From fc293fbd39f14308fbccd0cf9b523664ae813761 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Thu, 29 Jan 2009 21:22:19 +0000
Subject: Bug 219021: Only display email addresses to logged-in users Patch By
 Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

---
 votes.cgi | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'votes.cgi')

diff --git a/votes.cgi b/votes.cgi
index af41af0e4..3e33d8fa9 100755
--- a/votes.cgi
+++ b/votes.cgi
@@ -52,7 +52,7 @@ my $bug_id = $cgi->param('bug_id');
 my $action = $cgi->param('action') || ($bug_id ? "show_bug" : "show_user");
 
 if ($action eq "show_bug" ||
-    ($action eq "show_user" && defined $cgi->param('user')))
+    ($action eq "show_user" && defined $cgi->param('user_id')))
 {
     Bugzilla->login();
 }
@@ -103,7 +103,9 @@ sub show_bug {
 
     $vars->{'bug_id'} = $bug_id;
     $vars->{'users'} =
-        $dbh->selectall_arrayref('SELECT profiles.login_name, votes.vote_count 
+        $dbh->selectall_arrayref('SELECT profiles.login_name,
+                                         profiles.userid AS id,
+                                         votes.vote_count
                                     FROM votes
                               INNER JOIN profiles 
                                       ON profiles.userid = votes.who
@@ -127,11 +129,11 @@ sub show_user {
     # If a bug_id is given, and we're editing, we'll add it to the votes list.
     $bug_id ||= "";
 
-    my $name = $cgi->param('user') || $user->login;
-    my $who = login_to_id($name, THROW_ERROR);
-    my $userid = $user->id;
+    my $who_id = $cgi->param('user_id') || $user->id;
+    my $who = Bugzilla::User->check({ id => $who_id });
 
-    my $canedit = (Bugzilla->params->{'usevotes'} && $userid == $who) ? 1 : 0;
+    my $canedit = (Bugzilla->params->{'usevotes'} && $user->id == $who->id) 
+                  ? 1 : 0;
 
     $dbh->bz_start_transaction();
 
@@ -140,10 +142,10 @@ sub show_user {
         # in the vote table, just so that things display right.
         my $has_votes = $dbh->selectrow_array('SELECT vote_count FROM votes 
                                                WHERE bug_id = ? AND who = ?',
-                                               undef, ($bug_id, $who));
+                                               undef, ($bug_id, $who->id));
         if (!$has_votes) {
             $dbh->do('INSERT INTO votes (who, bug_id, vote_count) 
-                      VALUES (?, ?, 0)', undef, ($who, $bug_id));
+                      VALUES (?, ?, 0)', undef, ($who->id, $bug_id));
         }
     }
 
@@ -168,7 +170,7 @@ sub show_user {
                                        WHERE votes.who = ?
                                          AND bugs.product_id = ?
                                     ORDER BY votes.bug_id',
-                                      undef, ($who, $product->id));
+                                      undef, ($who->id, $product->id));
 
         foreach (@$vote_list) {
             my ($id, $count, $summary) = @$_;
@@ -206,7 +208,7 @@ sub show_user {
     $dbh->bz_commit_transaction();
 
     $vars->{'canedit'} = $canedit;
-    $vars->{'voting_user'} = { "login" => $name };
+    $vars->{'voting_user'} = { "login" => $who->name };
     $vars->{'products'} = \@products;
     $vars->{'bug_id'} = $bug_id;
     $vars->{'all_bug_ids'} = \@all_bug_ids;
-- 
cgit v1.2.3-24-g4f1b