Edgewall Software

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#9900 closed defect (duplicate)

Email address entered in the preferences/general dialog is not validated

Reported by: Carsten Klein <carsten.klein@…> Owned by:
Priority: normal Milestone:
Component: web frontend Version: 0.13dev
Severity: normal Keywords:
Cc: carsten.klein@…, Thijs Triemstra
Release Notes:
API Changes:

Description (last modified by Thijs Triemstra)

This allows users to enter arbitrary email addresses, which, upon enabling notification will cause the MTA to fail upon the invalid email addresses.

This might have an impact on both the logs of the MTA and also on overall system performance in a high load environment.

The attached patch addresses this issue by introducing a new trac.util.validation module currently only providing for rudimentary email address validation based upon email.util.parseaddr and some common sense assertions about emails.

In addition it modifies the trac.prefs.web_ui module so that it will validate the email address prior saving it in the session, adding two more strings to the language files, namely "Invalid email address." and "Your preferences could not be saved."

Attachments (1)

email_validation_patch.diff (2.7 KB ) - added by Carsten Klein <carsten.klein@…> 8 years ago.
Patch addressing the issue

Download all attachments as: .zip

Change History (8)

Changed 8 years ago by Carsten Klein <carsten.klein@…>

Attachment: email_validation_patch.diff added

Patch addressing the issue

comment:1 Changed 8 years ago by Carsten Klein <carsten.klein@…>

I have not updated trac/locale/*/LC_MESSAGES/message.po. Feel free to add them if you accept this patch.

comment:2 Changed 8 years ago by Carsten Klein <carsten.klein@…>

Please note that this is a preliminary to fixing issue/cr #8637.

comment:3 Changed 8 years ago by osimons

The problem with email field verification is that depending on TracIni [notification] settings (such as smtp_default_domain and use_short_addr), a complete & validated email may not be required. And, ini settings and settings for each user may change over time so that previously valid adresses may become invalid (and vice versa).

I'm not sure about the value of doing a "sort-of-usually-works" solution.

comment:4 Changed 8 years ago by Remy Blank

I agree with osimons. Either we should do a complete, functional validation (i.e. send a validation e-mail, wait for the user to click on a link contained in the e-mail, and only then, modify the stored e-mail address), or no validation at all. The only way to know if the MTA will accept a given address is to send an e-mail to that address.

Of course, in this case, validation should be optional.

comment:5 Changed 8 years ago by Carsten Klein <carsten.klein@…>

comment:6 Changed 8 years ago by Thijs Triemstra

Cc: Thijs Triemstra added
Description: modified (diff)
Resolution: duplicate
Status: newclosed

This looks like a duplicate of #4286. Please reopen if it isnt..

comment:7 in reply to:  6 Changed 8 years ago by Carsten Klein <carsten.klein@…>

Replying to thijstriemstra:

This looks like a duplicate of #4286. Please reopen if it isnt..

It is :D

I will move the link to the proposal page to over there.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The ticket will remain with no owner.
The resolution will be deleted.
to The owner will be changed from (none) to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.