From 3a86d44c69d398e1749acec207f699312bcbc8de Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 21:53:02 +0000
Subject: [PATCH 01/16] r531: Spelling boo-boo in can_perform()

---
 includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/functions.php b/includes/functions.php
index a7c83f8..db2de4c 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -90,7 +90,7 @@ function can_perform($bitmask, $productid = 0)
 		
 		if (!in_array($bitmask, $inspecific))
 		{
-			return ($bugsys->datastore['permission']["$userinfo[usergroupid]"]["$productid"] & $_PREMISSION["$bitmask"]);
+			return ($bugsys->datastore['permission']["$userinfo[usergroupid]"]["$productid"] & $_PERMISSION["$bitmask"]);
 		}
 	}
 	
-- 
2.22.5


From 5e834fe0d8962e73b9f1fb56713b2d91342a5787 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:00:15 +0000
Subject: [PATCH 02/16] r532: - Removing NULL 2nd parameter from can_perform()
 - Cleaning up permissions to actually work with our new per-product system

---
 attachment.php  | 14 +++++++-------
 editcomment.php |  4 ++--
 editreport.php  | 12 ++++++------
 favourite.php   |  2 +-
 index.php       | 15 +++++++++++----
 newcomment.php  |  2 +-
 newreport.php   |  6 +++---
 showhistory.php |  2 +-
 showreport.php  | 38 +++++++++++++++++++-------------------
 vote.php        |  2 +-
 10 files changed, 52 insertions(+), 45 deletions(-)

diff --git a/attachment.php b/attachment.php
index 6bf64a2..bbd62f4 100755
--- a/attachment.php
+++ b/attachment.php
@@ -45,7 +45,7 @@ $log->bugid = $bug['bugid'];
 
 if ($_POST['do'] == 'insert')
 {
-	if (!can_perform('canputattach', null, $bug['productid']))
+	if (!can_perform('canputattach', $bug['productid']))
 	{
 		$message->error_permission();
 	}
@@ -108,7 +108,7 @@ if ($_POST['do'] == 'insert')
 	}
 	
 	// handle comment stuff
-	if (can_perform('canpostcomments', null, $bug['productid']) AND trim($bugsys->in['comment']))
+	if (can_perform('canpostcomments', $bug['productid']) AND trim($bugsys->in['comment']))
 	{
 		$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
 		
@@ -138,14 +138,14 @@ if ($_POST['do'] == 'insert')
 
 if ($_REQUEST['do'] == 'add')
 {
-	if (!can_perform('canputattach', null, $bug['productid']))
+	if (!can_perform('canputattach', $bug['productid']))
 	{
 		$message->error_permission();
 	}
 	
 	$MAXFILESIZE = $funct->fetch_max_attachment_size();
 	
-	$show['addcomment'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false);
+	$show['addcomment'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false);
 	$show['obsoletes'] = false;
 	
 	$obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete");
@@ -163,7 +163,7 @@ if ($_REQUEST['do'] == 'add')
 
 if ($_POST['do'] == 'update')
 {
-	if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))))
+	if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))))
 	{
 		$message->error_permission();
 	}
@@ -191,12 +191,12 @@ if ($_POST['do'] == 'update')
 
 if ($_REQUEST['do'] == 'edit')
 {
-	if (!(can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))))
+	if (!(can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))))
 	{
 		$message->error_permission();
 	}
 	
-	$show['delete'] = ((can_perform('caneditattach', null, $bug['productid'])) ? true : false);
+	$show['delete'] = ((can_perform('caneditattach', $bug['productid'])) ? true : false);
 	
 	eval('$template->flush("' . $template->fetch('editattach') . '");');
 }
diff --git a/editcomment.php b/editcomment.php
index 95395c6..2d7540f 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -35,12 +35,12 @@ if (!$comment)
 
 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
 
-if (!((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])))
+if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])))
 {
 	$message->error_permission();
 }
 
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 {
 	$message->error_permissison();
 }
diff --git a/editreport.php b/editreport.php
index 1260032..eb2b7d9 100644
--- a/editreport.php
+++ b/editreport.php
@@ -26,7 +26,7 @@ $bug = $db->query_first("
 	WHERE bug.bugid = " . intval($bugsys->in['bugid'])
 );
 
-if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])) AND !can_perform('canpostcomments', null, $bug['productid']))
+if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid']))
 {
 	$message->error_permission();
 }
@@ -36,7 +36,7 @@ if (!$bug)
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 {
 	$message->error_permission();
 }
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
 	// -------------------------------------------------------------------
 	// process comment stuff
-	if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
 	{
 		$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
 		
