Fix access denied when reporter re-opens issue

Fixes #19648 Fixes #19649
mantisbt · Apr 25, 2015 · f591e7b · f591e7b
1 parent dd843d1
commit f591e7b
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 29 deletions.
diff --git a/bug_change_status_page.php b/bug_change_status_page.php
@@ -78,15 +78,15 @@
 }
 
 $f_new_status = gpc_get_int( 'new_status' );
-$f_reopen_flag = gpc_get_int( 'reopen_flag', OFF );
+$f_change_type = gpc_get_string( 'change_type', BUG_UPDATE_TYPE_CHANGE_STATUS );
 
 $t_reopen = config_get( 'bug_reopen_status', null, null, $t_bug->project_id );
 $t_resolved = config_get( 'bug_resolved_status_threshold', null, null, $t_bug->project_id );
 $t_closed = config_get( 'bug_closed_status_threshold', null, null, $t_bug->project_id );
 $t_current_user_id = auth_get_current_user_id();
 
 # Ensure user has proper access level before proceeding
-if( $f_new_status == $t_reopen && $f_reopen_flag ) {
+if( $f_new_status == $t_reopen && $f_change_type == BUG_UPDATE_TYPE_REOPEN ) {
 	access_ensure_can_reopen_bug( $t_bug, $t_current_user_id );
 } else if( $f_new_status == $t_closed ) {
 	access_ensure_can_close_bug( $t_bug, $t_current_user_id );
@@ -327,7 +327,7 @@
 }
 ?>
 <?php event_signal( 'EVENT_UPDATE_BUG_STATUS_FORM', array( $f_bug_id ) ); ?>
-<?php if( ON == $f_reopen_flag ) { ?>
+<?php if( $f_change_type == BUG_UPDATE_TYPE_REOPEN ) { ?>
 <!-- Bug was re-opened -->
 <?php
 	printf( '	<input type="hidden" name="resolution" value="%s" />' . "\n", config_get( 'bug_reopen_resolution' ) );
@@ -388,7 +388,7 @@
 			</tr>
 		</tbody>
 	</table>
-	<input type="hidden" name="action_type" value="<?php echo BUG_UPDATE_TYPE_CLOSE; ?>" />
+	<input type="hidden" name="action_type" value="<?php echo $f_change_type; ?>" />
 </form>
 
 </div>

diff --git a/bug_update.php b/bug_update.php
@@ -67,29 +67,12 @@
 $t_existing_bug = bug_get( $f_bug_id, true );
 $f_update_type = gpc_get_string( 'action_type', BUG_UPDATE_TYPE_NORMAL );
 
+$t_current_user_id = auth_get_current_user_id();
+
 if( helper_get_current_project() !== $t_existing_bug->project_id ) {
 	$g_project_override = $t_existing_bug->project_id;
 }
 
-$t_reporter_closing =
-	( $f_update_type == BUG_UPDATE_TYPE_CLOSE ) &&
-	bug_is_user_reporter( $f_bug_id, auth_get_current_user_id() ) &&
-	config_get( 'allow_reporter_close' ) == ON;
-
-if ( !$t_reporter_closing ) {
-	# Ensure that the user has permission to update bugs. This check also factors
-	# in whether the user has permission to view private bugs. The
-	# $g_limit_reporters option is also taken into consideration.
-	access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
-
-	# Check if the bug is in a read-only state and whether the current user has
-	# permission to update read-only bugs.
-	if( bug_is_readonly( $f_bug_id ) ) {
-		error_parameters( $f_bug_id );
-		trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
-	}
-}
-
 $t_updated_bug = clone $t_existing_bug;
 
 $t_updated_bug->additional_information = gpc_get_string( 'additional_information', $t_existing_bug->additional_information );
@@ -155,6 +138,30 @@
 	$t_reopen_issue = true;
 }
 
