Bug 1064140: [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group

r=glob,a=glob
author: Simon Green <sgreen@redhat.com> 2014-10-06 16:42:40 +0200
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 16:42:40 +0200
commit: 976dc12e4ed769bc02ffeb2be03bb1720e885135 (patch)
tree: ad7644c6ef1a2b5bea253e007f7166cfb37bfd28 /template/en/default/request
parent: 6d6b39029b7d2c24b17496fcdf8abdd080b59b55 (diff)
download: bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.gz
bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.xz
1 files changed, 8 insertions, 5 deletions
diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index 65946a1e1..54bed2e25 100644
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -80,11 +80,14 @@ Attachment [% attidsummary %]
 
 [%- FILTER bullet = wrap(80) %]
 
-[% USE Bugzilla %]
-[%-# .defined is necessary to avoid a taint issue in Perl < 5.10.1, see bug 509794. %]
-[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
-------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
+[% FOREACH comment = new_comments %]
+
+[%- IF comment.count %]
+--- Comment #[% comment.count %] from [% comment.author.identity %] ---
+[% ELSE %]
+--- Description ---
+[% END %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
 [% END %]
 
 [%- END %]
author	Simon Green <sgreen@redhat.com>	2014-10-06 16:42:40 +0200
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 16:42:40 +0200
commit	976dc12e4ed769bc02ffeb2be03bb1720e885135 (patch)
tree	ad7644c6ef1a2b5bea253e007f7166cfb37bfd28 /template/en/default/request
parent	6d6b39029b7d2c24b17496fcdf8abdd080b59b55 (diff)
download	bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.gz bugzilla-976dc12e4ed769bc02ffeb2be03bb1720e885135.tar.xz