Closed
Bug 96099
Opened 24 years ago
Closed 24 years ago
empty QA contact allows users who aren't lgged in to bypass group security
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Bugzilla
Bugzilla-General
Tracking
()
RESOLVED
FIXED
Bugzilla 2.14
People
(Reporter: bbaetz, Assigned: myk)
References
()
Details
Attachments
(1 file)
|
1.38 KB,
patch
|
Details | Diff | Splinter Review |
Also see bug 96085.
If qa contacts are disabled, or the field is empty, then non logged in users can
see bugs they don't have permission to see. (Bug 28698, which is nsconf, was
open until I added nobody@mozilla.org to be the QA contact)
If you're logged in, or the QA contact doesn't have the ability to see the bug
anyway, then this doesn't occur.
I don't think its possible to have an empty reporter or assignee, so I couldn't
test if those were also affected.
|
Assignee | |
Comment 1•24 years ago
|
||
|
||
Comment 2•24 years ago
|
||
Tested on http://landfill.tequilarista.org/bz92593 ... looks good.
r=jake
|
||
Comment 3•24 years ago
|
||
2.14 release blocker
Assignee: justdave → myk
Severity: critical → blocker
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.14
|
|
||
Updated•24 years ago
|
|
|
Assignee | |
Comment 4•24 years ago
|
||
Checked in.
|
|
||
Comment 5•24 years ago
|
||
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → unspecified
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•