Bug 189835 - Email addresses of the reporter, assignee and QA contact available to logged out users when using the "Format for printing" UI
Email addresses of the reporter, assignee and QA contact available to logged ...
Status: CLOSED NEXTRELEASE
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
3.2
All Linux
medium Severity low (vote)
: ---
: ---
Assigned To: Noura El hawary
David Lawrence
https://bugzilla.redhat.com/bugzilla/...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-24 19:23 EDT by Frédéric Buclin
Modified: 2008-09-24 10:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-24 10:41:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix login name display in bug long listing (1.01 KB, patch)
2008-09-22 00:56 EDT, Noura El hawary
dkl: review-
Details | Diff
patch with cc list dsiplaying realnames and loginnames (1.61 KB, patch)
2008-09-23 14:18 EDT, Noura El hawary
dkl: review+
Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 219021 None None None Never

  None (edit)
Description Frédéric Buclin 2006-04-24 19:23:06 EDT
The protection to prevent email addresses from being displayed to logged out
users is not perfect. When viewing a bug in the "format for printing" mode, you
can see the email addresses (in the "header") of the reporter, assignee and QA
contact. E.g.:

https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=170519

I can read:
Assigned To:   	dkl@redhat.com  	 Reported By:   	bressers@redhat.com  	 QA
Contact:   	dkl@redhat.com

Note that we haven't fixed this problem on Bugzilla yet.
Comment 1 David Lawrence 2008-09-16 12:54:25 EDT
Red Hat Bugzilla is now using version 3.2 of the Bugzilla codebase and therefore this bug will need to be re-verified against the new release. With the updated code this bug may no longer be relevant or may have been fixed in the new code.
Updating bug version to 3.2.
Comment 2 Takanori MATSUURA 2008-09-16 21:02:36 EDT
Cc list is also available.

URL of "format for printing" is changed to
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=189835
Comment 3 Noura El hawary 2008-09-22 00:56:11 EDT
Created attachment 317337 [details]
patch to fix login name display in bug long listing

Hi Dave,

This is a patch to display users realnames only when users are not logged in in the long bug listing format. Please take a look when you can.

Thanks,
Noura
Comment 4 David Lawrence 2008-09-22 14:22:26 EDT
Comment on attachment 317337 [details]
patch to fix login name display in bug long listing

Cc list members are still shown with the login names when user is not logged in. Please also have that display real names only or omit the Cc list section.

Thanks
Dave
Comment 5 Noura El hawary 2008-09-23 14:18:53 EDT
Created attachment 317504 [details]
patch with cc list dsiplaying realnames and loginnames

Thanks for the review Dave, here is another version of the patch with the cclist fixed in the bug long listing format.

Noura
Comment 6 David Lawrence 2008-09-23 17:26:59 EDT
Comment on attachment 317504 [details]
patch with cc list dsiplaying realnames and loginnames

>+        [% FOREACH c = bug.cc_users %]
>+          [%# REDHAT EXTENSION START 189835 %]
>+          [% IF user.id %]
>+            [% c.login FILTER html %][% ", " IF not loop.last() %]
>+          [% ELSE %]
>+            [% c.name FILTER html %][% ", " IF not loop.last() %]
>+          [% END %]
>+          [%# REDHAT EXTENSION END 189835 %]
>         [% END %]

Nit: To be cleaner, put the [% IF not loop.last() %] in it's own block like this:

[% FOREACH c = bug.cc_users %]
  [%# REDHAT EXTENSION START 189835 %]
  [% IF NOT loop.last() %]
    [% IF user.id %]
      [% c.login FILTER html %]
    [% ELSE %]
      [% c.name FILTER html %]
    [% END %]
  [% END %]
  [%# REDHAT EXTENSION END 189835 %]
[% END %]

After that, please check this in.

Thanks
Dave
Comment 7 Noura El hawary 2008-09-24 10:41:21 EDT
Thanks for the review Dave committed the patch to cvs with your suggestions.

Noura

Note You need to log in before you can comment on or make changes to this bug.