Opened on 05/21/2014 at 07:25:51 PM

Closed on 05/23/2014 at 01:28:54 PM

Last modified on 05/23/2014 at 06:46:22 PM

#535 closed defect (fixed)

Contact form cannot deal with commas in sender's name

Reported by: trev Assignee:
Priority: P1 Milestone:
Module: Infrastructure Keywords:
Cc: philll Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: yes
Review URL(s):

https://hg.adblockplus.org/sitescripts/rev/ca9801d5e25f

Description

How to reproduce

  1. Go to https://eyeo.com/en/contact (backend for the form is sitescripts.formmail.web.formmail module).
  2. Fill out the form, use a comma in your name.

Observed behaviour

The comma is interpreted as a separator between multiple names, the mail generated has two senders.

Expected behaviour

The comma is escaped in some way.

Attachments (0)

Change History (5)

comment:1 Changed on 05/21/2014 at 07:34:48 PM by trev

  • Priority changed from P3 to P1
  • Sensitive set

Raising priority and marking as confidential - this seems to be a security issue, email.header escaping essentially doesn't do anything.

comment:2 Changed on 05/22/2014 at 02:45:56 PM by philll

  • Cc philll added

comment:3 Changed on 05/23/2014 at 01:28:54 PM by trev

  • Resolution set to fixed
  • Review URL(s) modified (diff)
  • Status changed from new to closed

comment:5 Changed on 05/23/2014 at 06:46:22 PM by trev

  • Sensitive unset
  • Verified working set

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none).
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.