URGENT: "Hide Email Address" account option does not work
I confirm that this is an issue with aurweb's code and not a user-uploaded package.
I have described the bug in complete detail in the Description section.
I have specified steps in the Reproduction section.
I have included any logs related to the bug in the Logs section.
I have included the versions which are affected in the Version(s) section.
When an AUR user sets the "Hide Email Address" account option, their email address remains public to all registered AUR users. I believe this is a major privacy issue and requires immediate attention.
- Alice and Bob are unprivileged AUR users
- Alice unsets "Hide Email Address" in https://aur.archlinux.org/account/Alice/edit
- Bob verifies that Alice's email is visible in https://aur.archlinux.org/account/Alice
- Alice sets "Hide Email Address" in https://aur.archlinux.org/account/Alice/edit
- Bob refreshes https://aur.archlinux.org/account/Alice and expects the email to be hidden, but it is still shown
v6.0.25 (latest at the time of writing)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information