summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2010-02-18 01:13:43 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2010-02-18 01:13:43 +0100
commit9e044b55c14320849fec284fa5452e9385153ec4 (patch)
tree8d228fb51a2eb162de951d15a19895850f641763 /Bugzilla
parent56cb0704b45b7bd7457bbf3e4da69f9384d1c261 (diff)
downloadbugzilla-9e044b55c14320849fec284fa5452e9385153ec4.tar.gz
bugzilla-9e044b55c14320849fec284fa5452e9385153ec4.tar.xz
Bug 533018: "Confirm match" displays full email address to logged-out users in request.cgi
r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/User.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 240fcfcdb..7dd86f301 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1066,7 +1066,8 @@ sub match {
# first try wildcards
my $wildstr = $str;
- if ($wildstr =~ s/\*/\%/g) { # don't do wildcards if no '*' in the string
+ # Do not do wildcards if there is no '*' in the string.
+ if ($wildstr =~ s/\*/\%/g && $user->id) {
# Build the query.
trick_taint($wildstr);
my $query = "SELECT DISTINCT userid FROM profiles ";
@@ -1101,7 +1102,7 @@ sub match {
}
# then try substring search
- if (!scalar(@users) && length($str) >= 3) {
+ if (!scalar(@users) && length($str) >= 3 && $user->id) {
trick_taint($str);
my $query = "SELECT DISTINCT userid FROM profiles ";