Ticket #5196 (closed Bug: fixed)

Opened 10 years ago

Last modified 10 years ago

None of the user administration forms should use e-mail addresses when identifying users

Reported by: limi Owned by:
Priority: major Milestone: 2.1.3
Component: Users/Groups Version:
Keywords: Cc:


Currently found in the following forms:

  • folder_localrole_form

  • prefs_users_overview

These forms seem to be accessible to logged-in users, and expose the email addresses of the users you search for. They should hide the mail address where it is not relevant (localrole form) and protect it with a permission if this isn't done already in the user management.

Change History

comment:1 Changed 10 years ago by limi

  • Status changed from new to closed
  • Resolution set to fixed

(In [9043]) The Sharing page was showing mail addresses to easier be able to discern between users with similar user names; now it uses full name instead. This closes #5196

comment:2 Changed 10 years ago by limi

(In [9074]) Made the file_view link directly to the file. This closes #5196

comment:3 Changed 10 years ago by hannosch

  • Milestone changed from 2.1.x to 2.1.3
Note: See TracTickets for help on using tickets.