#9900 closed defect (duplicate)
Email address entered in the preferences/general dialog is not validated
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | web frontend | Version: | 0.13dev |
| Severity: | normal | Keywords: | |
| Cc: | carsten.klein@…, Thijs Triemstra | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
This allows users to enter arbitrary email addresses, which, upon enabling notification will cause the MTA to fail upon the invalid email addresses.
This might have an impact on both the logs of the MTA and also on overall system performance in a high load environment.
The attached patch addresses this issue by introducing a new trac.util.validation module currently only providing for rudimentary email address validation based upon email.util.parseaddr and some common sense assertions about emails.
In addition it modifies the trac.prefs.web_ui module so that it will validate the email address prior saving it in the session, adding two more strings to the language files, namely "Invalid email address." and "Your preferences could not be saved."
Attachments (1)
Change History (8)
by , 13 years ago
| Attachment: | email_validation_patch.diff added |
|---|
comment:1 by , 13 years ago
I have not updated trac/locale/*/LC_MESSAGES/message.po. Feel free to add them if you accept this patch.
comment:3 by , 13 years ago
The problem with email field verification is that depending on TracIni [notification] settings (such as smtp_default_domain and use_short_addr), a complete & validated email may not be required. And, ini settings and settings for each user may change over time so that previously valid adresses may become invalid (and vice versa).
I'm not sure about the value of doing a "sort-of-usually-works" solution.
comment:4 by , 13 years ago
I agree with osimons. Either we should do a complete, functional validation (i.e. send a validation e-mail, wait for the user to click on a link contained in the e-mail, and only then, modify the stored e-mail address), or no validation at all. The only way to know if the MTA will accept a given address is to send an e-mail to that address.
Of course, in this case, validation should be optional.
follow-up: 7 comment:6 by , 13 years ago
| Cc: | added |
|---|---|
| Description: | modified (diff) |
| Resolution: | → duplicate |
| Status: | new → closed |
This looks like a duplicate of #4286. Please reopen if it isnt..
comment:7 by , 13 years ago
Replying to thijstriemstra:
This looks like a duplicate of #4286. Please reopen if it isnt..
It is :D
I will move the link to the proposal page to over there.
Patch addressing the issue