From 10095f2fef15fe1e591001d8cb3cceac5fcc10a6 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 24 Aug 2005 23:28:00 +0000 Subject: [PATCH] r368: Added in permission checks for updates --- editreport.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/editreport.php b/editreport.php index 530221c..de2f70c 100644 --- a/editreport.php +++ b/editreport.php @@ -152,16 +152,16 @@ if ($_POST['do'] == 'update') $dependencies = preg_split('#([^0-9].*?)#', $bugsys->in['dependency'], -1, PREG_SPLIT_NO_EMPTY); $dependencies = ((count($dependencies) < 1) ? '' : implode(', ', $dependencies)); - // #*# need to put in permission checks here because we do not show the fields the user has no permission to change in the edit section so they'll be blank on update - $db->query(" UPDATE " . TABLE_PREFIX . "bug SET summary = '" . $bugsys->in['summary'] . "', - priority = " . intval($bugsys->in['priority']) . ", - status = " . intval($bugsys->in['status']) . ", - severity = " . intval($bugsys->in['severity']) . ", - resolution = " . intval($bugsys->in['resolution']) . ", - assignedto = " . intval($bugsys->in['assignedto']) . ", + severity = " . intval($bugsys->in['severity']) . "," . + (can_perform('canchangestatus') ? " + priority = " . intval($bugsys->in['priority']) . ", + status = " . intval($bugsys->in['status']) . ", + resolution = " . intval($bugsys->in['resolution']) . "," + : '') . " + " . (can_perform('canassign') ? "assignedto = " . intval($bugsys->in['assignedto']) . "," . : '') . " duplicateof = " . intval($bugsys->in['duplicateof']) . ", dependency = '$dependencies', productid = " . $pcv['product'] . ", @@ -261,6 +261,8 @@ if ($_POST['do'] == 'update') $log->allowempty = false; + // ------------------------------------------------------------------- + // more comment $hascomment = (!empty($bugsys->in['comment'])) ? true : false; if ($hascomment OR $autoaction['comment']) -- 2.22.5