Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#535 closed defect (fixed)

Contact form cannot deal with commas in sender's name

Reported by: trev Assignee:
Priority: P1 Milestone:
Module: Infrastructure Keywords:
Cc: philll Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: yes
Review URL(s):

https://hg.adblockplus.org/sitescripts/rev/ca9801d5e25f

Description

How to reproduce

  1. Go to https://eyeo.com/en/contact (backend for the form is sitescripts.formmail.web.formmail module).
  2. Fill out the form, use a comma in your name.

Observed behaviour

The comma is interpreted as a separator between multiple names, the mail generated has two senders.

Expected behaviour

The comma is escaped in some way.

Change History (5)

comment:1 Changed 5 years ago by trev

  • Priority changed from P3 to P1
  • Sensitive set

Raising priority and marking as confidential - this seems to be a security issue, email.header escaping essentially doesn't do anything.

comment:2 Changed 5 years ago by philll

  • Cc philll added

comment:3 Changed 5 years ago by trev

  • Resolution set to fixed
  • Review URL(s) modified (diff)
  • Status changed from new to closed

comment:5 Changed 5 years ago by trev

  • Sensitive unset
  • Verified working set
Note: See TracTickets for help on using tickets.