@@ -105,7 +105,7 @@ if ($_POST['do'] == 'update')
 		}
 	}
 	
-	if (!(((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) AND can_perform('caneditinfo', null, $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
 	{
 		$message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
 	}
@@ -155,12 +155,12 @@ if ($_POST['do'] == 'update')
 		UPDATE " . TABLE_PREFIX . "bug
 		SET summary = '" . $bugsys->in['summary'] . "',
 			severity = " . intval($bugsys->in['severity']) . "," .
-				(can_perform('canchangestatus', null, $bug['productid']) ? "
+				(can_perform('canchangestatus', $bug['productid']) ? "
 					priority = " . intval($bugsys->in['priority']) . ",
 					status = " . intval($bugsys->in['status']) . ",
 					resolution = " . intval($bugsys->in['resolution']) . ","
 				: '') . "
-			" . (can_perform('canassign', null, $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . "
+			" . (can_perform('canassign', $bug['productid']) ? "assignedto = " . intval($bugsys->in['assignedto']) . "," : '') . "
 			duplicateof = " . intval($bugsys->in['duplicateof']) . ",
 			dependency = '$dependencies',
 			productid = " . $pcv['product'] . ",
diff --git a/favourite.php b/favourite.php
index 256e43c..174d048 100644
--- a/favourite.php
+++ b/favourite.php
@@ -33,7 +33,7 @@ if (empty($_REQUEST['do']))
 if ($_REQUEST['do'] == 'handle')
 {
 	$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']));
-	if (!$bug OR (!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hidden']))
+	if (!$bug OR (!can_perform('canviewhidden', $bug['productid']) AND $bug['hidden']))
 	{
 		$message->error($lang->getlex('error_invalid_id'));
 	}
diff --git a/index.php b/index.php
index 5795d59..78d8eeb 100644
--- a/index.php
+++ b/index.php
@@ -32,7 +32,13 @@ if (!can_perform('canviewbugs'))
 // ###################################################################
 
 $pagination = new Pagination('p', 'pp');
-$count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "bug" . (!can_perform('canviewhidden') ? " WHERE !hidden" : ""));
+$count = $db->query_first("
+	SELECT COUNT(*) AS count
+	FROM " . TABLE_PREFIX . "bug
+	WHERE (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . ")))
+	AND productid IN (" . fetch_on_bits('canviewbugs') . ")"
+);
+
 $pagination->total = $count['count'];
 $pagination->split_pages();
 
@@ -44,8 +50,9 @@ $bugs_fetch = $db->query("
 	LEFT JOIN user AS user2
 		ON (bug.lastpostby = user2.userid)
 	LEFT JOIN user AS user3
-		ON (bug.hiddenlastpostby = user3.userid)" . ((!can_perform('canviewhidden')) ? "
-	WHERE !hidden" : "") . "
+		ON (bug.hiddenlastpostby = user3.userid)
+	WHERE bug.productid IN (" . fetch_on_bits('canviewbugs') . ")
+		AND (!hidden OR (hidden AND productid IN (" . fetch_on_bits('canviewhidden') . ")))
 	ORDER BY bug." . ((can_perform('canviewhidden')) ? "lastposttime" : "hiddenlastposttime") . " DESC
 	LIMIT " . $pagination->fetch_limit($pagination->page - 1) . ", " . $pagination->perpage
 );
@@ -59,7 +66,7 @@ while ($bug = $db->fetch_array($bugs_fetch))
 	$bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
 	$bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
 	
-	$bug['hiddendisplay'] = ((!can_perform('canviewhidden', null, $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false);
+	$bug['hiddendisplay'] = ((!can_perform('canviewhidden', $bug['productid']) AND $bug['hiddenlastposttime']) ? true : false);
 	
 	$bug['lastposttime'] = (($bug['hiddendisplay']) ? $bug['hiddenlastposttime'] : $bug['lastposttime']);
 	$bug['lastpost'] = (($bug['hiddendisplay']) ? $bug['hiddenlastpost'] : $bug['lastpost']);
diff --git a/newcomment.php b/newcomment.php
index 39ecd7b..917bddc 100644
--- a/newcomment.php
+++ b/newcomment.php
@@ -20,7 +20,7 @@ if (!$bug)
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-if (!can_perform('canpostcomments', null, $bug['productid'])))
+if (!can_perform('canpostcomments', $bug['productid'])))
 {
 	$message->error_permission();
 }
diff --git a/newreport.php b/newreport.php
index d305aa0..91dde63 100755
--- a/newreport.php
+++ b/newreport.php
@@ -21,7 +21,7 @@ $focus['newreport'] = 'focus';
 require_once('./global.php');
 require_once('./includes/functions_product.php');
 
-if (!can_perform('cansubmitbugs', null, intval($bugsys->in['productid'])))
+if (!can_perform('cansubmitbugs', intval($bugsys->in['productid'])))
 {
 	$message->error_permission();
 }
@@ -39,7 +39,7 @@ if ($_POST['do'] == 'insert')
 {
 	// -------------------------------------------------------------------
 	// check permissions on various input values
-	if (!can_perform('canchangestatus', null, intval($bugsys->in['productid'])))
+	if (!can_perform('canchangestatus', intval($bugsys->in['productid'])))
 	{
 		$bugsys->in['priority'] = $bugsys->options['defaultpriority'];
 		$bugsys->in['status'] = $bugsys->options['defaultstatus'];
@@ -60,7 +60,7 @@ if ($_POST['do'] == 'insert')
 			$bugsys->in['resolution'] = $bugsys->options['defaultresolve'];
 		}
 	}
-	if (!can_perform('canassign', null, intval($bugsys->in['productid'])))
+	if (!can_perform('canassign', intval($bugsys->in['productid'])))
 	{
 		$bugsys->in['assignedto'] = $bugsys->options['defaultassign'];
 	}
diff --git a/showhistory.php b/showhistory.php
index 7066d66..623433e 100644
--- a/showhistory.php
+++ b/showhistory.php
@@ -28,7 +28,7 @@ if (!$bug)
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 {
 	$message->error_permission();
 }
diff --git a/showreport.php b/showreport.php
index 9439125..5678e93 100644
--- a/showreport.php
+++ b/showreport.php
@@ -25,13 +25,6 @@ $focus['showreport'] = 'focus';
 require_once('./global.php');
 require_once('./includes/functions_product.php');
 
