Bug 219021: Only display email addresses to logged-in users

Bugzilla/DB.pm

@@ -342,6 +342,12 @@ sub sql_string_concat {
     return '(' . join(' || ', @params) . ')';
 }
 
+sub sql_string_until {
+    my ($self, $string, $substring) = @_;
+    return "SUBSTRING($string FROM 1 FOR " .
+                      $self->sql_position($substring, $string) . " - 1)";
+}
+
 sub sql_in {
     my ($self, $column_name, $in_list_ref) = @_;
     return " $column_name IN (" . join(',', @$in_list_ref) . ") ";
@@ -1811,6 +1817,25 @@ Formatted SQL for concatenating specified strings
 
 =back
 
+=item C<sql_string_until>
+
+=over
+
+=item B<Description>
+
+Returns SQL for truncating a string at the first occurrence of a certain
+substring.
+
+=item B<Params>
+
+Note that both parameters need to be sql-quoted.
+
+=item C<$string> The string we're truncating
+
+=item C<$substring> The substring we're truncating at.
+
+=back
+
 =item C<sql_fulltext_search>
 
 =over

Bugzilla/Template.pm

@@ -664,6 +664,8 @@ sub create {
 
             html_light => \&Bugzilla::Util::html_light_quote,
 
+            email => \&Bugzilla::Util::email_filter,
+
             # iCalendar contentline filter
             ics => [ sub {
                          my ($context, @args) = @_;

Bugzilla/Util.pm

@@ -53,6 +53,7 @@ use Date::Format;
 use DateTime;
 use DateTime::TimeZone;
 use Digest;
+use Email::Address;
 use Scalar::Util qw(tainted);
 use Text::Wrap;
 
@@ -170,6 +171,20 @@ sub html_light_quote {
     }
 }
 
+sub email_filter {
+    my ($toencode) = @_;
+    if (!Bugzilla->user->id) {
+        my @emails = Email::Address->parse($toencode);
+        if (scalar @emails) {
+            my @hosts = map { quotemeta($_->host) } @emails;
+            my $hosts_re = join('|', @hosts);
+            $toencode =~ s/\@(?:$hosts_re)//g;
+            return $toencode;
+        }
+    }
+    return $toencode;
+}
+
 # This originally came from CGI.pm, by Lincoln D. Stein
 sub url_quote {
     my ($toencode) = (@_);
@@ -638,6 +653,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
   html_quote($var);
   url_quote($var);
   xml_quote($var);
+  email_filter($var);
 
   # Functions for decoding
   $rv = url_decode($var);
@@ -755,6 +771,12 @@ is kept separate from html_quote partly for compatibility with previous code
 
 Converts the %xx encoding from the given URL back to its original form.
 
+=item C<email_filter>
+
+Removes the hostname from email addresses in the string, if the user
+currently viewing Bugzilla is logged out. If the user is logged-in,
+this filter just returns the input string.
+
 =back
 
 =head2 Environment and Location

buglist.cgi

@@ -673,6 +673,9 @@ foreach my $field (Bugzilla->get_fields({ obsolete => 0, buglist => 1 })) {
     my $name = 'bugs.' . $field->name;
     if ($id eq 'assigned_to' || $id eq 'reporter' || $id eq 'qa_contact') {
         $name = 'map_' . $field->name . '.login_name';
+        if (!Bugzilla->user->id) {
+            $name = $dbh->sql_string_until($name, $dbh->quote('@'));
+        }
     }
     elsif ($id eq 'product' || $id eq 'component' || $id eq 'classification') {
         $name = 'map_' . $field->name . 's.name';
@@ -696,15 +699,25 @@ foreach my $field (Bugzilla->get_fields({ obsolete => 0, buglist => 1 })) {
     $columns->{$id} = { 'name' => $name, 'title' => $field->description };
 }
 
