Opened on 05/21/2014 at 07:25:51 PM
Closed on 05/23/2014 at 01:28:54 PM
Last modified on 05/23/2014 at 06:46:22 PM
#535 closed defect (fixed)
Contact form cannot deal with commas in sender's name
Reported by: | trev | Assignee: | |
---|---|---|---|
Priority: | P1 | Milestone: | |
Module: | Infrastructure | Keywords: | |
Cc: | philll | Blocked By: | |
Blocking: | Platform: | ||
Ready: | yes | Confidential: | no |
Tester: | Verified working: | yes | |
Review URL(s): |
Description
How to reproduce
- Go to https://eyeo.com/en/contact (backend for the form is sitescripts.formmail.web.formmail module).
- Fill out the form, use a comma in your name.
Observed behaviour
The comma is interpreted as a separator between multiple names, the mail generated has two senders.
Expected behaviour
The comma is escaped in some way.
Attachments (0)
Change History (5)
comment:1 Changed on 05/21/2014 at 07:34:48 PM by trev
- Priority changed from P3 to P1
- Sensitive set
comment:2 Changed on 05/22/2014 at 02:45:56 PM by philll
- Cc philll added
comment:3 Changed on 05/23/2014 at 01:28:54 PM by trev
- Resolution set to fixed
- Review URL(s) modified (diff)
- Status changed from new to closed
comment:4 Changed on 05/23/2014 at 01:37:05 PM by trev
comment:5 Changed on 05/23/2014 at 06:46:22 PM by trev
- Sensitive unset
- Verified working set
Note: See
TracTickets for help on using
tickets.
Raising priority and marking as confidential - this seems to be a security issue, email.header escaping essentially doesn't do anything.