Bug 935871: Don't show email address without logged in

2 files changed, 50 insertions, 37 deletions

diff --git a/extensions/UserProfile/Extension.pm b/extensions/UserProfile/Extension.pm
index 9e8eadb97..673c0c2a1 100644
--- a/extensions/UserProfile/Extension.pm
+++ b/extensions/UserProfile/Extension.pm
@@ -277,24 +277,33 @@ sub page_before_template {
     return unless $page eq 'user_profile.html';
     my $user = Bugzilla->user;
 
-    # check login
-    my $target;
+    # determine user to display
+    my ($target, $login);
     my $input = Bugzilla->input_params;
-    my $limit = Bugzilla->params->{'maxusermatches'} + 1;
-    my $login = $input->{login};
-    if (!$login) {
-        $target = Bugzilla->login(LOGIN_REQUIRED);
-        $login = $target->login;
+    if (my $user_id = $input->{user_id}) {
+        # load from user_id
+        $user_id = 0 if $user_id =~ /\D/;
+        $target = Bugzilla::User->check({ id => $user_id });
     } else {
-        my $users = Bugzilla::User::match($login, $limit, 1);
-        if (scalar(@$users) == 1) {
-            # always allow singular matches without confirmation
-            $target = $users->[0];
+        # loading from login name requires authentication
+        Bugzilla->login(LOGIN_REQUIRED);
+        $login = $input->{login};
+        if (!$login) {
+            # show current user's profile by default
+            $target = $user;
         } else {
-            Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
-            $target = Bugzilla::User->check($login);
+            my $limit = Bugzilla->params->{'maxusermatches'} + 1;
+            my $users = Bugzilla::User::match($login, $limit, 1);
+            if (scalar(@$users) == 1) {
+                # always allow singular matches without confirmation
+                $target = $users->[0];
+            } else {
+                Bugzilla::User::match_field({ 'login' => {'type' => 'single'} });
+                $target = Bugzilla::User->check($login);
+            }
         }
     }
+    $login ||= $target->login;
 
     # load statistics into $vars
     my $dbh = Bugzilla->switch_to_shadow_db;
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index f1107bd6a..aabc42db2 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -18,29 +18,31 @@
 
 <table id="user_profile_table">
 
-<tr>
-  <td>&nbsp;</td>
-  <th>Search</th>
-  <td colspan="2">
-    <form action="user_profile">
-      [% INCLUDE global/userselect.html.tmpl
-        id => "login"
-        name => "login"
-        value => login
-        size => 40
-        emptyok => 0
-      %]
-      &nbsp;&nbsp;<input type="submit" value="Show">
-    </form>
-  </td>
-</tr>
+[% IF user.id %]
+  <tr>
+    <td>&nbsp;</td>
+    <th>Search</th>
+    <td colspan="2">
+      <form action="user_profile">
+        [% INCLUDE global/userselect.html.tmpl
+          id => "login"
+          name => "login"
+          value => login
+          size => 40
+          emptyok => 0
+        %]
+        &nbsp;&nbsp;<input type="submit" value="Show">
+      </form>
+    </td>
+  </tr>
 
-<tr>
-  <td colspan="4" class="separator"><hr></td>
-</tr>
+  <tr>
+    <td colspan="4" class="separator"><hr></td>
+  </tr>
+[% END %]
 
 <tr>
-  <td rowspan="16" id="gravatar-container">
+  <td rowspan="[% user.id ? 16 : 15 %]" id="gravatar-container">
     [% IF user.gravatar %]
       <img id="gravatar" src="[% target.gravatar(256) FILTER none %]" width="128" height="128"><br>
       [% IF target.id == user.id %]
@@ -54,10 +56,12 @@
   <td colspan="2">[% target.name FILTER html %]</td>
 </tr>
 
-<tr>
-  <th>Email</th>
-  <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
-</tr>
+[% IF user.id %]
+  <tr>
+    <th>Email</th>
+    <td colspan="2"><a href="mailto:[% target.login FILTER uri %]">[% target.login FILTER html %]</a></td>
+  </tr>
+[% END %]
 
 <tr>
   <td>&nbsp;</td>