-if ($format->{'extension'} eq 'html') {
-    $columns->{assigned_to_realname} = { name => "CASE WHEN map_assigned_to.realname = '' THEN map_assigned_to.login_name ELSE map_assigned_to.realname END AS assigned_to_realname", title => "Assignee" };
-    $columns->{reporter_realname} = { name => "CASE WHEN map_reporter.realname    = '' THEN map_reporter.login_name    ELSE map_reporter.realname    END AS reporter_realname", title => "Reporter" };
-    $columns->{qa_contact_realname} = { name => "CASE WHEN map_qa_contact.realname  = '' THEN map_qa_contact.login_name  ELSE map_qa_contact.realname  END AS qa_contact_realname", title => "QA Contact" };
-} else {
-    $columns->{assigned_to_realname} = { name => "map_assigned_to.realname AS assigned_to_realname", title => "Assignee" };
-    $columns->{reporter_realname} = { name => "map_reporter.realname AS reporter_realname", title => "Reporter" };
-    $columns->{qa_contact_realname} = { name => "map_qa_contact.realname AS qa_contact_realname", title => "QA Contact" };
+foreach my $col (qw(assigned_to reporter qa_contact)) {
+    my $colname = "${col}_realname";
+    if ($format->{'extension'} eq 'html') {
+        my $login = "map_${col}.login_name";
+        if (!Bugzilla->user->id) {
+            $login = $dbh->sql_string_until($login, $dbh->quote('@'));
+        }
+        $columns->{$colname}->{name} =
+            "CASE WHEN map_${col}.realname = '' 
+                  THEN $login ELSE map_${col}.realname 
+                   END AS $colname";
+    }
+    else {
+        $columns->{$colname}->{name} = "map_${col}.realname AS $colname";
+    }
 }
+$columns->{assigned_to_realname}->{title} = "Assignee";
+$columns->{reporter_realname}->{title} = "Reporter";
+$columns->{qa_contact_realname}->{title} = "QA Contact";
 
 Bugzilla::Hook::process("buglist-columns", {'columns' => $columns} );
 

t/007util.t

@@ -13,11 +13,11 @@
 # The Original Code are the Bugzilla Tests.
 # 
 # The Initial Developer of the Original Code is Zach Lipton
-# Portions created by Zach Lipton are 
-# Copyright (C) 2002 Zach Lipton.  All
-# Rights Reserved.
+# Portions created by Zach Lipton are Copyright (C) 2002 Zach Lipton.
+# All Rights Reserved.
 # 
 # Contributor(s): Zach Lipton <zach@zachlipton.com>
+#                 Max Kanat-Alexander <mkanat@bugzilla.org>
 
 
 #################
@@ -26,9 +26,9 @@
 
 use lib 't';
 use Support::Files;
+use Test::More tests => 16;
 
 BEGIN { 
-        use Test::More tests => 12;
     use_ok(Bugzilla);
     use_ok(Bugzilla::Util);
 }
@@ -64,3 +64,17 @@ is(format_time("2002.11.24 00:05"), "2002-11-24 00:05 $tz",'format_time("2002.11
 is(format_time("2002.11.24 00:05:56"), "2002-11-24 00:05:56 $tz",'format_time("2002.11.24 00:05:56")');
 is(format_time("2002.11.24 00:05:56", "%Y-%m-%d %R"), '2002-11-24 00:05', 'format_time("2002.11.24 00:05:56", "%Y-%m-%d %R") (with no timezone)');
 is(format_time("2002.11.24 00:05:56", "%Y-%m-%d %R %Z"), "2002-11-24 00:05 $tz", 'format_time("2002.11.24 00:05:56", "%Y-%m-%d %R %Z") (with timezone)');
+
+# email_filter
+my %email_strings = (
+    'somebody@somewhere.com' => 'somebody',
+    'Somebody <somebody@somewhere.com>' => 'Somebody <somebody>',
+    'One Person <one@person.com>, Two Person <two@person.com>' 
+        => 'One Person <one>, Two Person <two>',
+    'This string contains somebody@somewhere.com and also this@that.com'
+        => 'This string contains somebody and also this',
+);
+foreach my $input (keys %email_strings) {
+    is(Bugzilla::Util::email_filter($input), $email_strings{$input}, 
+       "email_filter('$input')");
+}

template/en/default/attachment/list.html.tmpl

@@ -95,10 +95,7 @@
                title="Go to the comment associated with the attachment">
               [%- attachment.attached FILTER time %]</a>,
 
