diff options
author | David Lawrence <dkl@mozilla.com> | 2014-08-26 08:46:42 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-08-26 08:46:42 +0200 |
commit | fe5deaa737630825b6012487ee5bc583d3c17343 (patch) | |
tree | 6a6b2cd499544ea5381d784368dd340d6464cd13 | |
parent | d5c1d67198505cc72845d512628852ace9ce799e (diff) | |
download | bugzilla-fe5deaa737630825b6012487ee5bc583d3c17343.tar.gz bugzilla-fe5deaa737630825b6012487ee5bc583d3c17343.tar.xz |
Bug 1058355: bugzilla.mozilla.org leaks emails to logged out users in "Latest Activity" search URLs
-rw-r--r-- | extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl | 78 |
1 files changed, 47 insertions, 31 deletions
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl index b7f7e56f2..ba2c4ab57 100644 --- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl +++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl @@ -92,9 +92,11 @@ <tr> <th>Last activity</th> <td colspan="2"> - <a href="page.cgi?id=user_activity.html&action=run&who=[% target.login FILTER uri %]&from=-4w"> - [% target.last_activity_ts FILTER time %] - </a> + [% IF user.id %] + <a href="page.cgi?id=user_activity.html&action=run&who=[% target.login FILTER uri %]&from=-4w"> + [% END %] + [% target.last_activity_ts FILTER time %] + [% "</a>" IF user.id %] </td> </tr> @@ -123,30 +125,36 @@ <td> </td> <th>Review requests</th> <td class="numeric"> - <a href="request.cgi?action=queue&type=review&requestee=[% target.login FILTER uri %]&group=type" - target="_blank"> - [% target.review_request_count FILTER html %] - </a> + [% IF user.id %] + <a href="request.cgi?action=queue&type=review&requestee=[% target.login FILTER uri %]&group=type" + target="_blank"> + [% END %] + [% target.review_request_count FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> <td> </td> <th>Feedback requests</th> <td class="numeric"> - <a href="request.cgi?action=queue&type=feedback&requestee=[% target.login FILTER uri %]&group=type" - target="_blank"> - [% target.feedback_request_count FILTER html %] - </a> + [% IF user.id %] + <a href="request.cgi?action=queue&type=feedback&requestee=[% target.login FILTER uri %]&group=type" + target="_blank"> + [% END %] + [% target.feedback_request_count FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> <td> </td> <th>Needinfo requests</th> <td class="numeric"> - <a href="request.cgi?action=queue&type=needinfo&requestee=[% target.login FILTER uri %]&group=type" - target="_blank"> - [% target.needinfo_request_count FILTER html %] - </a> + [% IF user.id %] + <a href="request.cgi?action=queue&type=needinfo&requestee=[% target.login FILTER uri %]&group=type" + target="_blank"> + [% END %] + [% target.needinfo_request_count FILTER html %] + [% "</a>" IF user.id %] </td> </tr> [% END %] @@ -162,10 +170,12 @@ <td> </td> <th>[% terms.Bugs %] filed</th> <td class="numeric"> - <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailreporter1=1&email1=[% target.login FILTER uri %]" - target="_blank"> - [% stats.bugs_filed || 0 FILTER html %] - </a> + [% IF user.id %] + <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailreporter1=1&email1=[% target.login FILTER uri %]" + target="_blank"> + [% END %] + [% stats.bugs_filed || 0 FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> @@ -177,30 +187,36 @@ <td> </td> <th>Assigned to</th> <td class="numeric"> - <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailassigned_to1=1&email1=[% target.login FILTER uri %]" - target="_blank"> - [% stats.assigned || 0 FILTER html %] - </a> + [% IF user.id %] + <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailassigned_to1=1&email1=[% target.login FILTER uri %]" + target="_blank"> + [% END %] + [% stats.assigned || 0 FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> <td> </td> <th>Commented on</th> <td class="numeric"> - <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emaillongdesc1=1&email1=[% target.login FILTER uri %]" - target="_blank"> - [% stats.commented_on || 0 FILTER html %] - </a> + [% IF user.id %] + <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emaillongdesc1=1&email1=[% target.login FILTER uri %]" + target="_blank"> + [% END %] + [% stats.commented_on || 0 FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> <td> </td> <th>QA-Contact</th> <td class="numeric"> - <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailqa_contact1=1&email1=[% target.login FILTER uri %]" - target="_blank"> - [% stats.qa_contact || 0 FILTER html %] - </a> + [% IF user.id %] + <a href="buglist.cgi?query_format=advanced&emailtype1=exact&emailqa_contact1=1&email1=[% target.login FILTER uri %]" + target="_blank"> + [% END %] + [% stats.qa_contact || 0 FILTER html %] + [% "</a>" IF user.id %] </td> </tr> <tr> |