From 033ca7a49c822c65e66e4a35182564af5d076f9c Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 21 Aug 2006 00:31:10 +0000
Subject: [PATCH] r1110: In showreport.php, $bug[product] is converted into a
 string, but a lot of can_perform()s are called using that value, so we copy
 it before we convert it into $bug[productid] and use that. This fixes
 permission checks across the board... er file.

---
 docs/changes.txt |  1 +
 showreport.php   | 17 +++++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index d0adfd2..466f87c 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -16,6 +16,7 @@
 - Fixed a bug that would cause searching to result in a SQL error
 - Added better checking of hidden bugs for the favorites list
 - Better permissions checking in vote.php, viewattachment.php, attachment.php, showhistory.php, and favorite.php
+- Fixed numerous permission checks in showreport.php
 
 1.1.0 Beta 1
 ==================
diff --git a/showreport.php b/showreport.php
index bf1c699..ced7bb5 100644
--- a/showreport.php
+++ b/showreport.php
@@ -208,6 +208,7 @@ $favoritetext = ($favorite ? _('Remove from Favorites') : _('Add to Favorites'))
 
 $bug['userinfo'] = construct_user_display($bug);
 $bug['datetime'] = $datef->format($bugsys->options['dateformat'], $bug['dateline']);
+$bug['productid'] = $bug['product'];
 $bug['product'] = $bugsys->datastore['product']["$bug[product]"]['title'];
 $bug['component'] = ($bug['component'] ? $bugsys->datastore['product']["$bug[component]"]['title'] : '');
 $bug['version'] = $bugsys->datastore['version']["$bug[version]"]['version'];
@@ -247,8 +248,8 @@ foreach ($words AS $word)
 
 // -------------------------------------------------------------------
 // attachments
-$show['getattachments'] = ((can_perform('cangetattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false);
-$show['putattachments'] = ((can_perform('canputattach', $bug['product']) OR can_perform('caneditattach', $bug['product'])) ? true : false);
+$show['getattachments'] = ((can_perform('cangetattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
+$show['putattachments'] = ((can_perform('canputattach', $bug['productid']) OR can_perform('caneditattach', $bug['productid'])) ? true : false);
 $show['attachments'] = ($show['getattachments'] OR $show['putattachments']) ? true : false;
 
 if ($show['getattachments'] OR $show['putattachments'])
@@ -269,7 +270,7 @@ if ($show['getattachments'] OR $show['putattachments'])
 	while ($attachment = $db->fetch_array($attachments_fetch))
 	{
 		$attaches = true;
-		$show['editattach'] = ((can_perform('caneditattach', $bug['product']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['product']))) ? true : false);
+		$show['editattach'] = ((can_perform('caneditattach', $bug['productid']) OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach', $bug['productid']))) ? true : false);
 		$attachment['date'] = $datef->format($bugsys->options['dateformat'], $attachment['dateline']);
 		$attachment['user'] = construct_user_display($attachment, false);
 		eval('$attachments .= "' . $template->fetch('showreport_attachment') . '";');
@@ -304,7 +305,7 @@ $comments_fetch = $db->query("
 	FROM " . TABLE_PREFIX . "comment AS comment
 	LEFT JOIN " . TABLE_PREFIX . "user AS user
 		ON (comment.userid = user.userid)
-	WHERE comment.bugid = $bug[bugid]" . (!can_perform('canviewhidden', $bug['product']) ? "
+	WHERE comment.bugid = $bug[bugid]" . (!can_perform('canviewhidden', $bug['productid']) ? "
 		AND !hidden" : '') . "
 	ORDER BY comment.dateline ASC"
 );
@@ -312,10 +313,10 @@ while ($comment = $db->fetch_array($comments_fetch))
 {
 	$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 	$comment['postby'] = construct_user_display($comment);
-	$show['editcomment'] = ((can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	$show['editcomment'] = ((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
 	
-	$bugsys->debug('can edit own replies: ' . (int)(can_perform('caneditownreply', $bug['product']) AND $bugsys->userinfo['userid'] == $comment['userid']));
-	$bugsys->debug('can edit other replies:' . (int)(can_perform('caneditotherreply', $bug['product']) AND $bugsys->userinfo['userid'] != $comment['userid']));
+	$bugsys->debug('can edit own replies: ' . (int)(can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']));
+	$bugsys->debug('can edit other replies:' . (int)(can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid']));
 	$bugsys->debug('$show[editcomment]: ' . $show['editcomment']);
 	
 	if (is_array($hilight))
@@ -331,7 +332,7 @@ while ($comment = $db->fetch_array($comments_fetch))
 	eval('$comments .= "' . $template->fetch('showreport_comment') . '";');
 }
 
-$show['newreply'] = (can_perform('canpostcomments', $bug['product']) ? true : false);
+$show['newreply'] = (can_perform('canpostcomments', $bug['productid']) ? true : false);
 
 $bug['summary_title'] = $bug['summary'];
 if (is_array($hilight) AND !$show['edit'])
-- 
2.22.5