-            <a href="mailto:[% attachment.attacher.email FILTER html %]"
-               title="Write an email to the creator of the attachment">
-              [% attachment.attacher.name || attachment.attacher.login FILTER html %]
-            </a>
+            [% INCLUDE global/user.html.tmpl who = attachment.attacher %]
           </span>
         </td>
 

template/en/default/bug/activity/table.html.tmpl

@@ -61,7 +61,7 @@
     [% FOREACH operation = operations %]
       <tr>
         <td rowspan="[% operation.changes.size %]" valign="top">
-          [% operation.who FILTER html %]
+          [% operation.who FILTER email FILTER html %]
         </td>
         <td rowspan="[% operation.changes.size %]" valign="top">
           [% operation.when FILTER time %]
@@ -89,7 +89,7 @@
                          change.fieldname == 'dependson' %]
                   [% change.removed FILTER bug_list_link FILTER none %]
                 [% ELSE %]
-                  [% change.removed FILTER html %]
+                  [% change.removed FILTER email FILTER html %]
                 [% END %]
               [% ELSE %]
                 &nbsp;
@@ -109,7 +109,7 @@
                          change.fieldname == 'dependson' %]
                   [% change.added FILTER bug_list_link FILTER none %]
                 [% ELSE %]
-                  [% change.added FILTER html %]
+                  [% change.added FILTER email FILTER html %]
                 [% END %]
               [% ELSE %]
                 &nbsp;

template/en/default/bug/comments.html.tmpl

@@ -188,11 +188,7 @@
         </span>
 
         <span class="bz_comment_user">
-          <span class="vcard">
-            <a class="fn email" 
-               href="mailto:[% comment.author.email FILTER html %]">
-              [% (comment.author.name || comment.author.login) FILTER html %]</a>
-          </span>
+          [% INCLUDE global/user.html.tmpl who = comment.author %]
         </span>
 
         <span class="bz_comment_user_images">
@@ -226,7 +222,8 @@
 [% END %]
 <pre class="bz_comment_text" 
      [% ' id="comment_text_' _ count _ '"' IF mode == "edit" %]>
-  [%- wrapped_comment FILTER quoteUrls(bug.bug_id, comment.already_wrapped) -%]
+  [%- wrapped_comment FILTER email 
+                      FILTER quoteUrls(bug.bug_id, comment.already_wrapped) -%]
 </pre>
     </div>
   [% END %]

template/en/default/bug/dependency-tree.html.tmpl

@@ -154,7 +154,7 @@
 
 [% BLOCK buginfo %]
   [% get_status(bug.bug_status) FILTER html -%] [%+ get_resolution(bug.resolution) FILTER html %];
-  [%-%] assigned to [% bug.assigned_to.login FILTER html %]
+  [%-%] assigned to [% bug.assigned_to.login FILTER email FILTER html %]
   [%-%][% "; Target: " _ bug.target_milestone IF bug.target_milestone %]
 [% END %]
 

template/en/default/bug/edit.html.tmpl

@@ -524,7 +524,7 @@
         [% IF bug.check_can_change_field("assigned_to", 0, 1) %]
           <div id="bz_assignee_edit_container" class="bz_default_hidden">
             <span>
-              [% INCLUDE user_identity user=> bug.assigned_to %]
+              [% INCLUDE global/user.html.tmpl who = bug.assigned_to %]
               (<a href="#" id="bz_assignee_edit_action">edit</a>)
             </span>
           </div>
@@ -548,7 +548,7 @@
            initDefaultCheckbox('assignee');                  
           </script>
         [% ELSE %]
-          [% INCLUDE user_identity user => bug.assigned_to %]
+          [% INCLUDE global/user.html.tmpl who = bug.assigned_to %]
         [% END %]
       </td>
     </tr>
@@ -559,13 +559,12 @@
         <label for="qa_contact" accesskey="q"><b><u>Q</u>A Contact</b></label>:
       </td>
       <td>
-
         [% IF bug.check_can_change_field("qa_contact", 0, 1) %]
           [% IF bug.qa_contact != "" %]
            <div id="bz_qa_contact_edit_container" class="bz_default_hidden">
             <span>
               <span id="bz_qa_contact_edit_display">
-              [% INCLUDE user_identity user=> bug.qa_contact %]</span>
+              [% INCLUDE global/user.html.tmpl who = bug.qa_contact %]</span>
               (<a href="#" id="bz_qa_contact_edit_action">edit</a>)
             </span>
           </div>
@@ -593,7 +592,7 @@
             initDefaultCheckbox('qa_contact');
           </script>
         [% ELSE %]
-          [% INCLUDE user_identity user => bug.qa_contact %]
+          [% INCLUDE global/user.html.tmpl who = bug.qa_contact %]
         [% END %]
       </td>
     </tr>
@@ -813,7 +812,7 @@
       <b>Reported</b>:
     </td>
     <td>
-     [% bug.creation_ts FILTER time %] by [% INCLUDE user_identity user => bug.reporter %]
+     [% bug.creation_ts FILTER time %] by [% INCLUDE global/user.html.tmpl who = bug.reporter %]
     </td>
   </tr>
   
