Opened 17 years ago
Closed 17 years ago
#6748 closed defect (fixed)
Some missing e-mail obfuscation in reports and query
Reported by: | osimons | Owned by: | osimons |
---|---|---|---|
Priority: | normal | Milestone: | 0.11 |
Component: | ticket system | Version: | devel |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Following on from #153.
In query: If owner is an e-mail, it gets correctly obfuscated in the table. However, if you group by owner, the e-mail is displayed in full.
In reports: Testing the standard reports, I can't see that owner gets obfuscated at all?
Attachments (0)
Change History (4)
comment:1 by , 17 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 17 years ago
Onto reports. By it's nature it makes assertion of specific field names quite uncertain as it is all up to the query and how it is formed. Only for default queries can we be (quite) certain.
Un-noticed by me the first time, we already obfuscate 'cc' and 'reporter' fields. The following patch adds 'owner' to that list, but in reports 'group by' is implemented as field __group__
( for instance owner as __group__
) so when it arrives it is next to impossible without parsing the query to actually know what field it represents. My patch simply checks them all for email, and hopefully with the help of #6609 it may be quite accurate? We don't know if the field will be one word or several, or how the content is actually made up, but as far as I can see it is the best we can do.
-
trac/ticket/report.py
345 345 # Detect and create new group 346 346 if col == '__group__' and value != prev_group_value: 347 347 prev_group_value = value 348 row_groups.append((value, [])) 348 # Brute force handling of email in group by header 349 row_groups.append( 350 (Chrome(self.env).format_author(req, value), []) ) 349 351 # Other row properties 350 352 row['__idx__'] = row_idx 351 353 if col in ('__style__', '__color__', … … 355 357 row['id'] = value 356 358 # Special casing based on column name 357 359 col = col.strip('_') 358 if col in ('reporter', 'cc' ):360 if col in ('reporter', 'cc', 'owner'): 359 361 email_cells.append(cell) 360 362 elif col == 'realm': 361 363 realm = value
I haven't committed yet due to the 'brute' approach. Is it good enough?
comment:3 by , 17 years ago
Another approach would be to make the obfuscation explicit, by introducing another keyword (e.g. __email_group__
). But that may be overkill and I think why you did is OK.
comment:4 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Query and Reports patches committed as [6499:6500], and that should be it for this ticket. Closing.
Fix for the query committed as [6499].
I'll look into the reports now.