Inadvertent dislosure of email address via signup

Subscribing - sounds like an excellent idea

Strictly speaking, I agree that the issue is correct. I just think that the disclosure of user email is implicitly expected from both user and the node owner. This is just useful feature of the signup module. Otherwise it would not be that useful...

A module that works as expected by default is better than one that has clever settings that allow to unbreak it.

The other thing is about drupal policy. It is not an argument because Signup is not a core module. And as such does not have to follow all the texts of core.

Another idea - maybe the module could show the emails to the owners that anyway have the right to see peoples emails?

Moshe, can you clarify what you're talking about? You mean the text of the email notification sent to the event owner? Otherwise, all the signup info is pretty well protected by the existing permissions, no?

Ok, it's in the body of the email -- I see that much, and I agree that's not ideal (except in cases of anonymous signups, where that's all we know about them). It should really just be a link to their account page or something (although it's complicated by the fact that these emails can be sent anywhere the event author wants, including to people who don't have perms to view user profile pages, etc). I guess a link to an "access denied" page is better than info disclosure right in the body of the email.

Anyway, I'll figure something out and get this in before the 5.x-2.5 release -- this *is* a real bug.

So, what's the right way to fix this?

A) Change the hard-coded body of the email to include a link to the profile page instead of an email address?

B) Make the format of this email message a site-wide signup setting, and use tokens? (See also #285626: Integration with the Token module).

Thoughts?

The more I think about this, the more I think admins should be able to lock down this feature. See #118794: Using Event author for "send signups to" address for more about that.

Meanwhile, here's a quick/dirty patch to print a link to the user's profile page if they've got an account, and their email if they're anon (since that's all we've got). Untested.

Tested. Thanks dww.

Committed to HEAD and backported to DRUAPL-5. If anyone can test 5.x-1.x-dev, that'd be swell. ;) Thanks.