@@ -833,7 +832,6 @@
 [%# Block for CC LIST                                                        #%]
 [%############################################################################%]
 [% BLOCK section_cclist %]
-  [% IF user.id %]
     <tr>
       <td class="field_label">
         <label for="newcc" accesskey="a"><b>CC List</b>:</label>
@@ -867,15 +865,13 @@
           [% END %]
         [% END %]
         <span id="cc_edit_area_showhide_container" class="bz_default_hidden">
-          (<a href="#" id="cc_edit_area_showhide">edit</a>)
+          (<a href="#" id="cc_edit_area_showhide">[% IF user.id %]edit[% ELSE %]show[% END %]</a>)
         </span>
         <div id="cc_edit_area">
+          <br>
+          [% IF user.id %]
             <div>
-            <div>
-              <label for="cc">
-                <b>Add</b>
-              </label>
-            </div>
+              <div><label for="cc"><b>Add</b></label></div>
               [% INCLUDE global/userselect.html.tmpl
                   id => "newcc"
                   name => "newcc"
@@ -883,10 +879,12 @@
                   multiple => 5
                 %]
             </div>
+          [% END %]
           [% IF bug.cc %]
             <select id="cc" name="cc" multiple="multiple" size="5">
               [% FOREACH c = bug.cc %]
-            <option value="[% c FILTER html %]">[% c FILTER html %]</option>
+                <option value="[% c FILTER email FILTER html %]">
+                  [% c FILTER email FILTER html %]</option>
               [% END %]
             </select>
             [% IF user.id %]
@@ -906,7 +904,6 @@
         </script>
       </td>
     </tr>
-  [% END %]
 [% END %]
 
 [%############################################################################%]
@@ -1167,23 +1164,3 @@
   [% value = undef %]
   [% spellcheck = undef %]
 [% END %]
-
-[%############################################################################%]
-[%# Block for user identities. Wraps the information inside of an hCard.     #%]
-[%############################################################################%]
-
-[% BLOCK user_identity %]
-  <span class="vcard">
-    [% FILTER collapse %]
-      [% IF user.name %]
-        <a class="email" href="mailto:[% user.email FILTER html %]" 
-           title="[% user.email FILTER html %]"
-          ><span class="fn">[% user.name FILTER html %]</span
-        ></a>
-      [% ELSE %]
-        <a class="fn email" href="mailto:[% user.email FILTER html %]">
-          [% user.email FILTER html %]</a>
-      [% END %]
-    [% END %]</span>
-[% END %]
-

template/en/default/bug/show-multiple.html.tmpl

@@ -336,12 +336,12 @@
       <th class="rightcell">[% field_descs.cc FILTER html %]:</th>
       <td>
         [% FOREACH c = bug.cc %]
-          [% c FILTER html %][% ", " IF not loop.last() %]
+          [% c FILTER email FILTER html %][% ", " IF not loop.last() %]
         [% END %]
     [% ELSIF name == "reporter" || name == "assigned_to" 
              || name == "qa_contact" %]
       <th class="rightcell">[% field_descs.${name} FILTER html %]:</th>
-      <td>[% bug.${name}.identity FILTER html %]</td>
+      <td>[% bug.${name}.identity FILTER email FILTER html %]</td>
     [% ELSIF name == "flags" %]
         <th class="rightcell">Flags:</th>
         <td>

