From 69588e633dccd0466eae6ae9875fe8b03de763ec Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 19 Dec 2005 22:30:35 +0000 Subject: [PATCH] r633: Subscription is just one permission to check for; we also need to make sure the user can actually view bugs --- favourite.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/favourite.php b/favourite.php index b4e4d8a..28b0f92 100644 --- a/favourite.php +++ b/favourite.php @@ -33,7 +33,7 @@ if ($_REQUEST['do'] == 'handle') $message->error($lang->getlex('error_invalid_id')); } - if (!can_perform('cansubscribe', $bug['productid'])) + if (!can_perform('cansubscribe', $bug['productid']) OR !can_perform('canviewbugs', $bug['productid'])) { $message->error_permission(); } -- 2.43.5