From f4ada870c290ab612c9215a688fdfc5c25595ab4 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 30 May 2005 09:15:07 +0000
Subject: [PATCH] r216: - Don't search hidden bugs and comments if we can't see
 them - Fixed an obsecure bug that showed multiple bug hits if we had multiple
 matches in comments (resoloved with a "GROUP BY bug.bugid" clause in the
 master query

---
 search.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/search.php b/search.php
index 699b57c..439b195 100644
--- a/search.php
+++ b/search.php
@@ -183,8 +183,11 @@ if ($_REQUEST['do'] == 'results')
 		LEFT JOIN user AS user2
 			ON (bug.lastpostby = user2.userid)
 		WHERE bug.bugid <> 0
-			" . implode("\n\t\t\t", $querybuild) . "
-		$sortclause"
+			" . implode("\n\t\t\t", $querybuild) . ((!can_perform('canviewhidden')) ? "
+		AND !bug.hidden
+		AND !comment.hidden" : "") . "
+		$sortclause
+		GROUP BY bug.bugid"
 	);
 		
 	$numrows = $db->num_rows($search);
-- 
2.22.5