fixed privacy leak in castvote view with aliased voters

helios/templates/castvote.html

@@ -6,10 +6,10 @@
 cast in <a href="{% url helios.views.one_election_view election.uuid %}">{{election.name}}</a><br />
 Fingerprint: <tt>{{cast_vote.vote_hash}}</tt><br />
 by <b><u>
-{% if voter.alias %}
-{{voter.alias}}
+{% if the_voter.alias %}
+{{the_voter.alias}}
 {% else %}
-{{voter.name}}
+{{the_voter.name}}
 {% endif %}
 </u></b>
 <br /><br />

helios/views.py

@@ -175,7 +175,7 @@ def election_vote_shortcut(request, election_short_name):
 
 @election_view()
 def _castvote_shortcut_by_election(request, election, cast_vote):
-  return render_template(request, 'castvote', {'cast_vote' : cast_vote, 'vote_content': cast_vote.vote.toJSON(), 'voter': cast_vote.voter, 'election': election})
+  return render_template(request, 'castvote', {'cast_vote' : cast_vote, 'vote_content': cast_vote.vote.toJSON(), 'the_voter': cast_vote.voter, 'election': election})
   
 def castvote_shortcut(request, vote_tinyhash):
   try:

server_ui/templates/base.html

@@ -50,7 +50,7 @@ logged in as {{user.display_html_small|safe}}
 [<a href="{% url auth.views.logout %}?return_url={{CURRENT_URL}}">logout</a>]<br />
 {% else %}
 {% if voter %}
-You are signed in as voter <u>{{voter.name}}</u> in election <u>{{voter.election.name}}</u>. [<a href="{{settings.SECURE_URL_HOST}}{% url auth.views.logout %}?return_url={{CURRENT_URL}}">sign out</a>]
+You are signed in as voter <u>{% if voter.alias %}{{voter.alias}}{% else %}{{voter.name}}{% endif %}</u> in election <u>{{voter.election.name}}</u>. [<a href="{{settings.SECURE_URL_HOST}}{% url auth.views.logout %}?return_url={{CURRENT_URL}}">sign out</a>]
 {% else %}
 not logged in. [<a href="{{settings.SECURE_URL_HOST}}{% url auth.views.index %}?return_url={{CURRENT_URL}}">log in</a>]
 {% endif %}