Exemple #1
0
function bugs_has_access($bug_id, $bug, $pw, $user_flags)
{
    global $auth_user;
    if ($bug['private'] != 'Y') {
        return true;
    }
    // When the bug is private, only the submitter, trusted devs, security devs and assigned dev
    // should see the report info
    if ($user_flags & (BUGS_SECURITY_DEV | BUGS_TRUSTED_DEV)) {
        // trusted and security dev
        return true;
    } else {
        if ($user_flags == BUGS_NORMAL_USER && $pw != '' && verify_bug_passwd($bug_id, bugs_get_hash($pw))) {
            // The submitter
            return true;
        } else {
            if ($user_flags & BUGS_DEV_USER && $bug['reporter_name'] != '' && strtolower($bug['reporter_name']) == strtolower($auth_user->handle)) {
                // The submitter (php developer)
                return true;
            } else {
                if ($user_flags & BUGS_DEV_USER && $bug['assign'] != '' && strtolower($bug['assign']) == strtolower($auth_user->handle)) {
                    // The assigned dev
                    return true;
                }
            }
        }
    }
    return false;
}
Exemple #2
0
            mark_related_bugs($_POST['in']['commentemail'], $_POST['in']['name'], $ncomment);
        } while (false);
        $from = spam_protect($_POST['in']['commentemail'], 'text');
    } else {
        $from = '';
    }
} elseif (isset($_POST['ncomment']) && isset($_POST['preview']) && $edit == 3) {
    $ncomment = trim($_POST['ncomment']);
    // primitive spam detection
    if (is_spam($ncomment)) {
        $errors[] = "Please do not SPAM our bug system.";
    }
    $from = $_POST['in']['commentemail'];
} elseif (isset($_POST['in']) && !isset($_POST['preview']) && $edit == 2) {
    // Edits submitted by original reporter for old bugs
    if (!$show_bug_info || !verify_bug_passwd($bug_id, bugs_get_hash($pw))) {
        $errors[] = 'The password you supplied was incorrect.';
    }
    // Bug is private (just should be available to trusted developers, original reporter and assigned dev)
    if (!$show_bug_info && $bug['private'] == 'Y') {
        response_header('Private report');
        display_bug_error("The bug #{$bug_id} is not available to public");
        response_footer();
        exit;
    }
    // Just trusted dev can change the package name of a Security related bug to another package
    if ($bug['private'] == 'Y' && !$is_security_developer && $bug['bug_type'] == 'Security' && $_POST['in']['bug_type'] != $bug['bug_type']) {
        $errors[] = 'You cannot change the bug type of a Security bug!';
    }
    $ncomment = trim($_POST['ncomment']);
    if (!$ncomment) {