-if (!can_perform('canviewbugs'))
-{
-	$message->error_permission();
-}
-
-$show['edit'] = (((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')) ? true : false;
-
 $bugid = intval($bugsys->in['bugid']);
 
 // ###################################################################
@@ -69,12 +62,19 @@ $bug = $db->query_first("
 	WHERE bug.bugid = " . intval($bugsys->in['bugid'])
 );
 
+if (!can_perform('canviewbugs', $bug['productid']))
+{
+	$message->error_permission();
+}
+
+$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false;
+
 if (!is_array($bug))
 {
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-if ($bug['hidden'] AND !can_perform('canviewhidden', null, $bug['productid']))
+if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 {
 	$message->error_permission();
 }
@@ -97,16 +97,16 @@ if ($show['edit'])
 {
 	$select['severity'] = construct_datastore_select('severity', 'severity', 'severityid', $bug['severity']);
 	
-	$show['changestatus'] = ((can_perform('canchangestatus', null, $bug['productid'])) ? true : false);
-	if (can_perform('canchangestatus', null, $bug['productid']))
+	$show['changestatus'] = ((can_perform('canchangestatus', $bug['productid'])) ? true : false);
+	if (can_perform('canchangestatus', $bug['productid']))
 	{
 		$select['priority'] = construct_datastore_select('priority', 'priority', 'priorityid', $bug['priority']);
 		$select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
 		$select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);		
 	}
 	
-	$show['assign'] = ((can_perform('canassign', null, $bug['productid'])) ? true : false);
-	if (can_perform('canassign', null, $bug['productid']))
+	$show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false);
+	if (can_perform('canassign', $bug['productid']))
 	{
 		foreach ($bugsys->datastore['assignto'] AS $dev)
 		{
@@ -230,8 +230,8 @@ foreach ($words AS $word)
 
 // -------------------------------------------------------------------
 // attachments
-$show['getattachments'] = ((can_perform('cangetattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false);
-$show['putattachments'] = ((can_perform('canputattach', null, $bug['productid']) OR can_perform('caneditattach', null, $bug['productid'])) ? true : false);
+$show['getattachments'] = ((can_perform('cangetattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
+$show['putattachments'] = ((can_perform('canputattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
 $show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false;
 
 if ($show['getattachments'] OR $show['putattachments'])
@@ -250,7 +250,7 @@ if ($show['getattachments'] OR $show['putattachments'])
 	while ($attachment = $db->fetch_array($attachments_fetch))
 	{
 		$attaches = true;
-		$show['editattach'] = ((can_perform('caneditattach', null, $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', null, $bug['productid']))) ? true : false);
+		$show['editattach'] = ((can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))) ? true : false);
 		$attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']);
 		$attachment['user'] = construct_user_display($attachment, false);
 		eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";');
@@ -268,7 +268,7 @@ $vote['total'] = $vote['votefor'] + $vote['voteagainst'];
 $vote['forpercent'] = round($vote['votefor'] / $vote['total'], 3) * 100;
 $vote['againstpercent'] = round($vote['voteagainst'] / $vote['total'], 3) * 100;
 
-$show['vote'] = ((can_perform('canvote', null, $bug['productid']) AND !$vote['uservote']) ? true : false);
+$show['vote'] = ((can_perform('canvote', $bug['productid']) AND !$vote['uservote']) ? true : false);
 
 // -------------------------------------------------------------------
 // get comments
@@ -277,7 +277,7 @@ $comments_fetch = $db->query("
 	FROM " . TABLE_PREFIX . "comment AS comment
 	LEFT JOIN " . TABLE_PREFIX . "user AS user
 		ON (comment.userid = user.userid)
-	WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', null, $bug['productid'])) ? "
+	WHERE comment.bugid = $bug[bugid]" . ((!can_perform('canviewhidden', $bug['productid'])) ? "
 		AND !hidden" : '') . "
 	ORDER BY comment.dateline ASC"
 );
@@ -285,7 +285,7 @@ while ($comment = $db->fetch_array($comments_fetch))
 {
 	$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 	$comment['postby'] = construct_user_display($comment);
-	$show['editcomment'] = (((can_perform('caneditown', null, $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', null, $bug['productid'])) ? true : false);
+	$show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false);
 	
 	if (is_array($hilight))
 	{
@@ -300,7 +300,7 @@ while ($comment = $db->fetch_array($comments_fetch))
 	eval('$comments .= "' . $template->fetch('showreport_comment') . '";');
 }
 
-$show['newreply'] = ((can_perform('canpostcomments', null, $bug['productid'])) ? true : false);
+$show['newreply'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false);
 
 if (is_array($hilight))
 {
diff --git a/vote.php b/vote.php
index 9ce89dd..a556270 100644
--- a/vote.php
+++ b/vote.php
@@ -30,7 +30,7 @@ if ($_REQUEST['do'] == 'vote')
 	$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !bug.hidden" : ''));
 	$vote =  $db->query_first("SELECT *, FIND_IN_SET(" . $bugsys->userinfo['userid'] . ", userids) AS uservote FROM " . TABLE_PREFIX . "vote WHERE bugid = $bug[bugid]");
 	
-	if (!can_perform('canvote', null, $bug['productid']))
+	if (!can_perform('canvote', $bug['productid']))
 	{
 		$message->error_permission();
 	}
-- 
2.22.5