template/en/default/bug/show.xml.tmpl

@@ -25,9 +25,13 @@
 
 <bugzilla version="[% constants.BUGZILLA_VERSION %]"
           urlbase="[% urlbase FILTER xml %]"
+          [%# Note that the maintainer's email is not filtered, 
+            # intentionally. Even logged-out users should be able
+            # to see that, since it will be in error messages anyway. 
+          %]
           maintainer="[% Param('maintainer') FILTER xml %]"
 [% IF user.id %]
-          exporter="[% user.email FILTER xml %]"
+          exporter="[% user.email FILTER email FILTER xml %]"
 [% END %]
 >
 
@@ -58,9 +62,9 @@
           <flag name="[% type.name FILTER xml %]"
                 id="[% flag.id FILTER xml %]"
                 status="[% flag.status FILTER xml %]"
-                setter="[% flag.setter.login FILTER xml %]"
+                setter="[% flag.setter.login FILTER email FILTER xml %]"
           [% IF flag.requestee %]
-              requestee="[% flag.requestee.login FILTER xml %]"
+              requestee="[% flag.requestee.login FILTER email FILTER xml %]"
           [% END %]
           />
         [% END %]
@@ -69,12 +73,12 @@
         [% FOREACH c = bug.longdescs %]
           [% NEXT IF c.isprivate && !user.in_group(Param("insidergroup")) %]
           <long_desc isprivate="[% c.isprivate FILTER xml %]">
-            <who name="[% c.author.name FILTER xml %]">[% c.author.email FILTER xml %]</who>
+            <who name="[% c.author.name FILTER xml %]">[% c.author.email FILTER email FILTER xml %]</who>
             <bug_when>[% c.time FILTER time FILTER xml %]</bug_when>
             [% IF user.in_group(Param('timetrackinggroup')) && (c.work_time - 0 != 0) %]
               <work_time>[% PROCESS formattimeunit time_unit = c.work_time FILTER xml %]</work_time>
             [% END %]
-            <thetext>[% c.body FILTER xml %]</thetext>
+            <thetext>[% c.body FILTER email FILTER xml %]</thetext>
           </long_desc>
         [% END %]
       [% END %]
@@ -93,7 +97,7 @@
             <filename>[% a.filename FILTER xml %]</filename>
             <type>[% a.contenttype FILTER xml %]</type>
             <size>[% a.datasize FILTER xml %]</size>
-            <attacher>[% a.attacher.email FILTER xml %]</attacher>
+            <attacher>[% a.attacher.email FILTER email FILTER xml %]</attacher>
         [% IF displayfields.attachmentdata %]
             <data encoding="base64">[% a.data FILTER base64 %]</data>
         [% END %]        
@@ -102,9 +106,9 @@
               <flag name="[% flag.type.name FILTER xml %]"
                     id="[% flag.id FILTER xml %]"
                     status="[% flag.status FILTER xml %]"
-                    setter="[% flag.setter.email FILTER xml %]"
+                    setter="[% flag.setter.email FILTER email FILTER xml %]"
                     [% IF flag.status == "?" && flag.requestee %]
-                      requestee="[% flag.requestee.email FILTER xml %]"
+                      requestee="[% flag.requestee.email FILTER email FILTER xml %]"
                     [% END %]
                />
             [% END %]
@@ -129,10 +133,13 @@
     [% IF field == 'reporter' OR field == 'assigned_to' OR
           field == 'qa_contact' %]
       [% name = val.name %]
-      [% val = val.email %]
+      [% val = val.email FILTER email %]
+    [% ELSIF field == 'cc' %]
+        [% val = val FILTER email %]
     [% ELSIF field == 'creation_ts' OR field == 'delta_ts' %]
       [% val = val FILTER time %]
     [% END %]
-    <[% field %][% IF name != '' %] name="[% name FILTER xml %]"[% END -%]>[% val FILTER xml %]</[% field %]>
+    <[% field %][% IF name != '' %] name="[% name FILTER xml %]"[% END -%]>
+      [%- val FILTER xml %]</[% field %]>
   [% END %]
 [% END %]

