aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2004-07-06 08:12:29 +0000
committerbugreport%peshkin.net <>2004-07-06 08:12:29 +0000
commit73fd49ff3bbff6244802ba548bb22c2be39014e1 (patch)
treef7b78fde82e5557d604de9282d19c235dfc3dea1 /chart.cgi
parentBug 249862: remove duplicate </tr> from login page (diff)
downloadbugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.gz
bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.tar.bz2
bugzilla-73fd49ff3bbff6244802ba548bb22c2be39014e1.zip
Bug 243463 Use a param to protect new charts from leaking information
r=justdave a=justdave
Diffstat (limited to 'chart.cgi')
-rwxr-xr-xchart.cgi4
1 files changed, 4 insertions, 0 deletions
diff --git a/chart.cgi b/chart.cgi
index 229e9bbf7..b6f7f746b 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -84,6 +84,10 @@ if ($action eq "search") {
Bugzilla->login(LOGIN_REQUIRED);
+UserInGroup(Param("chartgroup"))
+ || ThrowUserError("authorization_failure",
+ {action => "use this feature"});
+
# Only admins may create public queries
UserInGroup('admin') || $cgi->delete('public');