function bugs_has_access($bug_id, $bug, $pw, $user_flags) { global $auth_user; if ($bug['private'] != 'Y') { return true; } // When the bug is private, only the submitter, trusted devs, security devs and assigned dev // should see the report info if ($user_flags & (BUGS_SECURITY_DEV | BUGS_TRUSTED_DEV)) { // trusted and security dev return true; } else { if ($user_flags == BUGS_NORMAL_USER && $pw != '' && verify_bug_passwd($bug_id, bugs_get_hash($pw))) { // The submitter return true; } else { if ($user_flags & BUGS_DEV_USER && $bug['reporter_name'] != '' && strtolower($bug['reporter_name']) == strtolower($auth_user->handle)) { // The submitter (php developer) return true; } else { if ($user_flags & BUGS_DEV_USER && $bug['assign'] != '' && strtolower($bug['assign']) == strtolower($auth_user->handle)) { // The assigned dev return true; } } } } return false; }
mark_related_bugs($_POST['in']['commentemail'], $_POST['in']['name'], $ncomment); } while (false); $from = spam_protect($_POST['in']['commentemail'], 'text'); } else { $from = ''; } } elseif (isset($_POST['ncomment']) && isset($_POST['preview']) && $edit == 3) { $ncomment = trim($_POST['ncomment']); // primitive spam detection if (is_spam($ncomment)) { $errors[] = "Please do not SPAM our bug system."; } $from = $_POST['in']['commentemail']; } elseif (isset($_POST['in']) && !isset($_POST['preview']) && $edit == 2) { // Edits submitted by original reporter for old bugs if (!$show_bug_info || !verify_bug_passwd($bug_id, bugs_get_hash($pw))) { $errors[] = 'The password you supplied was incorrect.'; } // Bug is private (just should be available to trusted developers, original reporter and assigned dev) if (!$show_bug_info && $bug['private'] == 'Y') { response_header('Private report'); display_bug_error("The bug #{$bug_id} is not available to public"); response_footer(); exit; } // Just trusted dev can change the package name of a Security related bug to another package if ($bug['private'] == 'Y' && !$is_security_developer && $bug['bug_type'] == 'Security' && $_POST['in']['bug_type'] != $bug['bug_type']) { $errors[] = 'You cannot change the bug type of a Security bug!'; } $ncomment = trim($_POST['ncomment']); if (!$ncomment) {