From 551988ff8847b89b4b3aeba0eb907048baaa684c Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:24:47 +0000
Subject: [PATCH 03/16] r533: - Permission check cleanup - Splt caneditinfo
 into two permissions: caneditotherreply and caneditownreply for comment
 editing

---
 admin/permission.php             |  5 +++--
 admin/usergroup.php              |  5 +++--
 editcomment.php                  |  2 +-
 editreport.php                   |  6 +++---
 includes/init.php                |  9 +++++----
 showreport.php                   | 15 +++++++++++++--
 templates/showreport_comment.tpl |  2 +-
 7 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/admin/permission.php b/admin/permission.php
index 9847f8f..de844d7 100755
--- a/admin/permission.php
+++ b/admin/permission.php
@@ -39,8 +39,9 @@ $permissions = array(
 	
 	$lang->string('Moderation/Managment Permissions') => array(
 		'caneditown' => $lang->string('Can Edit Own Bugs'),
-		'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-		'caneditinfo' => $lang->string('Can Edit Bug Information'),
+		'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+		'caneditownreply' => $lang->string('Can Edit Own Comments'),
+		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
 		'canchangestatus' => $lang->string('Can Change Status')
 	)
diff --git a/admin/usergroup.php b/admin/usergroup.php
index d73569f..edb4658 100755
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -41,8 +41,9 @@ $permissions = array(
 	
 	$lang->string('Moderation/Managment Permissions') => array(
 		'caneditown' => $lang->string('Can Edit Own Bugs'),
-		'caneditothers' => $lang->string('Can Edit Others\' Bugs'),
-		'caneditinfo' => $lang->string('Can Edit Bug Information'),
+		'caneditother' => $lang->string('Can Edit Others\' Bugs'),
+		'caneditownreply' => $lang->string('Can Edit Own Comments'),
+		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
 		'canchangestatus' => $lang->string('Can Change Status')
 	),
diff --git a/editcomment.php b/editcomment.php
index 2d7540f..990298c 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -35,7 +35,7 @@ if (!$comment)
 
 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
 
-if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])))
+if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
 {
 	$message->error_permission();
 }
diff --git a/editreport.php b/editreport.php
index eb2b7d9..edd85e7 100644
--- a/editreport.php
+++ b/editreport.php
@@ -26,7 +26,7 @@ $bug = $db->query_first("
 	WHERE bug.bugid = " . intval($bugsys->in['bugid'])
 );
 
-if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) AND !can_perform('canpostcomments', $bug['productid']))
+if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid']))
 {
 	$message->error_permission();
 }
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
 	// -------------------------------------------------------------------
 	// process comment stuff
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
 	{
 		$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
 		
@@ -105,7 +105,7 @@ if ($_POST['do'] == 'update')
 		}
 	}
 	
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])))
+	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
 	{
 		$message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
 	}
diff --git a/includes/init.php b/includes/init.php
index 6209d1e..2a02d45 100755
--- a/includes/init.php
+++ b/includes/init.php
@@ -143,9 +143,9 @@ $_PERMISSION = array(
 	'canpostcomments'	=> 32, // can post new comments
 	'cangetattach'		=> 64, // can dl attachments
 	'canputattach'		=> 128, // can ul attachments
-	'caneditown'		=> 256, // can edit own comments
-	'caneditothers'		=> 512, // can edit others' comments
-	'caneditinfo'		=> 1024, // can edit bug info -- works in conjunction with canedit(own|others)
+	'caneditown'		=> 256, // can edit own bugs
+	'caneditother'		=> 512, // can edit others' bugs
+	'caneditownreply'	=> 1024, // can edit own comments
 	'canassign'			=> 2048, // can assign bug
 	'canchangestatus'	=> 4096, // can change bug status
 	'canadminpanel'		=> 8192, // can view admin panel
@@ -157,7 +157,8 @@ $_PERMISSION = array(
 	'canadminfields'	=> 524288, // can admin custom bug fields
 	'canbeassignedto'	=> 1048576, // can be assigned bugs,
 	'caneditattach'		=> 2097152, // can edit attachments
-	'canviewhidden'		=> 4194304 // can see hidden bugs
+	'canviewhidden'		=> 4194304, // can see hidden bugs
+	'caneditotherreply'	=> 8388608 // can edit other peoples' comments
 );
 
 foreach ($_PERMISSION AS $name => $maskvalue)
diff --git a/showreport.php b/showreport.php
index 5678e93..f930c9a 100644
--- a/showreport.php
+++ b/showreport.php
@@ -67,7 +67,7 @@ if (!can_perform('canviewbugs', $bug['productid']))
 	$message->error_permission();
 }
 
-$show['edit'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR can_perform('caneditothers', $bug['productid'])) AND can_perform('caneditinfo', $bug['productid'])) ? true : false;
+$show['edit'] = ((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid']));
 
 if (!is_array($bug))
 {
@@ -104,6 +104,13 @@ if ($show['edit'])
 		$select['status'] = construct_datastore_select('status', 'status', 'statusid', $bug['status']);
 		$select['resolution'] = construct_datastore_select('resolution', 'resolution', 'resolutionid', $bug['resolution']);		
 	}
+	else
+	{
+		$bug['status'] = $bugsys->datastore['status']["$bug[status]"]['status'];
+		$bug['resolution'] = $bugsys->datastore['resolution']["$bug[resolution]"]['resolution'];
+		$bug['severity'] = $bugsys->datastore['severity']["$bug[severity]"]['severity'];
+		$bug['priority'] = $bugsys->datastore['priority']["$bug[priority]"]['priority'];
+	}
 	
