php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch bugsweb-security.diff for Website problem Bug #60989Patch version 2012-05-07 20:59 UTC Return to Bug #60989 | Download this patchThis patch renders other patches obsolete Obsolete patches:
Developer: tyrael@php.netdiff --git a/include/functions.php b/include/functions.php index 30f0af7..ae9597b 100644 --- a/include/functions.php +++ b/include/functions.php @@ -117,6 +117,10 @@ function bugs_has_access ($bug_id, $bug, $pw, $user_flags) } else if (($user_flags == BUGS_NORMAL_USER) && $pw != '' && verify_bug_passwd($bug_id, $pw)) { // The submitter return true; + } else if (($user_flags & BUGS_DEV_USER) && $bug['reporter_name'] != '' && + strtolower($bug['reporter_name']) == strtolower($auth_user->handle)) { + // The submitter (php developer) + return true; } else if (($user_flags & BUGS_DEV_USER) && $bug['assign'] != '' && strtolower($bug['assign']) == strtolower($auth_user->handle)) { // The assigned dev diff --git a/www/bug.php b/www/bug.php index 5d37606..6e6bb3c 100644 --- a/www/bug.php +++ b/www/bug.php @@ -605,6 +605,9 @@ switch ($thanks) display_bug_error($errors); +if (!$show_bug_info) { + echo '<div id="bugheader"></div>'; +} else{ ?> <div id="bugheader"> <table id="details"> @@ -668,7 +671,9 @@ display_bug_error($errors); </table> </div> -<?php if ($bug_id !== 'PREVIEW') { +<?php +} +if ($bug_id !== 'PREVIEW') { echo '<div class="controls">', "\n", control(0, 'View'), ($bug['private'] == 'N' ? control(3, 'Add Comment') : ''), @@ -750,7 +755,10 @@ if ($edit == 1 || $edit == 2) { ?> <form id="update" action="bug.php?id=<?php echo $bug_id; ?>&edit=<?php echo $edit; ?>" method="post"> <?php if ($edit == 2) { - if (!isset($_POST['in']) && $pw && verify_bug_passwd($bug['id'], bugs_get_hash($pw))) { + if ($logged_in && $show_bug_info) { + // do nothing if the user is logged in and has access to the bug + + } elseif (!isset($_POST['in']) && $pw && verify_bug_passwd($bug['id'], bugs_get_hash($pw))) { $show_bug_info = true; ?> <div class="explain"> Welcome back! Since you opted to store your bug's password in a @@ -811,7 +819,7 @@ if ($edit == 1 || $edit == 2) { ?> ?> <table> -<?php if ($edit == 1) { /* Developer Edit Form */ ?> +<?php if ($edit == 1 && $show_bug_info) { /* Developer Edit Form */ ?> <tr> <th class="details"><label for="in" accesskey="c">Qui<span class="accesskey">c</span>k Fix:</label></th> <td colspan="3"> |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Sat Dec 28 10:01:31 2024 UTC |