[ mailman-Bugs-1498213 ] bad email sanitisation issue

SourceForge.net noreply at sourceforge.net
Thu Jun 1 06:39:42 CEST 2006


Bugs item #1498213, was opened at 2006-05-31 06:26
Message generated for change (Comment added) made by msapiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1498213&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: kangoo (kangbooboo)
Assigned to: Nobody/Anonymous (nobody)
Summary: bad email sanitisation issue

Initial Comment:
hi, we're using 2.1.5 and when someone added an email
address with quotes (") we got errors a bit everywhere
and mails not getting sent ^^

I looked into changelog up to 2.1.8 which is current
stable and this looks closely to bug #1030228, but
different character.

I would suggest adding the quote character to the
filter (ascii 042)
Or better, rewritte the filter but the reverse way.
only allow [a-zA-Z0-9\-\_\.\+] for email addresses ?
(i made this up from memory but email addresses cannot
contain much more ? maybe im saying something stupid here)



----------------------------------------------------------------------

>Comment By: Mark Sapiro (msapiro)
Date: 2006-05-31 21:39

Message:
Logged In: YES 
user_id=1123998

First of all, local-parts of email addresses are allowed to
be quoted per RFC2821 sec 4.1.2, but more importantly, can
you be more specific as to
1) the form of the address with " that caused problems
2) how it was added if not via the web interface
3) what specific errors/problems result

I note that I am able to add an address of the form

Real Name <"user at example.com">

via Mass Subscribe, and the resultant address receives mail
just as if it weren't quoted.

----------------------------------------------------------------------

Comment By: kangoo (kangbooboo)
Date: 2006-05-31 06:36

Message:
Logged In: YES 
user_id=671502

i forgot to say this is done when you're not using the web
interface to input the email+name (else name or mail with
quotes gets rejected  as unknown)


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1498213&group_id=103


More information about the Mailman-coders mailing list