From 976dc12e4ed769bc02ffeb2be03bb1720e885135 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Mon, 6 Oct 2014 14:42:40 +0000
Subject: Bug 1064140: [SECURITY] Private comments can be shown to flagmail
 recipients who aren't in the insider group r=glob,a=glob

---
 template/en/default/request/email.txt.tmpl | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'template')

diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index 65946a1e1..54bed2e25 100644
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -80,11 +80,14 @@ Attachment [% attidsummary %]
 
 [%- FILTER bullet = wrap(80) %]
 
-[% USE Bugzilla %]
-[%-# .defined is necessary to avoid a taint issue in Perl < 5.10.1, see bug 509794. %]
-[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
-------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
+[% FOREACH comment = new_comments %]
+
+[%- IF comment.count %]
+--- Comment #[% comment.count %] from [% comment.author.identity %] ---
+[% ELSE %]
+--- Description ---
+[% END %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
 [% END %]
 
 [%- END %]
-- 
cgit v1.2.3-24-g4f1b