saving a bug entry form as a bookmarkable template creates an url containing an entry for priority, even if the letsubmitterchoosepriority param is off. Also, if the param is off and the user submits a bug containing that param in the url, the param is honored and the param can be set to something that is not the default (and perhaps invalid? - don't test this on b.m.o, you wise guys). We have letsubmitterchoosepriority off and just changed our default priority to '--' and now people who use bug templates are submitting bugs with the old default priority (P3).

until bugzilla is fixed, the workaround for this is to get people who you see submitting P3 bugs to go to a fresh bug enter form and save a new template.

-> New Bugzilla Product

Is letsubmitterchoosepriority such a key security feature that we need to fix every last hole in it? This is not worth the effort of fixing IMO. Gerv

gerv: probably not, but it is a bug, and since it has a trivial fix, lets just fix it. It is probably possible to file a fixed bug, though, looking at the code, if you have canedit or canconfirm. I'll take this (to fix that, too), but won't do so until bug 119715 gets a second review, because the fix will involve extending those checks a bit.

OK, Brad, bug 119715 is fixed now... where do we stand with this one?

Patch is on bug 107743

Fixed by bug 107743 checkin.