diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2010-02-18 01:13:43 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2010-02-18 01:13:43 +0100 |
| commit | 9e044b55c14320849fec284fa5452e9385153ec4 (patch) | |
| tree | 8d228fb51a2eb162de951d15a19895850f641763 /Bugzilla | |
| parent | 56cb0704b45b7bd7457bbf3e4da69f9384d1c261 (diff) | |
| download | bugzilla-9e044b55c14320849fec284fa5452e9385153ec4.tar.gz bugzilla-9e044b55c14320849fec284fa5452e9385153ec4.tar.xz | |
Bug 533018: "Confirm match" displays full email address to logged-out users in request.cgi
r/a=mkanat
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/User.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 240fcfcdb..7dd86f301 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1066,7 +1066,8 @@ sub match { # first try wildcards my $wildstr = $str; - if ($wildstr =~ s/\*/\%/g) { # don't do wildcards if no '*' in the string + # Do not do wildcards if there is no '*' in the string. + if ($wildstr =~ s/\*/\%/g && $user->id) { # Build the query. trick_taint($wildstr); my $query = "SELECT DISTINCT userid FROM profiles "; @@ -1101,7 +1102,7 @@ sub match { } # then try substring search - if (!scalar(@users) && length($str) >= 3) { + if (!scalar(@users) && length($str) >= 3 && $user->id) { trick_taint($str); my $query = "SELECT DISTINCT userid FROM profiles "; |