Modify ↓
#14346 closed defect (fixed)
Notification email contains CC addresses in clear
| Reported by: | bmispelon | Owned by: | Jun Omae |
|---|---|---|---|
| Priority: | normal | Component: | TracHtmlNotificationPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: |
Description
My site is configured so that email addresses are obfuscated for non-admin users (EMAIL_VIEW permission).
However, when using the HTML notification plugin the full CC field is displayed in the email, with no obfuscation.
This happens because the plugin passes a MockPerm to the ticket module.
I'm attaching a patch that fixes this by using a proper PermissionCache object instead of MockPerm.
Attachments (2)
Change History (6)
Changed 3 months ago by
| Attachment: | use_permission_cache.diff added |
|---|
comment:1 Changed 3 months ago by
| Status: | new → accepted |
|---|
Changed 3 months ago by
| Attachment: | use_permission_cache_with_tests.diff added |
|---|
Same patch but with a test (and fixes for the test suite to run under python3 + trac 1.6)
comment:2 follow-up: 4 Changed 3 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Fixed in [18646] (manually comment because hooks/post-commit failed to start...).
comment:4 Changed 3 months ago by
Note: See
TracTickets for help on using
tickets.
Good catch. The patch seems likely to be good.