diff options
author | Simon Green <sgreen@redhat.com> | 2014-10-06 16:49:38 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 16:49:38 +0200 |
commit | fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d (patch) | |
tree | 01b1eeaeeecd240a743cb280e2dbf101ad2aac37 /template | |
parent | f33b119d68d21074d08a6bd72f960319276e182b (diff) | |
download | bugzilla-fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d.tar.gz bugzilla-fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d.tar.xz |
Bug 1064140: [SECURITY] Private comments can be shown to flagmail recipients who aren't in the insider group
r=glob,a=glob
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/email/flagmail.txt.tmpl | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/template/en/default/email/flagmail.txt.tmpl b/template/en/default/email/flagmail.txt.tmpl index d0e1395e2..cf64d9661 100644 --- a/template/en/default/email/flagmail.txt.tmpl +++ b/template/en/default/email/flagmail.txt.tmpl @@ -68,11 +68,14 @@ Attachment [% attidsummary %] [%- FILTER bullet = wrap(80) %] -[% USE Bugzilla %] -[%-# .defined is necessary to avoid a taint issue, see bug 509794. %] -[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %] -------- Additional Comments from [% user.identity %] -[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %] +[% FOREACH comment = new_comments %] + +[%- IF comment.count %] +--- Comment #[% comment.count %] from [% comment.author.identity %] --- +[% ELSE %] +--- Description --- +[% END %] +[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %] [% END %] [%- END %] |