diff options
| author |   bugreport%peshkin.net <> | 2004-07-06 08:12:29 +0000 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2004-07-06 08:12:29 +0000 |
| commit | 73fd49ff3bbff6244802ba548bb22c2be39014e1 (patch) | |
| tree | f7b78fde82e5557d604de9282d19c235dfc3dea1 /chart.cgi | |
| parent | Bug 249862: remove duplicate </tr> from login page (diff) | |
| download | bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.gz bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.bz2 bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.zip | |
Bug 243463 Use a param to protect new charts from leaking information
r=justdave
a=justdave
Diffstat (limited to 'chart.cgi')
| -rwxr-xr-x | chart.cgi | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -84,6 +84,10 @@ if ($action eq "search") { Bugzilla->login(LOGIN_REQUIRED); +UserInGroup(Param("chartgroup")) + || ThrowUserError("authorization_failure", + {action => "use this feature"}); + # Only admins may create public queries UserInGroup('admin') || $cgi->delete('public'); |