 	$show['assign'] = ((can_perform('canassign', $bug['productid'])) ? true : false);
 	if (can_perform('canassign', $bug['productid']))
@@ -285,7 +292,11 @@ while ($comment = $db->fetch_array($comments_fetch))
 {
 	$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 	$comment['postby'] = construct_user_display($comment);
-	$show['editcomment'] = (((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers', $bug['productid'])) ? true : false);
+	$show['editcomment'] = ((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	
+	$bugsys->debug((int)(can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']));
+	$bugsys->debug((int)(can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	$bugsys->debug($show['editcomment']);
 	
 	if (is_array($hilight))
 	{
diff --git a/templates/showreport_comment.tpl b/templates/showreport_comment.tpl
index 7604d38..8b5080a 100644
--- a/templates/showreport_comment.tpl
+++ b/templates/showreport_comment.tpl
@@ -10,7 +10,7 @@
 		$comment[comment_parsed]
 	</div>
 	
-	<if condition="$show['edit']">
+	<if condition="$show['editcomment']">
 	<div class="box-foot">
 		<span style="float: right">
 			[<a href="editcomment.php?commentid=$comment[commentid]">{@"Edit Comment"}</a>]
-- 
2.22.5


From b1c50198866d4df3ed84ae001358972246e75a5a Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:30:42 +0000
Subject: [PATCH 04/16] r534: Fixing permissions to match the new setup

---
 editreport.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/editreport.php b/editreport.php
index edd85e7..bd4dca7 100644
--- a/editreport.php
+++ b/editreport.php
@@ -52,7 +52,7 @@ if ($_POST['do'] == 'update')
 {
 	// -------------------------------------------------------------------
 	// process comment stuff
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
+	if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])))
 	{
 		$hascomment = (!empty($bugsys->in['comment'])) ? true : false;
 		
@@ -103,10 +103,7 @@ if ($_POST['do'] == 'update')
 				$log->log();
 			}
 		}
-	}
-	
-	if (!(((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditother', $bug['productid'])) AND can_perform('caneditownreply', $bug['productid'])))
-	{
+
 		$message->redirect($lang->string('Your reply has been added to the comment list.'), "showreport.php?bugid=$bug[bugid]");
 	}
 	
-- 
2.22.5


From 411bebb1e34bfc55cf602b1e9b7c766b5a3e60ce Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:33:37 +0000
Subject: [PATCH 05/16] r535: Adding permission checks

---
 viewattachment.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/viewattachment.php b/viewattachment.php
index c6bdc5a..44b30aa 100755
--- a/viewattachment.php
+++ b/viewattachment.php
@@ -24,9 +24,13 @@ if (!$attachment)
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-// #*# permission checks per-bug and hidden bugs
+$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $attachment[bugid]");
+if (($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) OR !can_perform('canviewbugs', $bug['productid']))
+{
+	$message->error_permission();
+}
 
-if (!can_perform('cangetattach') AND !can_perform('caneditattach'))
+if (!can_perform('cangetattach', $bug['productid']) AND !can_perform('caneditattach', $bug['productid']))
 {
 	$message->error_permission();
 }
-- 
2.22.5


From 3aad2acf3a43541d4c33c4bff9c902e9ef2ea87a Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:36:55 +0000
Subject: [PATCH 06/16] r536: If you can't view an attachment, then you can't

---
 viewattachment.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/viewattachment.php b/viewattachment.php
index 44b30aa..23498cc 100755
--- a/viewattachment.php
+++ b/viewattachment.php
@@ -30,7 +30,7 @@ if (($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) OR !ca
 	$message->error_permission();
 }
 
-if (!can_perform('cangetattach', $bug['productid']) AND !can_perform('caneditattach', $bug['productid']))
+if (!can_perform('cangetattach', $bug['productid']))
 {
 	$message->error_permission();
 }
-- 
2.22.5


From 7763be794ed506f573bbc26a8981315f1d30ac55 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 22:42:50 +0000
Subject: [PATCH 07/16] r537: Need to include functions_product.php

---
 editreport.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/editreport.php b/editreport.php
index bd4dca7..8a0fece 100644
--- a/editreport.php
+++ b/editreport.php
@@ -15,6 +15,7 @@ define('SVN', '$Id$');
 $focus['showreport'] = 'focus';
 
 require_once('./global.php');
+require_once('./includes/functions_product.php');
 
 $bug = $db->query_first("
 	SELECT bugvaluefill.*, bug.*, user.email, user.displayname, user.showemail
-- 
2.22.5


From 98a3aef7d9a8c7609cbd898a5ed9dd612148db46 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:21:51 +0000
Subject: [PATCH 08/16] r538: Implemented cansubscribe permission

---
 favourite.php            | 10 +++++-----
 showreport.php           |  2 ++
 templates/showreport.tpl |  2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/favourite.php b/favourite.php
index 174d048..b4e4d8a 100644
--- a/favourite.php
+++ b/favourite.php
@@ -16,11 +16,6 @@ $focus['showreport'] = 'focus';
 
 require_once('./global.php');
 
