Prevent sending reminders to unauthorized users

Adds a check in bug_reminder.php to ensure that all the recipients have
the required access level to receive them (reminder_receive_threshold).

Fixes #27276

bug_reminder.php

@@ -74,15 +74,24 @@
 	trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
 }
 
+# Abort if user is not authorized to send reminders
 access_ensure_bug_level( config_get( 'bug_reminder_threshold' ), $f_bug_id );
 
+# Ensure target users are allowed to receive reminders
+$t_receive_reminder = config_get( 'reminder_receive_threshold' );
+foreach( $f_to as $t_recipient ) {
+	if( !access_has_bug_level( $t_receive_reminder, $f_bug_id, $t_recipient ) ) {
+		trigger_error( ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS, ERROR );
+	}
+}
+
 # Automatically add recipients to monitor list if they are above the monitor
 # threshold, option is enabled, and not reporter or handler.
 $t_reminder_recipients_monitor_bug = config_get( 'reminder_recipients_monitor_bug' );
 $t_monitor_bug_threshold = config_get( 'monitor_bug_threshold' );
 $t_handler = bug_get_field( $f_bug_id, 'handler_id' );
 $t_reporter = bug_get_field( $f_bug_id, 'reporter_id' );
-foreach ( $f_to as $t_recipient ) {
+foreach( $f_to as $t_recipient ) {
 	if( ON == $t_reminder_recipients_monitor_bug
 		&& access_has_bug_level( $t_monitor_bug_threshold, $f_bug_id )
 		&& $t_recipient != $t_handler
@@ -118,7 +127,6 @@
 form_security_purge( 'bug_reminder' );
 
 layout_page_header( null, string_get_bug_view_url( $f_bug_id ) );
-
 layout_page_begin();
 
 $t_redirect = string_get_bug_view_url( $f_bug_id );