template/en/default/bug/votes/list-for-bug.html.tmpl

@@ -43,8 +43,9 @@
     [% total = total + voter.vote_count %]
     <tr>
       <td>
-        <a href="votes.cgi?action=show_user&amp;user=[% voter.login_name FILTER url_quote %]">
-          [% voter.login_name FILTER html %]
+          <a href="votes.cgi?action=show_user&amp;user_id=
+                  [%- voter.id FILTER url_quote %]">
+          [% voter.login_name FILTER email FILTER html %]
         </a>
       </td>
       <td align="right">

template/en/default/global/user.html.tmpl

+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Daniel Brooks.
+  # Portions created by the Initial Developer are Copyright (C) 2007
+  # the Initial Developer. All Rights Reserved.
+  #
+  # Contributor(s): 
+  #   Daniel Brooks <db48x@db48x.net>
+  #   Max Kanat-Alexander <mkanat@bugzilla.org>
+  #%]
+
+[%# INTERFACE:
+  # who: A Bugzilla::User object that we are going to represent.
+  #%]
+
+<span class="vcard">
+  [% FILTER collapse %]
+    [% IF user.id %]
+      <a class="email" href="mailto:[% who.email FILTER html %]"
+         title="[% who.identity FILTER html %]">
+    [%- END -%]
+    [% IF who.name %]
+       <span class="fn">[% who.name FILTER html %]</span>
+    [% ELSE %]
+      [% who.login FILTER email FILTER html %]
+    [% END %]
+    [% '</a>' IF user.id %]
+  [% END %]
+</span>

template/en/default/list/list.html.tmpl

@@ -206,7 +206,7 @@
           |
         [% END %]
 
-        [% IF bugowners %]
+        [% IF bugowners && user.id %]
           <a href="mailto:
             [% bugowners FILTER html %]">Send&nbsp;Mail&nbsp;to&nbsp;[% terms.Bug %]&nbsp;Assignees</a> |
         [% END %]

template/en/default/reports/components.html.tmpl

@@ -74,13 +74,11 @@
       <a name="[% comp.name FILTER html %]">[% comp.name FILTER html %]</a>
     </td>
     <td>
-      <a href="mailto:[% comp.default_assignee.email FILTER html %]">
-      [% comp.default_assignee.login FILTER html %]</a>
+      [% INCLUDE global/user.html.tmpl who = comp.default_assignee %]
     </td>
     [% IF Param("useqacontact") %]
       <td>
-        <a href="mailto:[% comp.default_qa_contact.email FILTER html %]">
-        [% comp.default_qa_contact.login FILTER html %]</a>
+        [% INCLUDE global/user.html.tmpl who = comp.default_qa_contact %]
       </td>
     [% END %]
   </tr>

template/en/default/reports/report-table.csv.tmpl

@@ -30,7 +30,14 @@
 [% row_field_disp = field_descs.$row_field || row_field %]
 
 [% IF tbl_field %]
-  [% tbl_field_disp FILTER csv %]: [% tbl FILTER csv %]
+  [% IF tbl_field == 'assigned_to' OR tbl_field == 'reporter'
+        OR tbl_field == 'qa_contact'
+  %]
+    [% tbl_disp = tbl FILTER email %]
+  [% ELSE %]
+    [% tbl_disp = tbl %]
+  [% END %]
+  [% tbl_field_disp FILTER csv %]: [% tbl_disp FILTER csv %]
 [% END %]
 [% IF row_field %]
   [% row_field_disp FILTER csv %]
@@ -40,26 +47,14 @@
 [% IF col_field -%]
   [% FOREACH col = col_names -%]
     [% colsepchar %]
-    [% IF col_field == 'bug_status' %]
-      [% get_status(col) FILTER csv -%]
-    [% ELSIF col_field == 'resolution' %]
-      [% get_resolution(col) FILTER csv -%]
-    [% ELSE %]
-      [% col FILTER csv -%]
-    [% END %]
+    [% PROCESS value_display value = col field = col_field %]
   [% END -%]
 [% ELSE -%]
   [% colsepchar %][% num_bugs FILTER csv %]
 [% END %]
 
