Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent assignment of categories to non-handler users
manage_proj_cat_update.php did not perform the necessary checks on the provided user id (assigned_to parameter), allowing users with an access level below handle_bug_threshold to be assigned to a category, and subsequently to bugs created in that category. Also added a check to ensure the provided user id is valid. As suggested by @atrol, the checks are performed in Category API. Fixes #27268
- Loading branch information