-if (!$bugsys->userinfo['userid'])
-{
-	$message->error_permission();
-}
-
 // ###################################################################
 
 if (empty($_REQUEST['do']))
@@ -38,6 +33,11 @@ if ($_REQUEST['do'] == 'handle')
 		$message->error($lang->getlex('error_invalid_id'));
 	}
 	
+	if (!can_perform('cansubscribe', $bug['productid']))
+	{
+		$message->error_permission();
+	}
+	
 	if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . intval($bugsys->in['bugid'])))
 	{
 		$db->query("DELETE FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . intval($bugsys->in['bugid']));
diff --git a/showreport.php b/showreport.php
index f930c9a..eb15cb0 100644
--- a/showreport.php
+++ b/showreport.php
@@ -82,6 +82,8 @@ if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 // ###################################################################
 // global display items
 
+$show['subscribe'] = can_perform('cansubscribe', $bug['productid']);
+
 $favourite = (bool)$db->query_first("SELECT * FROM " . TABLE_PREFIX . "favourite WHERE bugid = $bug[bugid] AND userid = " . $bugsys->userinfo['userid']);
 $favouritetext = (($favourite) ? $lang->string('Remove from Favourites') : $lang->string('Add to Favourites'));
 
diff --git a/templates/showreport.tpl b/templates/showreport.tpl
index c73757b..86db0fa 100644
--- a/templates/showreport.tpl
+++ b/templates/showreport.tpl
@@ -35,7 +35,7 @@ $header
 				</if>
 				
 				/ [<a href="showhistory.php?bugid=$bug[bugid]">{@"Show Bug History"}</a>]
-				<if condition="$bugsys->userinfo['userid']">/ [<a href="favourite.php?do=handle&amp;bugid=$bug[bugid]">$favouritetext</a>]</if>
+				<if condition="$show['subscribe']">/ [<a href="favourite.php?do=handle&amp;bugid=$bug[bugid]">$favouritetext</a>]</if>
 			</div>
 		</fieldset>
 		<!-- / bug id & hidden -->
-- 
2.22.5


From c9afb70f4b0dc03fc602fd6718698f6e03ea3ae7 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:35:28 +0000
Subject: [PATCH 09/16] r539: Added permission checking to
 construct_pcv_select()

---
 includes/functions_product.php | 7 ++++++-
 newreport.php                  | 2 +-
 search.php                     | 2 +-
 showreport.php                 | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/includes/functions_product.php b/includes/functions_product.php
index f4b643b..73aa002 100644
--- a/includes/functions_product.php
+++ b/includes/functions_product.php
@@ -13,7 +13,7 @@
 // #################### Start construct_pcv_select ###################
 // constructs a product/component/version select with one go :-)
 // NB: need to make sure we have the option to turn off just p/c selection without v
-function construct_pcv_select($select = '', $prefix = '--')
+function construct_pcv_select($action = 'canviewbugs', $select = '', $prefix = '--')
 {
 	global $bugsys;
 	static $HTML;
@@ -43,6 +43,11 @@ function construct_pcv_select($select = '', $prefix = '--')
 	
 	foreach ($products AS $product)
 	{
+		if (!can_perform($action, $product['productid']) OR !can_perform('canviewbugs', $product['productid']))
+		{
+			continue;
+		}
+		
 		// prefix
 		$valuepfx = "p$product[productid]";
 		
diff --git a/newreport.php b/newreport.php
index 91dde63..9c377f6 100755
--- a/newreport.php
+++ b/newreport.php
@@ -172,7 +172,7 @@ if ($_REQUEST['do'] == 'add')
 		}
 	}
 	
-	$pcv_select = construct_pcv_select();
+	$pcv_select = construct_pcv_select('cansubmitbugs');
 	
 	eval('$template->flush("' . $template->fetch('newreport') . '");');
 }
diff --git a/search.php b/search.php
index 027434c..4808447 100644
--- a/search.php
+++ b/search.php
@@ -304,7 +304,7 @@ if ($_REQUEST['do'] == 'search')
 	
 	if ($newsearch)
 	{
-		$pcv_select = construct_pcv_select('radio', '--');
+		$pcv_select = construct_pcv_select();
 		
 		// -------------------------------------------------------------------
 		// custom fields
diff --git a/showreport.php b/showreport.php
index eb15cb0..60d4ec5 100644
--- a/showreport.php
+++ b/showreport.php
@@ -126,7 +126,7 @@ if ($show['edit'])
 		}
 	}
 	
-	$pcv_select = construct_pcv_select("p$bug[productid]c$bug[componentid]v$bug[versionid]");
+	$pcv_select = construct_pcv_select('canviewbugs', "p$bug[productid]c$bug[componentid]v$bug[versionid]");
 	
 	$firstcomment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "comment WHERE bugid = $bug[bugid] ORDER BY dateline ASC LIMIT 1");
 		
-- 
2.22.5


From 48d86e4da5d5027564c4947127653df9548f5c4d Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:37:08 +0000
Subject: [PATCH 10/16] r540: Check for bug viewing ability in
 parse_pcv_select()

---
 includes/functions_product.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/includes/functions_product.php b/includes/functions_product.php
index 73aa002..e372cb9 100644
--- a/includes/functions_product.php
+++ b/includes/functions_product.php
@@ -214,6 +214,11 @@ function parse_pcv_select($input, $validate = false)
 			}
 		}
 		
+		if (!can_perform('canviewbugs', $product['productid']))
+		{
+			return false;
+		}
+		
 		return $pcv;
 	}
 }
-- 
2.22.5


