%20Stats 4. See components for "Mozilla Stats" product Note that the "Mozilla Stats" product currently has a group control with Default/Mandatory, ENTRY. I think this is just a bug rather than a security issue, but it's possible that this might have some security implications...
|
||
Comment 1•14 years ago
|
||
On 3.5.3, the product with "Default/Mandatory"
* can view in /enter_bug.cgi?classification=__all
* can view in /describecomponents.cgi
* can view in /describecomponents.cgi?product=xxxx
In the description at editproducts,
> Bugs in this product are permitted to be restricted to this group and are
> placed in this group by default. Users who are members of this group will be
> able to place bugs in this group. Non-members will be forced to place bugs in
> this group on entry.
So, I think it's not a problem that we can view in /describecomponents.cgi?product=xxxx.
|
||
Comment 2•14 years ago
|
||
(In reply to comment #0) > I think this is just a bug rather than a security issue, but it's possible that > this might have some security implications... No, it has no security implications. The group settings are not Mandatory/Mandatory, so the product is public.
|
|
||
Comment 3•14 years ago
|
||
describecomponents.cgi should list enterable products when called from enter_bug.cgi, else it should list selectable products. Currently, it only lists enterable products, always, which is not expected when called from query.cgi or by clicking the "Browse" component.
Severity: normal → minor
Summary: Product not displayed on describecomponents.cgi can be accessed via 'product' parameter → describecomponents.cgi only lists enterable products
|
||
Comment 4•14 years ago
|
||
Hmm, yeah. Maybe just making it list accessible products would be the simplest solution.
|
Assignee | |
Comment 6•13 years ago
|
||
|
|
||
Updated•13 years ago
|
Attachment #560589 -
Flags: review?
|
||
Comment 7•13 years ago
|
||
Comment on attachment 560589 [details] [diff] [review] Changes get_enterable_products to get_accessible_products r=Wurblzap by inspection. This does what comment 4 says.
Attachment #560589 -
Flags: review? → review+
|
|
||
Updated•13 years ago
|
Assignee: general → michaelc
Flags: approval?
Flags: approval4.2?
Target Milestone: --- → Bugzilla 4.2
|
|
||
Updated•13 years ago
|
Status: NEW → ASSIGNED
Flags: approval?
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
|
|
||
Comment 8•13 years ago
|
||
I will let wurblzap commit this one. :)
|
|
||
Comment 9•13 years ago
|
||
Trunk: Committing to: bzr+ssh://wurblzap%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified describecomponents.cgi Committed revision 8001. Branch: Committing to: bzr+ssh://wurblzap%40gmail.com@bzr.mozilla.org/bugzilla/4.2/ modified describecomponents.cgi Committed revision 7953. Thanks for the patch, Michael!
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•