Bug 447765 - Sanitize email addresses from bug reports, attachments, activity for non-logged-in users
Sanitize email addresses from bug reports, attachments, activity for non-logg...
Status: CLOSED NEXTRELEASE
Product: Bugzilla
Classification: Community
Component: User Interface (Show other bugs)
3.2
All Linux
low Severity low (vote)
: ---
: ---
Assigned To: David Lawrence
:
: 447677 (view as bug list)
Depends On:
Blocks: RHBZ30UpgradeTracker
  Show dependency treegraph
 
Reported: 2008-05-21 13:48 EDT by David Lawrence
Modified: 2013-06-24 00:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-29 11:35:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to sanitize email addresses for anonymous users (v1) (17.79 KB, patch)
2008-05-21 16:54 EDT, David Lawrence
no flags Details | Diff
Patch to sanitize email addresses for anonymous users (v2) (20.28 KB, patch)
2008-05-23 17:54 EDT, David Lawrence
nelhawar: review+
dkl: review? (kbaker)
Details | Diff
patch to fix bugzilla.getBug and bugzilla.getProdCompDetails (6.33 KB, patch)
2008-05-28 22:24 EDT, Noura El hawary
dkl: review+
Details | Diff

  None (edit)
Description David Lawrence 2008-05-21 13:48:47 EDT
Currently the 2.18 stable system does a lot to try and filter out email
addresses on pages displayable by anonymous users. I thought 3.2 already and
similar functionality but was mistaken. 

Working on a patch to filter out email addresses for anonymous users in our 3.2
based system now.

Dave
Comment 1 David Lawrence 2008-05-21 16:54:52 EDT
Created attachment 306312 [details]
Patch to sanitize email addresses for anonymous users (v1)

Attaching patch to sanitize email addresses for anonymous users. Please look it
over for any issues. Also I may have missed some places where email addresses
occur so please let me know if you find other places.

Thanks
Dave
Comment 2 David Lawrence 2008-05-21 16:58:09 EDT
*** Bug 447677 has been marked as a duplicate of this bug. ***
Comment 3 Noura El hawary 2008-05-22 00:41:23 EDT
Hi Dave ,,

The patch looks good and i think it covered all places,, however it is giving me
an error in the buglist.cgi as the following:

The custom sort order specified in your cookie contains an invalid column name
map_assigned_to.login_name. The cookie has been cleared.

It has to do with the columns hash that you changed in Bugzilla/Search.pm

other than that it is working perfectly everywhere else

Thanks,
Noura
Comment 4 David Lawrence 2008-05-23 17:54:20 EDT
Created attachment 306553 [details]
Patch to sanitize email addresses for anonymous users (v2)

Thanks for the review Noura. Attaching a new patch the fixes the order
cookie/formvar to properly remap map_*.login_name to map_*.realname if the user
is not logged in. This should get rid of the error that you were getting.

Please review

Thanks
Dave
Comment 5 David Lawrence 2008-05-28 12:54:35 EDT
Committed to CVS. Want to get this in thursdays update.

Dave
Comment 6 Noura El hawary 2008-05-28 22:22:00 EDT
Comment on attachment 306553 [details]
Patch to sanitize email addresses for anonymous users (v2)

Hi Dave,

Sorry for the late review the patch looks good, and that error now disappeared,
however there were couple of things for the webservice interface i am attaching
a patch for that.

Noura
Comment 7 Noura El hawary 2008-05-28 22:24:49 EDT
Created attachment 307006 [details]
patch to fix bugzilla.getBug and bugzilla.getProdCompDetails

Attached is a patch to make some modification to bugzilla.getBug basically i
made use of the %items hash that was not used properly and deleted the
login_name from the comments if the user was not logged in. also made a little
fix to the bugzilla.getProdCompDetails where it was using wrong key name for
the realnames.

Please review.

Thanks,
Noura
Comment 8 David Lawrence 2008-05-29 00:09:12 EDT
Comment on attachment 307006 [details]
patch to fix bugzilla.getBug and bugzilla.getProdCompDetails

>     foreach my $key ( keys %custom_field_return_map ) {
>         my $field = $custom_field_return_map{$key};
>-        $bug->{$key} = $bug->{$field} if defined $bug->{$field};
>+        $item{$key} = $bug->{$field} if defined $bug->{$field};
>         delete $bug->{$field};
>     }

Looks good Noura. Works as expected.

Nit-pick: Do we need to do the 'delete $bug->{$field};' anymore since you are
no longer returning $bug? Otherwise harmless.

Feel free to check in.
Dave
Comment 9 Noura El hawary 2008-05-29 00:24:36 EDT
cool i have deleted that line Dave and committed to cvs.

Thanks,
Noura
Comment 10 David Lawrence 2008-05-29 11:35:47 EDT
Pushed to partner-bugzilla. Closing.

Dave
Comment 11 David Lawrence 2009-02-23 14:03:53 EST
*** Bug 486766 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.