 [% FOREACH row = row_names %]
-  [% IF row_field == 'bug_status' %]
-    [% get_status(row) FILTER csv -%]
-  [% ELSIF row_field == 'resolution' %]
-    [% get_resolution(row) FILTER csv -%]
-  [% ELSE %]
-    [% row FILTER csv -%]
-  [% END %]
+  [% PROCESS value_display value = row field = row_field %]
   [% FOREACH col = col_names %]
     [% colsepchar %]
     [% IF data.$tbl AND data.$tbl.$col AND data.$tbl.$col.$row %]
@@ -70,3 +65,17 @@
   [% END %]
 
 [% END %]
+
+[% BLOCK value_display %]
+  [% SET disp_value = value %]
+  [% IF field == 'bug_status' %]
+    [% SET disp_value = get_status(value) %]
+  [% ELSIF field == 'resolution' %]
+    [% SET disp_value = get_resolution(value) %]
+  [% ELSIF field == 'assigned_to' OR field == 'reporter'
+           OR field == 'qa_contact'
+  %]
+    [% disp_value = value FILTER email %]
+  [% END %]
+  [% disp_value FILTER csv %]
+[% END %]

template/en/default/reports/report-table.html.tmpl

@@ -44,7 +44,7 @@
 [% END %]
 
 [% IF tbl_field %]
-  <h2>[% tbl_disp FILTER html %]</h2>
+  <h2>[% tbl_disp FILTER email FILTER html %]</h2>
 [% END %]
 
 <table>
@@ -79,13 +79,7 @@
         
         [% col_idx = 1 - col_idx %]
         <td class="[% classes.$row_idx.$col_idx %]">
-          [% IF col_field == 'bug_status' %]
-            [% get_status(col) FILTER html FILTER replace('^ $','&nbsp;') %]
-          [% ELSIF col_field == 'resolution' %]
-            [% get_resolution(col) FILTER html FILTER replace('^ $','&nbsp;') %]
-          [% ELSE %]
-            [% col FILTER html FILTER replace('^ $','&nbsp;') %]
-          [% END %]
+          [% PROCESS value_display value = col field = col_field %]
         </td>
       [% END %]
       <td class="ttotal">
@@ -100,13 +94,7 @@
     [% row_idx = 1 - row_idx %]
     <tr>
       <td class="[% classes.$row_idx.$col_idx %]" align="right">
-        [% IF row_field == 'bug_status' %]
-          [% get_status(row) FILTER html FILTER replace('^ $','&nbsp;') %]
-        [% ELSIF row_field == 'resolution' %]
-          [% get_resolution(row) FILTER html FILTER replace('^ $','&nbsp;') %]
-        [% ELSE %]
-          [% row FILTER html FILTER replace('^ $','&nbsp;') %]
-        [% END %]
+        [% PROCESS value_display value = row field = row_field %]
       </td>
       [% FOREACH col = col_names %]
         [% row_total = row_total + data.$tbl.$col.$row %]
@@ -164,3 +152,17 @@
     </td>
   </tr>
 </table>
+
+[% BLOCK value_display %]
+  [% SET disp_value = value %]
+  [% IF field == 'bug_status' %]
+    [% SET disp_value = get_status(value) %]
+  [% ELSIF field == 'resolution' %]
+    [% SET disp_value = get_resolution(value) %]
+  [% ELSIF field == 'assigned_to' OR field == 'reporter'
+           OR field == 'qa_contact'
+  %]
+    [% disp_value = value FILTER email %]
+  [% END %]
+  [% disp_value FILTER html FILTER replace('^ $','&nbsp;') %]
+[% END %] 

template/en/default/reports/report.html.tmpl

@@ -96,7 +96,7 @@
       [% PROCESS "reports/report-table.html.tmpl" %]
     [% ELSE %]
       [% IF tbl %]
-        <h2>[% tbl_disp FILTER html %]</h2>
+        <h2>[% tbl_disp FILTER email FILTER html %]</h2>
       [% END %]
       
