E-mail obfuscation again - Replying to ticket comments

[osimons]

When replying to ticket comments, even though the user does not have e-mail view permission, the e-mail of the user/session will be available in comment-link header of the text copied as >.

[osimons]

Like #6532 the content becomes part of the content itself for viewing and notification, and it cannot really depend on the permissions of the user making the change. As we don't obfuscate labels in links, the actual e-mail will be available for all to see.

Easy solution is simply doing obfuscation as default behaviour in all cases:

trac/ticket/web_ui.py

@@ -1124 +1124 @@
         def quote_original(author, original, link):
             if 'comment' not in req.args: # i.e. the comment was not yet edited
                 data['comment'] = '\n'.join(
-                    ['Replying to [%s %s]:' % (link, author)] +
+                    ['Replying to [%s %s]:' % (link,
+                                        obfuscate_email_address(author))] +
                     ['> %s' % line for line in original.splitlines()] + [''])
 
         if replyto == 'description':

The other option would be to make the obfuscation conditional on permission, but in addition obfuscate all link labels in the wiki formatter used by all parts of Trac for rendering of wiki markup. This will be more complex, and will of course still leave pre-obfuscated labels anyway for all those that reply without permission.

The cleanest would be to always obfuscate the auto-generated label. It is just a label, and to make it even simpler we could also drop the author and just do like Replying to [comment:14]:.

Comments or better suggestions?

[Christian Boos]

I'm OK with the proposed change. Only having "replying to <num>" would go too far, IMO.

[anonymous]

Oki. Committed to 0.11-stable in [7366] and merged to trunk in [7367].