From bb85be28137ca2a822eb8164421072d8a088661e Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Tue, 16 Oct 2012 17:25:00 -0400 Subject: Bug 577329 - WebServices should filter email addresses same as the web UI as users are not always required to login --- Bugzilla/Config/Auth.pm | 6 ++++++ Bugzilla/Util.pm | 2 +- Bugzilla/WebService.pm | 5 +++++ Bugzilla/WebService/Bug.pm | 16 ++++++++-------- Bugzilla/WebService/Product.pm | 6 +++--- Bugzilla/WebService/Server/JSONRPC.pm | 5 ++++- Bugzilla/WebService/Server/XMLRPC.pm | 7 +++++++ Bugzilla/WebService/User.pm | 14 +++++++------- 8 files changed, 41 insertions(+), 20 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm index a61cab5a2..d70c1f81e 100644 --- a/Bugzilla/Config/Auth.pm +++ b/Bugzilla/Config/Auth.pm @@ -96,6 +96,12 @@ sub get_param_list { default => '0' }, + { + name => 'webservice_email_filter', + type => 'b', + default => 0 + }, + { name => 'emailregexp', type => 't', diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index c754f4081..9c8f80dcf 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -44,7 +44,7 @@ use base qw(Exporter); bz_crypt generate_random_password validate_email_syntax clean_text get_text template_var disable_utf8 - detect_encoding); + detect_encoding email_filter); use Bugzilla::Constants; use Bugzilla::RNG qw(irand); diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 166707626..8e0bfd9c9 100644 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -79,6 +79,11 @@ A floating-point number. May be null. A string. May be null. +=item C + +A string representing an email address. This value, when returned, +may be filtered based on if the user is logged in or not. May be null. + =item C A date/time. Represented differently in different interfaces to this API. diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index e62ad0570..1722086cd 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -309,8 +309,8 @@ sub _translate_comment { return filter $filters, { id => $self->type('int', $comment->id), bug_id => $self->type('int', $comment->bug_id), - creator => $self->type('string', $comment->author->login), - author => $self->type('string', $comment->author->login), + creator => $self->type('email', $comment->author->login), + author => $self->type('email', $comment->author->login), time => $self->type('dateTime', $comment->creation_ts), creation_time => $self->type('dateTime', $comment->creation_ts), is_private => $self->type('boolean', $comment->is_private), @@ -908,18 +908,18 @@ sub _bug_to_hash { # We don't do the SQL calls at all if the filter would just # eliminate them anyway. if (filter_wants $params, 'assigned_to') { - $item{'assigned_to'} = $self->type('string', $bug->assigned_to->login); + $item{'assigned_to'} = $self->type('email', $bug->assigned_to->login); } if (filter_wants $params, 'blocks') { my @blocks = map { $self->type('int', $_) } @{ $bug->blocked }; $item{'blocks'} = \@blocks; } if (filter_wants $params, 'cc') { - my @cc = map { $self->type('string', $_) } @{ $bug->cc || [] }; + my @cc = map { $self->type('email', $_) } @{ $bug->cc || [] }; $item{'cc'} = \@cc; } if (filter_wants $params, 'creator') { - $item{'creator'} = $self->type('string', $bug->reporter->login); + $item{'creator'} = $self->type('email', $bug->reporter->login); } if (filter_wants $params, 'depends_on') { my @depends_on = map { $self->type('int', $_) } @{ $bug->dependson }; @@ -943,7 +943,7 @@ sub _bug_to_hash { } if (filter_wants $params, 'qa_contact') { my $qa_login = $bug->qa_contact ? $bug->qa_contact->login : ''; - $item{'qa_contact'} = $self->type('string', $qa_login); + $item{'qa_contact'} = $self->type('email', $qa_login); } if (filter_wants $params, 'see_also') { my @see_also = map { $self->type('string', $_->name) } @@ -1020,7 +1020,7 @@ sub _attachment_to_hash { # the filter wants them. foreach my $field (qw(creator attacher)) { if (filter_wants $filters, $field) { - $item->{$field} = $self->type('string', $attach->attacher->login); + $item->{$field} = $self->type('email', $attach->attacher->login); } } @@ -1049,7 +1049,7 @@ sub _flag_to_hash { foreach my $field (qw(setter requestee)) { my $field_id = $field . "_id"; - $item->{$field} = $self->type('string', $flag->$field->login) + $item->{$field} = $self->type('email', $flag->$field->login) if $flag->$field_id; } diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm index c705ece28..7d31f2c38 100644 --- a/Bugzilla/WebService/Product.pm +++ b/Bugzilla/WebService/Product.pm @@ -172,11 +172,11 @@ sub _component_to_hash { name => $self->type('string', $component->name), description => - $self->type('string' , $component->description), + $self->type('string', $component->description), default_assigned_to => - $self->type('string' , $component->default_assignee->login), + $self->type('email', $component->default_assignee->login), default_qa_contact => - $self->type('string' , $component->default_qa_contact->login), + $self->type('email', $component->default_qa_contact->login), sort_key => # sort_key is returned to match Bug.fields 0, is_active => diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index cec1c29ea..63e9ca335 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -38,7 +38,7 @@ BEGIN { use Bugzilla::Error; use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data); -use Bugzilla::Util qw(correct_urlbase trim disable_utf8); +use Bugzilla::Util; use HTTP::Message; use MIME::Base64 qw(decode_base64 encode_base64); @@ -221,6 +221,9 @@ sub type { utf8::encode($value) if utf8::is_utf8($value); $retval = encode_base64($value, ''); } + elsif ($type eq 'email' && Bugzilla->params->{'webservice_email_filter'}) { + $retval = email_filter($value); + } return $retval; } diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 025fb8f19..824f6ee2d 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -30,6 +30,7 @@ if ($ENV{MOD_PERL}) { } use Bugzilla::WebService::Constants; +use Bugzilla::Util; # Allow WebService methods to call XMLRPC::Lite's type method directly BEGIN { @@ -41,6 +42,12 @@ BEGIN { $value = Bugzilla::WebService::Server->datetime_format_outbound($value); $value =~ s/-//g; } + elsif ($type eq 'email') { + $type = 'string'; + if (Bugzilla->params->{'webservice_email_filter'}) { + $value = email_filter($value); + } + } return XMLRPC::Data->type($type)->value($value); }; } diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 93c0881cb..d9fc890f7 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -157,8 +157,8 @@ sub get { \@user_objects, $params); @users = map {filter $params, { id => $self->type('int', $_->id), - real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), + real_name => $self->type('string', $_->name), + name => $self->type('email', $_->login), }} @$in_group; return { users => \@users }; @@ -199,7 +199,7 @@ sub get { } } } - + my $in_group = $self->_filter_users_by_group( \@user_objects, $params); if (Bugzilla->user->in_group('editusers')) { @@ -207,8 +207,8 @@ sub get { map {filter $params, { id => $self->type('int', $_->id), real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), - email => $self->type('string', $_->email), + name => $self->type('email', $_->login), + email => $self->type('email', $_->email), can_login => $self->type('boolean', $_->is_enabled ? 1 : 0), groups => $self->_filter_bless_groups($_->groups), email_enabled => $self->type('boolean', $_->email_enabled), @@ -221,8 +221,8 @@ sub get { map {filter $params, { id => $self->type('int', $_->id), real_name => $self->type('string', $_->name), - name => $self->type('string', $_->login), - email => $self->type('string', $_->email), + name => $self->type('email', $_->login), + email => $self->type('email', $_->email), can_login => $self->type('boolean', $_->is_enabled ? 1 : 0), groups => $self->_filter_bless_groups($_->groups), saved_searches => [map { $self->_query_to_hash($_) } @{ $_->queries }], -- cgit v1.2.3-24-g4f1b