From 033ca7a49c822c65e66e4a35182564af5d076f9c Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 21 Aug 2006 00:31:10 +0000 Subject: [PATCH] r1110: In showreport.php, $bug[product] is converted into a string, but a lot of can_perform()s are called using that value, so we copy it before we convert it into $bug[productid] and use that. This fixes permission checks across the board... er file. --- docs/changes.txt | 1 + showreport.php | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index d0adfd2..466f87c 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -16,6 +16,7 @@ - Fixed a bug that would cause searching to result in a SQL error - Added better checking of hidden bugs for the favorites list - Better permissions checking in vote.php, viewattachment.php, attachment.php, showhistory.php, and favorite.php +- Fixed numerous permission checks in showreport.php 1.1.0 Beta 1 ================== diff --git a/showreport.php b/showreport.php index bf1c699..ced7bb5 100644 --- a/showreport.php +++ b/showreport.php @@ -208,6 +208,7 @@ $favoritetext = ($favorite ? _('Remove from Favorites') : _('Add to Favorites')) $bug['userinfo'] = construct_user_display($bug); $bug['datetime'] = $datef->format($bugsys->options['dateformat'], $bug['dateline']); +$bug['productid'] = $bug['product']; $bug['product'] = $bugsys->datastore['product']["$bug[product]"]['title']; $bug['component'] = ($bug['component'] ? $bugsys->datastore['product']["$bug[component]"]['title'] : ''); $bug['version'] = $bugsys->datastore['version']["$bug[version]"]['version']; @@ -247,8 +248,8 @@ foreach ($words AS $word) // ------------------------------------------------------------------- // attachments -$show['getattachments'] = ((can_perform('cangetattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false); -$show['putattachments'] = ((can_perform('canputattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false); +$show['getattachments'] = ((can_perform('cangetattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false); +$show['putattachments'] = ((can_perform('canputattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false); $show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false; if ($show['getattachments'] OR $show['putattachments']) @@ -269,7 +270,7 @@ if ($show['getattachments'] OR $show['putattachments']) while ($attachment = $db->fetch_array($attachments_fetch)) { $attaches = true; - $show['editattach'] = ((can_perform('caneditattach', $bug['product']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['product']))) ? true : false); + $show['editattach'] = ((can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))) ? true : false); $attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']); $attachment['user'] = construct_user_display($attachment, false); eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";'); @@ -304,7 +305,7 @@ $comments_fetch = $db->query(" FROM " . TABLE_PREFIX . "comment AS comment LEFT JOIN " . TABLE_PREFIX . "user AS user ON (comment.userid = user.userid) - WHERE comment.bugid = $bug[bugid]" . (!can_perform('canviewhidden', $bug['product']) ? " + WHERE comment.bugid = $bug[bugid]" . (!can_perform('canviewhidden', $bug['productid']) ? " AND !hidden" : '') . " ORDER BY comment.dateline ASC" ); @@ -312,10 +313,10 @@ while ($comment = $db->fetch_array($comments_fetch)) { $comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']); $comment['postby'] = construct_user_display($comment); - $show['editcomment'] = ((can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid'])); + $show['editcomment'] = ((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])); - $bugsys->debug('can edit own replies: ' . (int)(can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid'])); - $bugsys->debug('can edit other replies:' . (int)(can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid'])); + $bugsys->debug('can edit own replies: ' . (int)(can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid'])); + $bugsys->debug('can edit other replies:' . (int)(can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])); $bugsys->debug('$show[editcomment]: ' . $show['editcomment']); if (is_array($hilight)) @@ -331,7 +332,7 @@ while ($comment = $db->fetch_array($comments_fetch)) eval('$comments .= "' . $template->fetch('showreport_comment') . '";'); } -$show['newreply'] = (can_perform('canpostcomments', $bug['product']) ? true : false); +$show['newreply'] = (can_perform('canpostcomments', $bug['productid']) ? true : false); $bug['summary_title'] = $bug['summary']; if (is_array($hilight) AND !$show['edit']) -- 2.43.5