From 79a6df8101370fb2fe529b5a08a019083134e953 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:40:50 +0000
Subject: [PATCH 11/16] r541: Hidden bug permissions in search.php

---
 search.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/search.php b/search.php
index 4808447..a3f647d 100644
--- a/search.php
+++ b/search.php
@@ -242,9 +242,9 @@ if ($_REQUEST['do'] == 'process')
 		LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugfieldvalue
 			ON (bug.bugid = bugfieldvalue.bugid)
 		WHERE bug.bugid <> 0
-		" . implode("\n\t\t", $querybuild) . ((!can_perform('canviewhidden')) ? "
-		AND !bug.hidden
-		AND !comment.hidden" : "") . "
+		AND bug.productid IN (" . fetch_on_bits('canviewbugs') . ")
+		AND (!bug.hidden OR (bug.hidden AND bug.productid IN (" . fetch_on_bits('canviewhidden') . ")))
+		" . implode("\n\t\t", $querybuild) . "
 		GROUP BY bug.bugid
 		$sortclause";
 	
-- 
2.22.5


From 751e4207fc7d64a15d40d9a52642f5ff7efbbc5d Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 10 Oct 2005 23:47:56 +0000
Subject: [PATCH 12/16] r542: Pseudo-hackish way to make sure we don't keep
 re-grabbing bugs if we don't have permission

---
 search.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/search.php b/search.php
index a3f647d..4fcaebe 100644
--- a/search.php
+++ b/search.php
@@ -242,13 +242,15 @@ if ($_REQUEST['do'] == 'process')
 		LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugfieldvalue
 			ON (bug.bugid = bugfieldvalue.bugid)
 		WHERE bug.bugid <> 0
-		AND bug.productid IN (" . fetch_on_bits('canviewbugs') . ")
-		AND (!bug.hidden OR (bug.hidden AND bug.productid IN (" . fetch_on_bits('canviewhidden') . ")))
+		AND bug.productid IN (#<'ONBITS:VIEW'>#)
+		AND (!bug.hidden OR (bug.hidden AND bug.productid IN (#<'ONBITS:HIDDEN'>#)))
 		" . implode("\n\t\t", $querybuild) . "
 		GROUP BY bug.bugid
 		$sortclause";
 	
-	$search = $db->query($query);
+	$runquery = str_replace(array("#<'ONBITS:VIEW'>#", "#<'ONBITS:HIDDEN'>#"), array(fetch_on_bits('canviewbugs'), fetch_on_bits('canviewhidden')), $query);
+	
+	$search = $db->query($runquery);
 	
 	$numrows = $db->num_rows($search);
 	
@@ -357,7 +359,7 @@ if ($_REQUEST['do'] == 'results')
 		$search = $cachedsearch;
 		if ($search['dateline'] < TIMENOW - 900 OR $bugsys->in['rerun'])
 		{
-			$search = $db->query($search['query']);
+			$search = $db->query(str_replace(array("#<'ONBITS:VIEW'>#", "#<'ONBITS:HIDDEN'>#"), array(fetch_on_bits('canviewbugs'), fetch_on_bits('canviewhidden')), $search['query']));
 			while ($bug = $db->fetch_array($search))
 			{
 				$ids[] = $bug['bugid'];
-- 
2.22.5


From 21c99d53f4c4aea2f90bd6b8b5034e8e8e042891 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Wed, 12 Oct 2005 03:25:40 +0000
Subject: [PATCH 13/16] r543: $lang scope

---
 includes/functions.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/functions.php b/includes/functions.php
index db2de4c..c28af4e 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -33,10 +33,12 @@ function fetch_user_display_name(&$userinfo)
 // key vars are used when you need to get data out of the $label array
 function construct_option_select($name, $array, $selected = 0, $valuekey = '', $labelkey = '', $includenil = false)
 {
+	global $bugsys;
+	
 	// if we're not working on a boolean false, we use it for the value (allows -1 and 0)
 	if ($includenil !== false)
 	{
-		$opts[] = '<option value="' . $includenil . '"' . ((!$selected) ? ' selected="selected"' : '') . '>' . $lang->string('Not Selected') . '</option>';
+		$opts[] = '<option value="' . $includenil . '"' . ((!$selected) ? ' selected="selected"' : '') . '>' . $bugsys->lang->string('Not Selected') . '</option>';
 	}
 	foreach ($array AS $value => $label)
 	{
-- 
2.22.5


From 670edffa33f605a9dc1066c07992994ff874cb96 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Wed, 12 Oct 2005 03:29:39 +0000
Subject: [PATCH 14/16] r544: Need to run nl2br() on the diff

---
 editcomment.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/editcomment.php b/editcomment.php
index 990298c..8d99099 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -86,7 +86,7 @@ if ($_POST['do'] == 'update')
 	$log = new History();
 	$log->bugid = $bug['bugid'];
 	$log->commentid = $comment['commentid'];
-	$log->log($log->diff('text', $comment['comment_parsed'], $bugsys->in['comment_parsed']));
+	$log->log($log->diff('text', $comment['comment_parsed'], nl2br($bugsys->in['comment_parsed'])));
 	$log->log($log->diff('hidden', $comment['hidden'], intval($bugsys->in['hidden'])));
 	
 	$lastgood = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "comment WHERE bugid = $bug[bugid] AND !hidden ORDER BY dateline DESC");
-- 
2.22.5


