summaryrefslogtreecommitdiffstats
path: root/votes.cgi
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-01-29 22:22:19 +0100
committermkanat%bugzilla.org <>2009-01-29 22:22:19 +0100
commitfc293fbd39f14308fbccd0cf9b523664ae813761 (patch)
tree2eff5448dfbcf0fb0a0671fad80da0752db8f727 /votes.cgi
parent25e6018ac8a6cf1a99b299fe60ce6c5b1e1d61e6 (diff)
downloadbugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.gz
bugzilla-fc293fbd39f14308fbccd0cf9b523664ae813761.tar.xz
Bug 219021: Only display email addresses to logged-in users
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'votes.cgi')
-rwxr-xr-xvotes.cgi22
1 files changed, 12 insertions, 10 deletions
diff --git a/votes.cgi b/votes.cgi
index af41af0e4..3e33d8fa9 100755
--- a/votes.cgi
+++ b/votes.cgi
@@ -52,7 +52,7 @@ my $bug_id = $cgi->param('bug_id');
my $action = $cgi->param('action') || ($bug_id ? "show_bug" : "show_user");
if ($action eq "show_bug" ||
- ($action eq "show_user" && defined $cgi->param('user')))
+ ($action eq "show_user" && defined $cgi->param('user_id')))
{
Bugzilla->login();
}
@@ -103,7 +103,9 @@ sub show_bug {
$vars->{'bug_id'} = $bug_id;
$vars->{'users'} =
- $dbh->selectall_arrayref('SELECT profiles.login_name, votes.vote_count
+ $dbh->selectall_arrayref('SELECT profiles.login_name,
+ profiles.userid AS id,
+ votes.vote_count
FROM votes
INNER JOIN profiles
ON profiles.userid = votes.who
@@ -127,11 +129,11 @@ sub show_user {
# If a bug_id is given, and we're editing, we'll add it to the votes list.
$bug_id ||= "";
- my $name = $cgi->param('user') || $user->login;
- my $who = login_to_id($name, THROW_ERROR);
- my $userid = $user->id;
+ my $who_id = $cgi->param('user_id') || $user->id;
+ my $who = Bugzilla::User->check({ id => $who_id });
- my $canedit = (Bugzilla->params->{'usevotes'} && $userid == $who) ? 1 : 0;
+ my $canedit = (Bugzilla->params->{'usevotes'} && $user->id == $who->id)
+ ? 1 : 0;
$dbh->bz_start_transaction();
@@ -140,10 +142,10 @@ sub show_user {
# in the vote table, just so that things display right.
my $has_votes = $dbh->selectrow_array('SELECT vote_count FROM votes
WHERE bug_id = ? AND who = ?',
- undef, ($bug_id, $who));
+ undef, ($bug_id, $who->id));
if (!$has_votes) {
$dbh->do('INSERT INTO votes (who, bug_id, vote_count)
- VALUES (?, ?, 0)', undef, ($who, $bug_id));
+ VALUES (?, ?, 0)', undef, ($who->id, $bug_id));
}
}
@@ -168,7 +170,7 @@ sub show_user {
WHERE votes.who = ?
AND bugs.product_id = ?
ORDER BY votes.bug_id',
- undef, ($who, $product->id));
+ undef, ($who->id, $product->id));
foreach (@$vote_list) {
my ($id, $count, $summary) = @$_;
@@ -206,7 +208,7 @@ sub show_user {
$dbh->bz_commit_transaction();
$vars->{'canedit'} = $canedit;
- $vars->{'voting_user'} = { "login" => $name };
+ $vars->{'voting_user'} = { "login" => $who->name };
$vars->{'products'} = \@products;
$vars->{'bug_id'} = $bug_id;
$vars->{'all_bug_ids'} = \@all_bug_ids;