diff options
| author | mkanat%bugzilla.org <> | 2009-01-29 22:22:19 +0100 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2009-01-29 22:22:19 +0100 |
| commit | fc293fbd39f14308fbccd0cf9b523664ae813761 (patch) | |
| tree | 2eff5448dfbcf0fb0a0671fad80da0752db8f727 /Bugzilla | |
| parent | 25e6018ac8a6cf1a99b299fe60ce6c5b1e1d61e6 (diff) | |
| download | bugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.gz bugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.xz | |
Bug 219021: Only display email addresses to logged-in users
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/DB.pm | 25 | ||||
| -rw-r--r-- | Bugzilla/Template.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/Util.pm | 22 |
3 files changed, 49 insertions, 0 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 377f83930..81a720ee5 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -342,6 +342,12 @@ sub sql_string_concat { return '(' . join(' || ', @params) . ')'; } +sub sql_string_until { + my ($self, $string, $substring) = @_; + return "SUBSTRING($string FROM 1 FOR " . + $self->sql_position($substring, $string) . " - 1)"; +} + sub sql_in { my ($self, $column_name, $in_list_ref) = @_; return " $column_name IN (" . join(',', @$in_list_ref) . ") "; @@ -1811,6 +1817,25 @@ Formatted SQL for concatenating specified strings =back +=item C<sql_string_until> + +=over + +=item B<Description> + +Returns SQL for truncating a string at the first occurrence of a certain +substring. + +=item B<Params> + +Note that both parameters need to be sql-quoted. + +=item C<$string> The string we're truncating + +=item C<$substring> The substring we're truncating at. + +=back + =item C<sql_fulltext_search> =over diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 03a9df827..688c53386 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -664,6 +664,8 @@ sub create { html_light => \&Bugzilla::Util::html_light_quote, + email => \&Bugzilla::Util::email_filter, + # iCalendar contentline filter ics => [ sub { my ($context, @args) = @_; diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 991bfedc1..01f824c5b 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -53,6 +53,7 @@ use Date::Format; use DateTime; use DateTime::TimeZone; use Digest; +use Email::Address; use Scalar::Util qw(tainted); use Text::Wrap; @@ -170,6 +171,20 @@ sub html_light_quote { } } +sub email_filter { + my ($toencode) = @_; + if (!Bugzilla->user->id) { + my @emails = Email::Address->parse($toencode); + if (scalar @emails) { + my @hosts = map { quotemeta($_->host) } @emails; + my $hosts_re = join('|', @hosts); + $toencode =~ s/\@(?:$hosts_re)//g; + return $toencode; + } + } + return $toencode; +} + # This originally came from CGI.pm, by Lincoln D. Stein sub url_quote { my ($toencode) = (@_); @@ -638,6 +653,7 @@ Bugzilla::Util - Generic utility functions for bugzilla html_quote($var); url_quote($var); xml_quote($var); + email_filter($var); # Functions for decoding $rv = url_decode($var); @@ -755,6 +771,12 @@ is kept separate from html_quote partly for compatibility with previous code Converts the %xx encoding from the given URL back to its original form. +=item C<email_filter> + +Removes the hostname from email addresses in the string, if the user +currently viewing Bugzilla is logged out. If the user is logged-in, +this filter just returns the input string. + =back =head2 Environment and Location |