       [% imageurl = BLOCK %]report.cgi?[% imagebase FILTER html %]&amp;format=

template/en/default/request/queue.html.tmpl

@@ -157,7 +157,8 @@ to some group are shown by default.
 [% PROCESS global/footer.html.tmpl %]
 
 [% BLOCK start_new_table %]
-  <h3>[% column_headers.$group_field %]: [% (request.$group_field || "None") FILTER html %]</h3>
+  <h3>[% column_headers.$group_field %]: 
+    [%+ (request.$group_field || "None") FILTER email FILTER html %]</h3>
   <table class="requests" cellspacing="0" cellpadding="4" border="1">
     <tr>
       [% FOREACH column = display_columns %]
@@ -190,11 +191,11 @@ to some group are shown by default.
 [% END %]
 
 [% BLOCK display_requestee %]
-  [% request.requestee FILTER html %]
+  [% request.requestee FILTER email FILTER html %]
 [% END %]
 
 [% BLOCK display_requester %]
-  [% request.requester FILTER html %]
+  [% request.requester FILTER email FILTER html %]
 [% END %]
 
 [% BLOCK display_created %]

votes.cgi

@@ -52,7 +52,7 @@ my $bug_id = $cgi->param('bug_id');
 my $action = $cgi->param('action') || ($bug_id ? "show_bug" : "show_user");
 
 if ($action eq "show_bug" ||
-    ($action eq "show_user" && defined $cgi->param('user')))
+    ($action eq "show_user" && defined $cgi->param('user_id')))
 {
     Bugzilla->login();
 }
@@ -103,7 +103,9 @@ sub show_bug {
 
     $vars->{'bug_id'} = $bug_id;
     $vars->{'users'} =
-        $dbh->selectall_arrayref('SELECT profiles.login_name, votes.vote_count 
+        $dbh->selectall_arrayref('SELECT profiles.login_name,
+                                         profiles.userid AS id,
+                                         votes.vote_count
                                     FROM votes
                               INNER JOIN profiles 
                                       ON profiles.userid = votes.who
@@ -127,11 +129,11 @@ sub show_user {
     # If a bug_id is given, and we're editing, we'll add it to the votes list.
     $bug_id ||= "";
 
-    my $name = $cgi->param('user') || $user->login;
-    my $who = login_to_id($name, THROW_ERROR);
-    my $userid = $user->id;
+    my $who_id = $cgi->param('user_id') || $user->id;
+    my $who = Bugzilla::User->check({ id => $who_id });
 
-    my $canedit = (Bugzilla->params->{'usevotes'} && $userid == $who) ? 1 : 0;
+    my $canedit = (Bugzilla->params->{'usevotes'} && $user->id == $who->id) 
+                  ? 1 : 0;
 
     $dbh->bz_start_transaction();
 
@@ -140,10 +142,10 @@ sub show_user {
         # in the vote table, just so that things display right.
         my $has_votes = $dbh->selectrow_array('SELECT vote_count FROM votes 
                                                WHERE bug_id = ? AND who = ?',
-                                               undef, ($bug_id, $who));
+                                               undef, ($bug_id, $who->id));
         if (!$has_votes) {
             $dbh->do('INSERT INTO votes (who, bug_id, vote_count) 
-                      VALUES (?, ?, 0)', undef, ($who, $bug_id));
+                      VALUES (?, ?, 0)', undef, ($who->id, $bug_id));
         }
     }
 
@@ -168,7 +170,7 @@ sub show_user {
                                        WHERE votes.who = ?
                                          AND bugs.product_id = ?
                                     ORDER BY votes.bug_id',
-                                      undef, ($who, $product->id));
+                                      undef, ($who->id, $product->id));
 
         foreach (@$vote_list) {
             my ($id, $count, $summary) = @$_;
@@ -206,7 +208,7 @@ sub show_user {
     $dbh->bz_commit_transaction();
 
     $vars->{'canedit'} = $canedit;
-    $vars->{'voting_user'} = { "login" => $name };
+    $vars->{'voting_user'} = { "login" => $who->name };
     $vars->{'products'} = \@products;
     $vars->{'bug_id'} = $bug_id;
     $vars->{'all_bug_ids'} = \@all_bug_ids;