From c89550a864475ef369823e1d6326e7bd0e2517cd Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Wed, 12 Oct 2005 03:56:52 +0000
Subject: [PATCH 15/16] r545: Styled and cleaned up showhistory.php

---
 showhistory.php             | 23 ++++++-----------------
 templates/history.tpl       |  9 +++++++++
 templates/history_bit.tpl   |  8 +++++---
 templates/history_group.tpl | 23 -----------------------
 4 files changed, 20 insertions(+), 43 deletions(-)
 delete mode 100644 templates/history_group.tpl

diff --git a/showhistory.php b/showhistory.php
index 623433e..05ef0f4 100644
--- a/showhistory.php
+++ b/showhistory.php
@@ -12,7 +12,6 @@
 
 $fetchtemplates = array(
 	'history',
-	'history_group',
 	'history_bit'
 );
 
@@ -71,31 +70,21 @@ ksort($logs);
 
 foreach ($logs AS $dateline => $logitems)
 {
-	$rowspan = 1;
-	$changes = '';
-	$show['changes'] = false;
-	$messages = array();
+	$show['group'] = true;
+	
 	foreach ($logitems AS $log)
 	{
-		$hasvalues = ((empty($log['original']) AND (empty($log['changed']) AND $log['changed'] != '0')) ? false : true);
+		$funct->exec_swap_bg('', $stylevar['alt_colour']);
+		$bgcolour = $funct->bgcolour;
 		
 		if ($newlog = $fieldlist["$log[field]"])
 		{
 			$log['field'] = $newlog;
 		}
 		
-		$show['changes'] = (($hasvalues) ? true : $show['changes']);
-		
-		if ($hasvalues)
-		{
-			$rowspan++;
-			eval('$changes .= "' . $template->fetch('history_bit') . '";');
-		}
+		eval('$history .= "' . $template->fetch('history_bit') . '";');
+		$show['group'] = false;
 	}
-	
-	$log['messages'] = implode("<br />\n", $messages);
-	
-	eval('$history .= "' . $template->fetch('history_group') . '";');
 }
 
 eval('$template->flush("' . $template->fetch('history') . '");');
diff --git a/templates/history.tpl b/templates/history.tpl
index 087c188..5ab20f0 100644
--- a/templates/history.tpl
+++ b/templates/history.tpl
@@ -11,6 +11,15 @@ $header
 
 <h2><lang 1="$bug[summary]" 2="$bug[bugid]">{@"History for <em>%1$s</em> (bugid: %2$s)"}</lang></h2>
 
+<table border="$stylevar[border]" cellspacing="$stylevar[spacing]" cellpadding="$stylevar[padding]px" width="$stylevar[normal_width]">
+<tr class="listinghead">
+	<td>{@"User"}</td>
+	<td>{@"Date"}</td>
+	<td>{@"Field"}</td>
+	<td>{@"Old Value"}</td>
+	<td>{@"New Value"}</td>
+</tr>
 $history
+</table>
 
 $footer
\ No newline at end of file
diff --git a/templates/history_bit.tpl b/templates/history_bit.tpl
index e497075..a85a08a 100644
--- a/templates/history_bit.tpl
+++ b/templates/history_bit.tpl
@@ -1,5 +1,7 @@
-<tr>
+<tr style="vertical-align: top<if condition="$bgcolour">; background-color: $bgcolour</if>">
+	<td width="10%"><if condition="$show['group']">$log[user]<else />&#8627;</if></td>
+	<td width="20%"><if condition="$show['group']">$log[date]<else />&#8627;</if></td>
 	<td width="20%"><em>$log[field]</em></td>
-	<td width="15%">$log[original]</td>
-	<td width="15%">$log[changed]</td>
+	<td width="25%">$log[original]</td>
+	<td width="25%">$log[changed]</td>
 </tr>
diff --git a/templates/history_group.tpl b/templates/history_group.tpl
deleted file mode 100644
index 7e889d1..0000000
--- a/templates/history_group.tpl
+++ /dev/null
@@ -1,23 +0,0 @@
-<div class="tborder" style="padding: 1px">
-	<div class="thead" style="padding: $stylevar[padding]px; margin-bottom: 1px">
-		<span style="float: right">$log[date]</span>
-		$log[user]
-	</div>
-	<div class="tmiddle" style="padding: $stylevar[padding]px">
-		<if condition="$show['changes']">
-		<table cellspacing="$stylevar[spacing]" cellpadding="$stylevar[padding]px" border="$stylevar[border]" width="100%" style="margin-top: 5px">
-		<thead>
-			<tr class="extrabg">
-				<td>{@"Field"}</td>
-				<td>{@"Old Value"}</td>
-				<td>{@"New Value"}</td>
-			</tr>
-		</thead>
-$changes
-		</table>
-		</if>
-	</div>
-</div>
-
-<br />
-
-- 
2.22.5


From d1637b4baa0b68335c387c27845e09b1af816dbe Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Wed, 12 Oct 2005 03:58:31 +0000
Subject: [PATCH 16/16] r546: Additional permission checking

---
 showhistory.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/showhistory.php b/showhistory.php
index 05ef0f4..0b1c985 100644
--- a/showhistory.php
+++ b/showhistory.php
@@ -27,7 +27,7 @@ if (!$bug)
 	$message->error($lang->getlex('error_invalid_id'));
 }
 
-if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
+if (($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid'])) OR !can_perform('canviewbugs', $bug['productid']))
 {
 	$message->error_permission();
 }
-- 
2.22.5