summaryrefslogtreecommitdiffstats
path: root/template/en/default/email
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-07-26 23:01:12 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2012-07-26 23:01:12 +0200
commit4eb4a65a1a945e558086603e75b367bc7bd1d971 (patch)
tree4dec8749aac061a667ccf0a504995eab6ae4618e /template/en/default/email
parent6bdf0f7971bd726b803858dce8326b9af9c62b48 (diff)
downloadbugzilla-4eb4a65a1a945e558086603e75b367bc7bd1d971.tar.gz
bugzilla-4eb4a65a1a945e558086603e75b367bc7bd1d971.tar.xz
Bug 777398: (CVE-2012-1968) [SECURITY] HTML bugmail exposes information about restricted bugs
r=glob a=LpSolit
Diffstat (limited to 'template/en/default/email')
-rw-r--r--template/en/default/email/bugmail.html.tmpl21
1 files changed, 11 insertions, 10 deletions
diff --git a/template/en/default/email/bugmail.html.tmpl b/template/en/default/email/bugmail.html.tmpl
index cfb5a64e4..5d31d27a0 100644
--- a/template/en/default/email/bugmail.html.tmpl
+++ b/template/en/default/email/bugmail.html.tmpl
@@ -20,12 +20,12 @@
[% FOREACH comment = new_comments.reverse %]
<div>
[% IF comment.count %]
- <b>[% "Comment # ${comment.count}" FILTER bug_link( bug,
- {comment_num => comment.count, full_url => 1}) FILTER none %]
- on [% "$terms.bug $bug.id" FILTER bug_link( bug, { full_url => 1 }) FILTER none %]
+ <b>[% "Comment # ${comment.count}" FILTER bug_link(bug,
+ {comment_num => comment.count, full_url => 1, user => to_user}) FILTER none %]
+ on [% "$terms.bug $bug.id" FILTER bug_link(bug, { full_url => 1, user => to_user }) FILTER none %]
from [% INCLUDE global/user.html.tmpl who = comment.author %]</b>
[% END %]
- <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment) %]</pre>
+ <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment, to_user) %]</pre>
</div>
[% END %]
</p>
@@ -58,13 +58,14 @@
[% SET in_table = 0 %]
[% END %]
[% IF change.blocker %]
- [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %] depends
- on [% "${terms.bug} ${change.blocker.id}"
- FILTER bug_link(change.blocker, full_url => 1) FILTER none %],
+ [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
+ depends on
+ [%+ "${terms.bug} ${change.blocker.id}"
+ FILTER bug_link(change.blocker, {full_url => 1, user => to_user}) FILTER none %],
which changed state.
[% ELSE %]
- [% INCLUDE global/user.html.tmpl who = change.who %]
- changed [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %]
+ [% INCLUDE global/user.html.tmpl who = change.who %] changed
+ [%+ "${terms.bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
[% END %]
<br>
[% IF in_table == 0 %]
@@ -88,7 +89,7 @@
<th>[% field_label FILTER html %]</th>
<td>
[% IF change.field_name == "bug_id" %]
- [% new_value FILTER bug_link(bug, full_url => 1) FILTER none %]
+ [% new_value FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
[% ELSE %]
[% new_value FILTER html %]
[% END %]