Bug 427268 - Email address of assignee available to logged out users when using the "Show dependency tree" UI
Email address of assignee available to logged out users when using the "Show ...
Status: CLOSED CURRENTRELEASE
Product: Bugzilla
Classification: Community
Component: Dependency Views (Show other bugs)
2.18
All Linux
medium Severity medium (vote)
: ---
: ---
Assigned To: David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-02 11:16 EST by Nalin Dahyabhai
Modified: 2013-06-24 00:18 EDT (History)
0 users

See Also:
Fixed In Version: 2.18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-03 16:25:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1) (5.32 KB, patch)
2008-01-02 13:39 EST, David Lawrence
no flags Details | Diff

  None (edit)
Description Nalin Dahyabhai 2008-01-02 11:16:34 EST
showdependencytree.cgi exposes mail addresses when the query is made by a user
who is not logged in.  I think the general intent is to replace addresses with
names, as buglist.cgi does, so I'm filing the bug.

Version-Release number of selected component (if applicable):
2.18

How reproducible:
Always

Steps to Reproduce:
1. curl -k 'https://bugzilcom/showdependencytree.cgi?id=235705'
  
Actual results:
Email addresses are listed.

Expected results:
Assignees should be listed by name.

Additional info:
This is similar to bug #189835.
Comment 1 Nalin Dahyabhai 2008-01-02 11:17:42 EST
Oh, of course my copy/paste fu is lacking.  The reproducer command should be
  curl -k 'https://bugzilla.redhat.com/showdependencytree.cgi?id=235705'
Comment 2 David Lawrence 2008-01-02 12:42:45 EST
Verified this is the case. Taking.
Comment 3 David Lawrence 2008-01-02 13:39:47 EST
Created attachment 290675 [details]
Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1)

Submitting patch for review by bugzilla developers.
Comment 4 David Lawrence 2008-01-03 16:25:15 EST
Fix should now be live on production and verified working. Please reopen this if
not satisfactory.

Note You need to log in before you can comment on or make changes to this bug.