427268 – Email address of assignee available to logged out users when using the "Show dependency tree" UI

Bug 427268 - Email address of assignee available to logged out users when using the "Show dependency tree" UI

Summary: Email address of assignee available to logged out users when using the "Show ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Bugzilla
Classification:	Community
Component:	Dependency Views
Sub Component:
Version:	2.18
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-01-02 16:16 UTC by Nalin Dahyabhai
Modified:	2013-06-24 04:18 UTC (History)
CC List:	0 users
Fixed In Version:	2.18
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-03 21:25:15 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1) (5.32 KB, patch) 2008-01-02 18:39 UTC, David Lawrence	no flags	Details \| Diff
View All

Description Nalin Dahyabhai 2008-01-02 16:16:34 UTC

showdependencytree.cgi exposes mail addresses when the query is made by a user
who is not logged in.  I think the general intent is to replace addresses with
names, as buglist.cgi does, so I'm filing the bug.

Version-Release number of selected component (if applicable):
2.18

How reproducible:
Always

Steps to Reproduce:
1. curl -k 'https://bugzilcom/showdependencytree.cgi?id=235705'
  
Actual results:
Email addresses are listed.

Expected results:
Assignees should be listed by name.

Additional info:
This is similar to bug #189835.

Comment 1 Nalin Dahyabhai 2008-01-02 16:17:42 UTC

Oh, of course my copy/paste fu is lacking.  The reproducer command should be
  curl -k 'https://bugzilla.redhat.com/showdependencytree.cgi?id=235705'

Comment 2 David Lawrence 2008-01-02 17:42:45 UTC

Verified this is the case. Taking.

Comment 3 David Lawrence 2008-01-02 18:39:47 UTC

Created attachment 290675 [details]
Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1)

Submitting patch for review by bugzilla developers.

Comment 4 David Lawrence 2008-01-03 21:25:15 UTC

Fix should now be live on production and verified working. Please reopen this if
not satisfactory.

Note You need to log in before you can comment on or make changes to this bug.