From b04d7d26e502817ff25a087af703a2ffe47cbe7e Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 23 Oct 2012 14:08:20 -0400 Subject: Bug 803600: Operators email address is exposed to anons on attachment deletion --- attachment.cgi | 1 - template/en/default/attachment/delete_reason.txt.tmpl | 11 ++--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/attachment.cgi b/attachment.cgi index 7cacd4f1c..985430d85 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -779,7 +779,6 @@ sub delete_attachment { # The token is valid. Delete the content of the attachment. my $msg; $vars->{'attachment'} = $attachment; - $vars->{'date'} = $date; $vars->{'reason'} = clean_text($cgi->param('reason') || ''); $template->process("attachment/delete_reason.txt.tmpl", $vars, \$msg) diff --git a/template/en/default/attachment/delete_reason.txt.tmpl b/template/en/default/attachment/delete_reason.txt.tmpl index e4a1fc41f..87175c1a3 100644 --- a/template/en/default/attachment/delete_reason.txt.tmpl +++ b/template/en/default/attachment/delete_reason.txt.tmpl @@ -16,17 +16,10 @@ [%# INTERFACE: # attachment: object of the attachment the user wants to delete. # reason: string; The reason provided by the user. - # date: the date when the request to delete the attachment was made. #%] -The content of attachment [% attachment.id %] has been deleted by - [%+ user.identity %] -[% IF reason %] -who provided the following reason: +The content of attachment [% attachment.id %] has been deleted +[%~ IF reason %] for the following reason: [%+ reason %] -[% ELSE %] -without providing any reason. [% END %] - -The token used to delete this attachment was generated at [% date FILTER time %]. -- cgit v1.2.3-24-g4f1b