Email address entered in the preferences/general dialog is not validated
|Reported by:||Owned by:|
|Cc:||carsten.klein@…, Thijs Triemstra|
Description (last modified by )
This allows users to enter arbitrary email addresses, which, upon enabling notification will cause the MTA to fail upon the invalid email addresses.
This might have an impact on both the logs of the MTA and also on overall system performance in a high load environment.
The attached patch addresses this issue by introducing a new trac.util.validation module currently only providing for rudimentary email address validation based upon email.util.parseaddr and some common sense assertions about emails.
In addition it modifies the trac.prefs.web_ui module so that it will validate the email address prior saving it in the session, adding two more strings to the language files, namely "Invalid email address." and "Your preferences could not be saved."
Change History (8)
comment:6 follow-up: 7 Changed 7 years ago by
|Status:||new → closed|