Closed
Bug 803600
Opened 12 years ago
Closed 12 years ago
Operator's email address is exposed to anons on attachment deletion
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: liangent, Assigned: LpSolit)
Details
Attachments
(1 file)
|
1.74 KB,
patch
|
justdave
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6) Gecko/20100101 Firefox/10.0.6 Iceweasel/10.0.6 Build ID: 20120717093035 Steps to reproduce: Delete an attachment Actual results: A comment is created with email address written which is visible to anons (see https://bugzilla.wikimedia.org/show_bug.cgi?id=41190#c9 as an example) Expected results: The address is somehow hidden to anons
|
Assignee | |
Updated•12 years ago
|
Severity: normal → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Comment 1•12 years ago
|
||
When I implemented attachment deletion in Bugzilla 3.0, I made the comment a bit too verbose. First, there is no need to mention who deleted the attachment because we already know this information: it's the commenter. Then we don't care about when the token was generated; this brings no information and this information is already available anyway: it's the same date+time as the comment itself.
Assignee: attach-and-request → LpSolit
Status: NEW → ASSIGNED
Attachment #673308 -
Flags: review?(justdave)
|
|
Assignee | |
Updated•12 years ago
|
Target Milestone: --- → Bugzilla 4.4
|
||
Comment 2•12 years ago
|
||
Comment on attachment 673308 [details] [diff] [review] patch, v1 Review of attachment 673308 [details] [diff] [review]: ----------------------------------------------------------------- +1
Attachment #673308 -
Flags: review?(justdave) → review+
|
|
Assignee | |
Updated•12 years ago
|
Flags: approval4.4+
Flags: approval+
|
|
Assignee | |
Comment 3•12 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified attachment.cgi modified template/en/default/attachment/delete_reason.txt.tmpl Committed revision 8444. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/ modified attachment.cgi modified template/en/default/attachment/delete_reason.txt.tmpl Committed revision 8431.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•