Ticket #5196 (closed Bug: fixed)
None of the user administration forms should use e-mail addresses when identifying users
|Reported by:||limi||Owned by:|
Currently found in the following forms:
These forms seem to be accessible to logged-in users, and expose the email addresses of the users you search for. They should hide the mail address where it is not relevant (localrole form) and protect it with a permission if this isn't done already in the user management.