summaryrefslogtreecommitdiffstats
path: root/extensions/UserProfile
diff options
context:
space:
mode:
authorByron Jones <bjones@mozilla.com>2013-11-14 06:57:00 +0100
committerByron Jones <bjones@mozilla.com>2013-11-14 06:57:00 +0100
commit3a33309b066d919f8a6e2d312b538e556894b079 (patch)
tree028625c7e0dfc9044e967d391de2d82500c973dc /extensions/UserProfile
parentf0b87357bf6dbd419ae137b4d3c395125b3a740c (diff)
downloadbugzilla-3a33309b066d919f8a6e2d312b538e556894b079.tar.gz
bugzilla-3a33309b066d919f8a6e2d312b538e556894b079.tar.xz
Bug 935871: Don't show email address without logged in
Diffstat (limited to 'extensions/UserProfile')
-rw-r--r--extensions/UserProfile/Extension.pm35
-rw-r--r--extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl52
2 files changed, 50 insertions, 37 deletions
diff --git a/extensions/UserProfile/Extension.pm b/extensions/UserProfile/Extension.pm
index 9e8eadb97..673c0c2a1 100644
--- a/extensions/UserProfile/Extension.pm
+++ b/extensions/UserProfile/Extension.pm
@@ -277,24 +277,33 @@ sub page_before_template {
return unless $page eq 'user_profile.html';
my $user = Bugzilla->user;
- # check login
- my $target;
+ # determine user to display
+ my ($target, $login);
my $input = Bugzilla->input_params;
- my $limit = Bugzilla->params->{'maxusermatches'} + 1;
- my $login = $input->{login};
- if (!$login) {
- $target = Bugzilla->login(LOGIN_REQUIRED);
- $login = $target->login;
+ if (my $user_id = $input->{user_id}) {
+ # load from user_id
+ $user_id = 0 if $user_id =~ /\D/;
+ $target = Bugzilla::User->check({ id => $user_id });
} else {
- my $users = Bugzilla::User::match($login, $limit, 1);
- if (scalar(@$users) == 1) {
- # always allow singular matches without confirmation
- $target = $users->[0];
+ # loading from login name requires authentication
+ Bugzilla->login(LOGIN_REQUIRED);
+ $login = $input->{login};
+ if (!$login) {
+ # show current user's profile by default
+ $target = $user;
} else {
- Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
- $target = Bugzilla::User->check($login);
+ my $limit = Bugzilla->params->{'maxusermatches'} + 1;
+ my $users = Bugzilla::User::match($login, $limit, 1);
+ if (scalar(@$users) == 1) {
+ # always allow singular matches without confirmation
+ $target = $users->[0];
+ } else {
+ Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
+ $target = Bugzilla::User->check($login);
+ }
}
}
+ $login ||= $target->login;
# load statistics into $vars
my $dbh = Bugzilla->switch_to_shadow_db;
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index f1107bd6a..aabc42db2 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -18,29 +18,31 @@
<table id="user_profile_table">
-<tr>
- <td>&nbsp;</td>
- <th>Search</th>
- <td colspan="2">
- <form action="user_profile">
- [% INCLUDE global/userselect.html.tmpl
- id => "login"
- name => "login"
- value => login
- size => 40
- emptyok => 0
- %]
- &nbsp;&nbsp;<input type="submit" value="Show">
- </form>
- </td>
-</tr>
+[% IF user.id %]
+ <tr>
+ <td>&nbsp;</td>
+ <th>Search</th>
+ <td colspan="2">
+ <form action="user_profile">
+ [% INCLUDE global/userselect.html.tmpl
+ id => "login"
+ name => "login"
+ value => login
+ size => 40
+ emptyok => 0
+ %]
+ &nbsp;&nbsp;<input type="submit" value="Show">
+ </form>
+ </td>
+ </tr>
-<tr>
- <td colspan="4" class="separator"><hr></td>
-</tr>
+ <tr>
+ <td colspan="4" class="separator"><hr></td>
+ </tr>
+[% END %]
<tr>
- <td rowspan="16" id="gravatar-container">
+ <td rowspan="[% user.id ? 16 : 15 %]" id="gravatar-container">
[% IF user.gravatar %]
<img id="gravatar" src="[% target.gravatar(256) FILTER none %]" width="128" height="128"><br>
[% IF target.id == user.id %]
@@ -54,10 +56,12 @@
<td colspan="2">[% target.name FILTER html %]</td>
</tr>
-<tr>
- <th>Email</th>
- <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
-</tr>
+[% IF user.id %]
+ <tr>
+ <th>Email</th>
+ <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
+ </tr>
+[% END %]
<tr>
<td>&nbsp;</td>