Red Hat Bugzilla – Bug 427268
Email address of assignee available to logged out users when using the "Show dependency tree" UI
Last modified: 2013-06-24 00:18:52 EDT
showdependencytree.cgi exposes mail addresses when the query is made by a user
who is not logged in. I think the general intent is to replace addresses with
names, as buglist.cgi does, so I'm filing the bug.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. curl -k 'https://bugzilcom/showdependencytree.cgi?id=235705'
Email addresses are listed.
Assignees should be listed by name.
This is similar to bug #189835.
Oh, of course my copy/paste fu is lacking. The reproducer command should be
curl -k 'https://bugzilla.redhat.com/showdependencytree.cgi?id=235705'
Verified this is the case. Taking.
Created attachment 290675 [details]
Patch for showdependencytree.cgi to hide email addresses if non-logged in user is viewing (v1)
Submitting patch for review by bugzilla developers.
Fix should now be live on production and verified working. Please reopen this if