Edgewall Software

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#9900 closed defect (duplicate)

Email address entered in the preferences/general dialog is not validated

Reported by: Carsten Klein <carsten.klein@…> Owned by:
Priority: normal Milestone:
Component: web frontend Version: 0.13dev
Severity: normal Keywords:
Cc: carsten.klein@…, Thijs Triemstra Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Thijs Triemstra)

This allows users to enter arbitrary email addresses, which, upon enabling notification will cause the MTA to fail upon the invalid email addresses.

This might have an impact on both the logs of the MTA and also on overall system performance in a high load environment.

The attached patch addresses this issue by introducing a new trac.util.validation module currently only providing for rudimentary email address validation based upon email.util.parseaddr and some common sense assertions about emails.

In addition it modifies the trac.prefs.web_ui module so that it will validate the email address prior saving it in the session, adding two more strings to the language files, namely "Invalid email address." and "Your preferences could not be saved."

Attachments (1)

email_validation_patch.diff (2.7 KB ) - added by Carsten Klein <carsten.klein@…> 11 years ago.
Patch addressing the issue

Download all attachments as: .zip

Change History (8)

by Carsten Klein <carsten.klein@…>, 11 years ago

Attachment: email_validation_patch.diff added

Patch addressing the issue

comment:1 by Carsten Klein <carsten.klein@…>, 11 years ago

I have not updated trac/locale/*/LC_MESSAGES/message.po. Feel free to add them if you accept this patch.

comment:2 by Carsten Klein <carsten.klein@…>, 11 years ago

Please note that this is a preliminary to fixing issue/cr #8637.

comment:3 by osimons, 11 years ago

The problem with email field verification is that depending on TracIni [notification] settings (such as smtp_default_domain and use_short_addr), a complete & validated email may not be required. And, ini settings and settings for each user may change over time so that previously valid adresses may become invalid (and vice versa).

I'm not sure about the value of doing a "sort-of-usually-works" solution.

comment:4 by Remy Blank, 11 years ago

I agree with osimons. Either we should do a complete, functional validation (i.e. send a validation e-mail, wait for the user to click on a link contained in the e-mail, and only then, modify the stored e-mail address), or no validation at all. The only way to know if the MTA will accept a given address is to send an e-mail to that address.

Of course, in this case, validation should be optional.

comment:5 by Carsten Klein <carsten.klein@…>, 11 years ago

comment:6 by Thijs Triemstra, 11 years ago

Cc: Thijs Triemstra added
Description: modified (diff)
Resolution: duplicate
Status: newclosed

This looks like a duplicate of #4286. Please reopen if it isnt..

in reply to:  6 comment:7 by Carsten Klein <carsten.klein@…>, 11 years ago

Replying to thijstriemstra:

This looks like a duplicate of #4286. Please reopen if it isnt..

It is :D

I will move the link to the proposal page to over there.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.