summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-01-29 22:22:19 +0100
committermkanat%bugzilla.org <>2009-01-29 22:22:19 +0100
commitfc293fbd39f14308fbccd0cf9b523664ae813761 (patch)
tree2eff5448dfbcf0fb0a0671fad80da0752db8f727 /Bugzilla
parent25e6018ac8a6cf1a99b299fe60ce6c5b1e1d61e6 (diff)
downloadbugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.gz
bugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.xz
Bug 219021: Only display email addresses to logged-in users
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/DB.pm25
-rw-r--r--Bugzilla/Template.pm2
-rw-r--r--Bugzilla/Util.pm22
3 files changed, 49 insertions, 0 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 377f83930..81a720ee5 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -342,6 +342,12 @@ sub sql_string_concat {
return '(' . join(' || ', @params) . ')';
}
+sub sql_string_until {
+ my ($self, $string, $substring) = @_;
+ return "SUBSTRING($string FROM 1 FOR " .
+ $self->sql_position($substring, $string) . " - 1)";
+}
+
sub sql_in {
my ($self, $column_name, $in_list_ref) = @_;
return " $column_name IN (" . join(',', @$in_list_ref) . ") ";
@@ -1811,6 +1817,25 @@ Formatted SQL for concatenating specified strings
=back
+=item C<sql_string_until>
+
+=over
+
+=item B<Description>
+
+Returns SQL for truncating a string at the first occurrence of a certain
+substring.
+
+=item B<Params>
+
+Note that both parameters need to be sql-quoted.
+
+=item C<$string> The string we're truncating
+
+=item C<$substring> The substring we're truncating at.
+
+=back
+
=item C<sql_fulltext_search>
=over
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 03a9df827..688c53386 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -664,6 +664,8 @@ sub create {
html_light => \&Bugzilla::Util::html_light_quote,
+ email => \&Bugzilla::Util::email_filter,
+
# iCalendar contentline filter
ics => [ sub {
my ($context, @args) = @_;
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 991bfedc1..01f824c5b 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -53,6 +53,7 @@ use Date::Format;
use DateTime;
use DateTime::TimeZone;
use Digest;
+use Email::Address;
use Scalar::Util qw(tainted);
use Text::Wrap;
@@ -170,6 +171,20 @@ sub html_light_quote {
}
}
+sub email_filter {
+ my ($toencode) = @_;
+ if (!Bugzilla->user->id) {
+ my @emails = Email::Address->parse($toencode);
+ if (scalar @emails) {
+ my @hosts = map { quotemeta($_->host) } @emails;
+ my $hosts_re = join('|', @hosts);
+ $toencode =~ s/\@(?:$hosts_re)//g;
+ return $toencode;
+ }
+ }
+ return $toencode;
+}
+
# This originally came from CGI.pm, by Lincoln D. Stein
sub url_quote {
my ($toencode) = (@_);
@@ -638,6 +653,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
html_quote($var);
url_quote($var);
xml_quote($var);
+ email_filter($var);
# Functions for decoding
$rv = url_decode($var);
@@ -755,6 +771,12 @@ is kept separate from html_quote partly for compatibility with previous code
Converts the %xx encoding from the given URL back to its original form.
+=item C<email_filter>
+
+Removes the hostname from email addresses in the string, if the user
+currently viewing Bugzilla is logged out. If the user is logged-in,
+this filter just returns the input string.
+
=back
=head2 Environment and Location