+$t_reporter_closing =
+	( $f_update_type == BUG_UPDATE_TYPE_CLOSE ) &&
+	bug_is_user_reporter( $f_bug_id, $t_current_user_id ) &&
+	access_can_close_bug( $t_existing_bug, $t_current_user_id );
+
+$t_reporter_reopening =
+	( ( $f_update_type == BUG_UPDATE_TYPE_REOPEN ) || $t_reopen_issue ) &&
+	bug_is_user_reporter( $f_bug_id, $t_current_user_id ) &&
+	access_can_reopen_bug( $t_existing_bug, $t_current_user_id );
+
+if ( !$t_reporter_reopening && !$t_reporter_closing ) {
+	# Ensure that the user has permission to update bugs. This check also factors
+	# in whether the user has permission to view private bugs. The
+	# $g_limit_reporters option is also taken into consideration.
+	access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
+
+	# Check if the bug is in a read-only state and whether the current user has
+	# permission to update read-only bugs.
+	if( bug_is_readonly( $f_bug_id ) ) {
+		error_parameters( $f_bug_id );
+		trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
+	}
+}
+
 # If resolving or closing, ensure that all dependant issues have been resolved.
 if( ( $t_resolve_issue || $t_close_issue ) &&
 	 !relationship_can_resolve_bug( $f_bug_id ) ) {
@@ -172,13 +179,13 @@
 		$t_can_bypass_status_access_thresholds = false;
 		if( $t_close_issue &&
 		     $t_existing_bug->status >= $t_resolved_status &&
-		     $t_existing_bug->reporter_id === auth_get_current_user_id() &&
+		     $t_existing_bug->reporter_id === $t_current_user_id &&
 		     config_get( 'allow_reporter_close' ) ) {
 			$t_can_bypass_status_access_thresholds = true;
 		} else if( $t_reopen_issue &&
 		            $t_existing_bug->status >= $t_resolved_status &&
 		            $t_existing_bug->status <= $t_closed_status &&
-		            $t_existing_bug->reporter_id === auth_get_current_user_id() &&
+		            $t_existing_bug->reporter_id === $t_current_user_id &&
 		            config_get( 'allow_reporter_reopen' ) ) {
 			$t_can_bypass_status_access_thresholds = true;
 		}
@@ -346,8 +353,8 @@
 	 config_get( 'reassign_on_feedback' ) &&
 	 $t_existing_bug->status === config_get( 'bug_feedback_status' ) &&
 	 $t_updated_bug->status !== $t_existing_bug->status &&
-	 $t_updated_bug->handler_id !== auth_get_current_user_id() &&
-	 $t_updated_bug->reporter_id === auth_get_current_user_id() ) {
+	 $t_updated_bug->handler_id !== $t_current_user_id &&
+	 $t_updated_bug->reporter_id === $t_current_user_id ) {
 	if( $t_updated_bug->handler_id !== NO_USER ) {
 		$t_updated_bug->status = config_get( 'bug_assigned_status' );
 	} else {

diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -223,6 +223,8 @@
 define( 'BUG_UPDATE_TYPE_NORMAL', 'update' );
 define( 'BUG_UPDATE_TYPE_ASSIGN', 'assign' );
 define( 'BUG_UPDATE_TYPE_CLOSE', 'close' );
+define( 'BUG_UPDATE_TYPE_REOPEN', 'reopen' );
+define( 'BUG_UPDATE_TYPE_CHANGE_STATUS', 'change_status' );
 
 # error messages
 define( 'ERROR_GENERIC', 0 );

diff --git a/core/html_api.php b/core/html_api.php
@@ -1554,6 +1554,7 @@ function html_button_bug_change_status( BugData $p_bug ) {
 
 		$t_bug_id = string_attribute( $p_bug->id );
 		echo '<input type="hidden" name="id" value="' . $t_bug_id . '" />' . "\n";
+		echo '<input type="hidden" name="change_type" value="' . BUG_UPDATE_TYPE_CHANGE_STATUS . '" />' . "\n";
 
 		echo '</form>' . "\n";
 	}
@@ -1688,7 +1689,7 @@ function html_button_bug_reopen( BugData $p_bug ) {
 		html_button(
 			'bug_change_status_page.php',
 			lang_get( 'reopen_bug_button' ),
-			array( 'id' => $p_bug->id, 'new_status' => $t_reopen_status, 'reopen_flag' => ON ) );
+			array( 'id' => $p_bug->id, 'new_status' => $t_reopen_status, 'change_type' => BUG_UPDATE_TYPE_REOPEN ) );
 	}
 }
 
@@ -1706,7 +1707,7 @@ function html_button_bug_close( BugData $p_bug ) {
 		html_button(
 			'bug_change_status_page.php',
 			lang_get( 'close_bug_button' ),
-			array( 'id' => $p_bug->id, 'new_status' => $t_closed_status ) );
+			array( 'id' => $p_bug->id, 'new_status' => $t_closed_status, 'change_type' => BUG_UPDATE_TYPE_CLOSE ) );
 	}
 }